Understanding AES-128 and Its Role in Modern Encryption
As concerns grow about the potential impact of quantum computing on encryption, cryptography engineer Filippo Valsorda has addressed a persistent misconception: AES-128 remains secure in a post-quantum landscape.
AES-128 is the most commonly deployed variant of the Advanced Encryption Standard (AES), a block cipher suite formally standardized by the National Institute of Standards and Technology (NIST) in 2001. While AES supports key sizes of 192 and 256 bits, AES-128 was widely adopted due to its balance between computational efficiency and robust security.
Why AES-128 Has Withstood 30 Years of Scrutiny
Over three decades, no vulnerabilities have been discovered in AES-128. The only feasible attack method remains a brute-force approach, which would require attempting all possible key combinations. With 2128 (3.4 × 1038) possible keys, such an attack would take approximately 9 billion years to execute, even if leveraging the entire Bitcoin mining network’s computational power projected for 2026.
The Quantum Computing Myth and Grover’s Algorithm
In recent years, a persistent claim has emerged: a cryptographically relevant quantum computer (CRQC) could render AES-128 obsolete by halving its effective key strength to 264. This claim stems from a misapplication of Grover’s algorithm, which theoretically reduces the search space for brute-force attacks.
However, this scenario relies on flawed assumptions. A CRQC would not simply parallelize brute-force attacks in the way conventional computers do. Quantum computers operate under fundamentally different principles, and their ability to process Bitcoin mining workloads—or any highly parallelizable task—is highly constrained by quantum decoherence and error rates. Thus, the notion that AES-128 could be broken in seconds via quantum brute force is unfounded.
Key Takeaways on AES-128’s Post-Quantum Security
- AES-128 remains secure against known attacks, including those leveraging quantum computing.
- Grover’s algorithm does not pose a practical threat to AES-128’s 128-bit key strength.
- Brute-force resistance is unmatched, requiring astronomical computational resources to breach.
- Misconceptions about quantum parallelization overlook fundamental limitations of quantum hardware.
Related articles
Fired IT Workers Accidentally Record Own Database Sabotage via Active Teams Call
Perhaps you remember Muneeb and Sohaib Akhter, the 34-year-old twin brothers we profiled earlier this week. Although they had the tech chops to commit...
Windows 11 BitLocker Bypassed by Zero-Day Exploit 'YellowKey' in Seconds
A zero-day exploit circulating online allows people with physical access to a Windows 11 system to bypass default BitLocker protections and gain compl...
Esports World Cup Relocates from Riyadh to Paris Amid Middle East Uncertainty
Uncertainty in the Middle East is apparently forcing the location change.
OpenAI Confirms No User Data Accessed in ChatGPT Mac App Security Breach
OpenAI found no evidence that user data was accessed.
Google to Limit New Accounts to 5GB Free Storage Without Phone Verification
Previously, you got 15GB whether you added a number or not.
Windows Update to Automatically Roll Back Faulty Drivers Soon
The company is also trying to prevent driver problems before they happen with a new initiative.
Apple Supports Google Against EU’s Android AI Mandate, Citing Privacy Risks
The company agrees with Google that it would put European users' privacy and safety at risk.
Senate Revival of Crypto Clarity Act Sparks Banking Industry Opposition
Hello and welcome to Regulator, the newsletter for Verge subscribers that goes into tech shenanigans that take place in the backrooms of Washington. R...