LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

How do quantum computers affect the security of block ciphers compared to asymmetric algorithms?

Quantum computers reduce block cipher brute-force from $2^n$ to $2^{n/2}$ (Grover's algorithm), which is serious but manageable — just double the key size. Asymmetric crypto is much harder hit.

Quantum vs classical attacks on AES-128

* Effective security of AES-128 under each attack — the theoretical classical TMTO (2⁴³) is even stronger than Grover (2⁶⁴). *

Impact comparison:

Attack Type Classical Quantum
Brute Force on AES-128 $2^{128}$ $2^{64}$ (Grover)
Merkle-Hellman TMTO ($k^{2/3}$) $2^{85}$
Merkle-Hellman ($k^{1/3}$) $2^{43}$

Grover's algorithm effectively halves the key length: AES-128 becomes 64-bit security under quantum attack → no longer sufficient.

Solution: Use AES-256, which provides $2^{128}$ security even against quantum computers — still perfectly safe.

Asymmetric crypto is in worse shape:

  • Shor's algorithm breaks RSA, DH, and ECC completely (polynomial time)
  • This is why post-quantum cryptography (new algorithms resistant to quantum attacks) is being developed
  • Block ciphers are much more resilient against quantum computers than asymmetric schemes

Key takeaway: Block ciphers are relatively quantum-resistant — just double the key size. Asymmetric crypto needs entirely new algorithms.

Go deeper:

From Quiz: KRYPTOG / Cryptanalysis | Updated: Jul 14, 2026