I was under the impression that for any generic symmetric cipher, Grover's algorithm would halve the strength in bit, for example a 128 bit key would be as weak against Quantum computers as a current 64 bit key against normal computers.
This is only approximately true. It's more of a rule of thumb than a final answer. AES-128 is currently believed safe against Grover's. See the conclusion (section 6) in this excellent paper:
https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-standardization-conference/documents/papers/on-practical-cost-of-grover.pdf _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
