The Advanced Encryption Standard (AES) is a widely used symmetric encryption algorithm that is considered secure against attacks from classical computers. However, when it comes to quantum computers, AES is vulnerable to a specific type of attack called Grover's algorithm.
Grover's algorithm is a quantum algorithm that can efficiently search through an unsorted database, providing a quadratic speedup compared to classical algorithms. In the context of AES, Grover's algorithm can potentially reduce the effective key size of AES by half. For example, a quantum computer using Grover's algorithm could break a 128-bit AES key with the same effort it takes a classical computer to break a 256-bit AES key.
This means that if AES-128 is used, a quantum computer could, in theory, break the encryption with a practical amount of computational resources. To maintain an equivalent level of security against attacks from quantum computers, longer AES key lengths, such as AES-256, would need to be used.
It's important to note that while quantum computers have made significant progress in recent years, large-scale, error-corrected, fault-tolerant quantum computers that can effectively run Grover's algorithm and threaten AES are still in the realm of active research and development. The exact timeline for the realization of such quantum computers is uncertain.
To address the potential threat of quantum computers to encryption algorithms like AES, the field of post-quantum cryptography (PQC) is actively exploring and developing encryption algorithms that are resistant to attacks from quantum computers. PQC algorithms aim to provide security even in the presence of large-scale quantum computers. The National Institute of Standards and Technology (NIST) is currently evaluating various PQC candidates and standards to ensure a smooth transition to post-quantum cryptographic systems when quantum computers become a more realistic threat.
In summary, AES-128 is vulnerable to attacks from quantum computers using Grover's algorithm, but longer key lengths, such as AES-256, provide a level of security that is resistant to such attacks. To prepare for the future threat of quantum computers, research into post-quantum cryptography is ongoing to develop encryption algorithms that are secure against quantum attacks.