On Thu, 2007-01-18 at 11:18 -0600, Bruno Wolff III wrote: > On Thu, Jan 18, 2007 at 07:58:19 -0600, > Marc Schwartz <marc_schwartz@xxxxxxxxxxx> wrote: > > > > If that was reality, then all bets are off, because quantum computers > > would be reasonably expected to render all current and generally > > available cryptosystems useless. > > I don't believe that is true. I do believe that RSA public key systems > are toast under that assumption though. The basic premise of toasting RSA PKI systems would be the exponentially increased ability to factor very large numbers. This would involve Schor's approach. If one has access to such computational power and algorithms, it would similarly make brute force attacks on other algorithms subject to substantial reduction in time requirements by reducing the effective key space by a factor of two, I believe, presuming worst case scenarios of searching all possible keys. So, these days, certainly anything less than 256 bit keys (net 128 bits) would become susceptible to exhaustive key searches on such a platform. 128 bit keys would effectively become no stronger than 64 bit keys and so on. How many folks today are using symmetric key based systems with key lengths over 128 bits? I am. Bear in mind that when the USG announced that AES could be used to protect Top Secret information, they only approved it at 192 or 256 bit key lengths, not at 128. Of course, in all computations, we are presuming that all keys would actually have to be attempted. On average it would take a quantum computer time that is proportional to the square root of the size of the effective key space to identify the correct key. Food for thought. HTH, Marc Schwartz
