Analysis: 128-bit symmetric encryption remains secure; quantum computing primarily threatens asymmetric cryptographic systems

Odaily News Cryptography engineer Filippo Valsorda wrote an article pointing out that the impact of quantum computing on current cryptographic systems is mainly concentrated on asymmetric algorithms (such as ECDSA, RSA, etc.), while its effect on symmetric encryption (like AES, SHA series) is limited. Grover's algorithm does not significantly weaken the security of 128-bit keys in practical scenarios.

Although Grover's algorithm can theoretically accelerate brute-force attacks, it is difficult to parallelize, making the actual attack cost extremely high. Even under ideal quantum computing conditions, the resources required to break AES-128 are far greater than the cost of using Shor's algorithm to attack elliptic curve encryption.

Furthermore, standards bodies including the National Institute of Standards and Technology (NIST) unanimously agree that AES-128 still meets post-quantum security requirements and does not need to be upgraded to 256-bit keys. Industry views suggest that focusing resources on replacing asymmetric encryption schemes vulnerable to quantum attacks is a more urgent task at present.