Re: State of Post Quantum Cryptography?

On 06/05/2024 15:53 Jakob Bohm <jb-usenet@wisemo.invalid> wrote:

On 2024-05-02 10:20, The Running Man wrote:

What is you guys take on PQC (Post Quantum Cryptography) algorithms? I know the NIST has held a contest and that there are winners, but do you guys think they're safe to use?
>
I fear they may be broken in the future thereby destroying the security and privacy of millions of unsuspecting users. Current cryptographic algorithms are known to be safe and will be for at least the coming decades. OTOH these new PQC ciphers hold the promise of eternal confidentiality which current ciphers cannot guarantee.

 
If any bad actor has a quantum computer with just a few more Qubits
than the ones demonstrated in public, they can break most current public
key algorithms using known attack algorithms written a long time ago for
such (then hypothetical) computers.  They can also break symmetric
encryption at the same difficulty as if the key length was half as many
bits (thus AES 128 would be as weak as IDEA, AES 256 as weak as AES
128).
 

Define: "a few more qubits." I've read that maybe up to a million qubits are needed to compensate for the errors and noise to be able to break current asymmetric encryption algorithms. Symmetric algorithms aren't vulnerable in any case since quantum algorithms only halve the number of bits of security (i.e. 256 bits becomes 128 bits which cannot be broken).