RSVP here for our first hackathon! Free prizes, the kickoff is 8 AM PST Jan 17th

Is AES-256 Quantum Resistant?

A learning path to your next coding job

  1. Join the Qvault community and share your career goals
  2. We'll help you find the knowledge gaps holding you back
  3. Complete recommended courses and projects
  4. Find your next opportunity with a newly polished resume

Our courses include but are not limited to

  • Golang, Python, JavaScript
  • Algorithms, data structures, cryptography
  • Graphics and functional programming

With quantum computers getting more powerful each year, many worry about the safety of modern encryption standards. As quantum computers improve in performance and the number of qubits used for calculations increases, current cryptosystems are under threat. AES-256 is one of the most powerful symmetric ciphers, but will it remain secure in a post-quantum world?

What will break post-quantum?

Many asymmetric encryption algorithms have been mathematically proven to be broken by quantum computers using Shor’s algorithm. Shor’s algorithm solves the following problem:

Given an integer N, find its prime factors.

number flow

Because algorithms like RSA rely heavily on the fact that normal computers can’t find prime factors quickly, they have remained secure for years. With quantum computers breaking that assumption, then it may be time to find new standards.

The following are examples of encryption that Shor’s algorithm can break:

Symmetric Encryption

Symmetric encryption, or more specifically AES-256, is believed to be quantum-resistant. That means that quantum computers are not expected to be able to reduce the attack time enough to be effective if the key sizes are large enough.

symmetric kittens
Symmetric Cats

Grover’s algorithm can reduce the brute force attack time to its square root. So for AES-128 the attack time becomes reduced to 2^64 (not very secure), while AES-256 becomes reduced to 2^128 which is still considered very secure.

A Caveat

It is important to remember that 256-bit keys derived from passwords actually can have less than 256-bits of entropy. If the owner of the key generated it from a weak password an attacker can try deriving keys from common passwords instead of trying random 256-bit numbers.

For example, instead of randomly trying

  1. azpV4CYbAwQUP4BaJJJNDBxEUkghMF8x2Sd4Q7ihD04=
  2. mtOXPNln432smP3pd3rVLw9rpGGkVsiqRhUFLXy/KBw=
  3. ..

An attacker could try the following:

  1. password123 –> 75K3eLr+dx6JJFuJ7LwIpEpOFmwGZZkRiB84PURz6U8=
  2. password1234 –> uclQZA4bN0DpisuT5mnGV2b2Zw3RYJupH/QQUrpIxvM=

If you are implementing AES in a cryptosystem in 2020 you should favor AES-256 over AES-128 for the quantum resistance and extra security that it offers.

Related Posts

Trying to find your next programming job?

If you are a self-taught developer having trouble finding your first programming job, we've got your back! We have the learning resources and tight-knit dev community that you need to land the coding job you've been looking for. To get started, create a free account and join our Discord community.

Have questions or feedback?

If we've made a mistake in the article, please let us know so we can get it corrected!

7 thoughts on “Is AES-256 Quantum Resistant?”

  1. Not sure I like the “password” example in the description, only because passphrases should use a 1-way hash with a salt. Similarly, AES should use a unique random IV for every encrypted value/stream

    • Hey Michael, I didn’t go into all the details in the article, but I was trying to explain that passwords are converted into 256 bit keys before ciphering. This is, as you stated, is done through a hash function and the use of a salt. Qvault for example uses the scrypt hash and a random salt. Our AES implementation also uses a unique IV for each encryption. I left out those details because the focus was on quantum computing for this article but hopefully these comments help some people!

  2. Does your website have a contact page? I’m having trouble locating it but, I’d
    like to shoot you an e-mail. I’ve got some suggestions for your blog you might be interested
    in hearing. Either way, great site and I look forward to seeing
    it improve over time.

    • It doesn’t, it just has a couple links at the bottom of the page right now. We should probably add some soon though… I’ll email you personally for now.

Comments are closed.