PostQuantum.com. Link to the post: https://postquantum.com/post-quantum/grover-algorithm-aes-dead/

Summary

Conventional wisdom says Grover will not threaten AES-128 any time soon, and under today’s surface code and superconducting assumptions that math largely holds. But focusing on Grover and RSA-centric milestones obscures a more immediate problem for crypto systems like Bitcoin. Much coverage cites qubit counts for cracking RSA-2048, then concludes Bitcoin is safe. That benchmark is simply irrelevant to Bitcoin’s actual cryptography.

Bitcoin does not use RSA. It relies almost entirely on ECDSA over secp256k1. Classically, a 256-bit curve gives about 128 bits of security, comparable to RSA-3072, because Pollard’s rho is O(2^128) while GNFS for RSA is sub-exponential. Under quantum attack the picture inverts. Breaking ECC-256 via Shor requires dramatically fewer resources than factoring RSA-2048, so RSA timelines systematically overstate Bitcoin’s safety margin.

The takeaway for security leaders is clear: model quantum risk for cryptocurrencies with ECC-breaking resource estimates, not RSA. If you are building roadmaps, reassess exposure windows and transition plans based on the right numbers, while tracking hardware and error-correction shifts that could move timelines faster than expected.

Read more

See the original article at: https://postquantum.com/post-quantum/grover-algorithm-aes-dead/

Popular Tags: