Do backups get pruned over time? Is there an expiration? I don't think folks want old lost-key backups sitting around forever for quantum to catch up, right?
"On the other hand, symmetric algorithms such as AES are believed to be immune to Shor. In most cases, the best-known quantum key recovery attack uses
Grover’s algorithm which provides a generic square-root speed-up over classical
exhaustion in terms of the number of queries to the symmetric algorithm. In other
words, Grover would recover the 256-bit key for AES-256 with around 2^128 quantum
queries to AES compared to around 2^256 classical queries for exhaustion.
"
blintz|5 months ago
FergusArgyll|5 months ago
"On the other hand, symmetric algorithms such as AES are believed to be immune to Shor. In most cases, the best-known quantum key recovery attack uses Grover’s algorithm which provides a generic square-root speed-up over classical exhaustion in terms of the number of queries to the symmetric algorithm. In other words, Grover would recover the 256-bit key for AES-256 with around 2^128 quantum queries to AES compared to around 2^256 classical queries for exhaustion. "
- https://csrc.nist.gov/csrc/media/Events/2024/fifth-pqc-stand...
</pedantry>
the paper itself concludes "the practical security impact of Grover with existing techniques on plausible near-term quantum hardware is limited."