QC is a potential threat for both symmetric and asymmetric cryptography, just 
the symmetric cryptography is threatened quite a bit more. And even asymmetric 
cryptography is important for QubesOS security because of update signatures.

Symmetric cryptography is threatened by Grover's algorithm. The algorithm can 
perform bruteforce search in N elements in O(sqrt(N)) time. In other words, it 
reduces O(2^n) time to O(2^(n/2)) time. What's great: There is some proof that 
this algorithm is optimal (probably under assumption that P≠NP). So, just using 
double-length keys should be sufficient. This could justify AES256 instead 
AES128. Doubling the key length could be an issue for password, but if you use 
a memory-intensive key derivation function, it might be infeasible to run it on 
quantum computers for some time.

Asymmetric crypto usually (always?) relies on problems that are believed to be 
easier than NP. Some of them (integer factorization and discrete logarithm 
problem) can be solved in polynomial time on QC (they belong to BQP class), 
which would be a real threat for cryptography like RSA and ECC. There are some 
“QC-proof” 
asymmetric schemes that are believed to be secure against QC. But those aren't 
widely used yet. It could be useful to use them together with some old schemes 
like RSA or ECC.

Regards,
Vít Šesták 'v6ak'

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/ba81205c-adfb-416a-8b70-27b01aa2b80c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to