> On Jul 18, 2018, at 10:55 AM, Scott Fluhrer (sfluhrer)
> <[email protected]> wrote:
>
> Answering to give some info about what we know about the likely capabilities
> of Quantum Computers.
>
>> -----Original Message-----
>> From: Tero Kivinen <[email protected]>
>> Sent: Tuesday, July 17, 2018 5:17 PM
>> To: Scott Fluhrer (sfluhrer) <[email protected]>
>> Cc: [email protected]
>> Subject: RE: [IPsec] Modp-12288 and Modp-16384
>>
>> Scott Fluhrer (sfluhrer) writes:
>>> If the requirement for AES-256 is to handle the scenario "someone gets
>>> a quantum computer", then in that scenario, there is no realistic DH
>>> group size that is secure.
>>
>> That we do not know until we know what those quantum computers can
>> really do... I have not seen anybody saying how many qbits you need to
>> break MODP-2048.
>
> It's about twice as many as you need to factor a 2048 bit composite; so about
> 4k (logical) qubits.
>
>> Most of the things I have seen talks about factoring RSA,
>> and even then they do not provide numbers.
>
> How about https://arxiv.org/abs/quant-ph/0205095 - to factor an n bit number,
> you can do it with circa 2n qubits.
That, times a factor for error correction. I've seen various opionions on how
large that factor is; one estimate was 100 if not higher. An interesting
question is whether coherence across half a million qubits is achievable.
paul
_______________________________________________
IPsec mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ipsec
