Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [quantum-computing]

A computation model which relies on quantum-mechanic phenomena, such as entanglement and superposition. This generalizes the probabilistic model of computation.

A computation model which relies on quantum-mechanic phenomena, such as entanglement and superposition. This generalizes the probabilistic model of computation.

47 questions
20
votes
1 answer

How does IBM's 53-bit quantum computer compare to classical ones for cryptanalytic tasks?

IBM just announced "a new 53-qubit quantum computer". How does it compare to classical computers, performance-wise, for cryptanalytic tasks? E.g. finding a 48- or 64-bit value whose SHA-256 has a certain value (edit: or factoring the product of two…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
17
votes
0 answers

Fewest qubits required for the discrete logarithm problem and integer factorization

According to a paper from 2002, the most efficient circuit to factor an $n$-bit integer requires $2n+3$ qubits and $O(n^{3}\lg(n))$ elementary quantum gates, assuming ideal qubits. Later on, according to a paper from 2008, it is shown that it…
forest
  • 15,626
  • 2
  • 49
  • 103
16
votes
2 answers

New paper claims quantum polylog time attack on AES

It is well known that Grover's algorithm can solve AES in $O(\sqrt{n})$ time, which is why symmetric key length needs to be double to maintain their security level in the face of a quantum adversary. A recent eprint paper claims there exists a…
lamba
  • 1,395
  • 8
  • 18
15
votes
3 answers

Can or can not D-Wave's quantum computers use Shor's and Grover's Algorithm to find encryption keys? Why?

I read that a company called D-Wave Systems has and is manufacturing quantum computers of 128 qubits. Can they or can they not use Shor's and Grover's algorithms for finding RSA-keys? If they can't then why not? And how come it was so hard for the…
user128226
  • 183
  • 1
  • 7
11
votes
2 answers

Can quantum computers put computer security in jeopardy?

There are many articles about quantum computers describing how powerful they are in computing and that they can solve very complicated equations in a short time. One of the biggest security measures that provide safety for computer security is that…
R1w
  • 1,960
  • 4
  • 23
  • 45
11
votes
4 answers

How will the world learn that Q-Day has arrived?

I wonder how the world will come to know that scalable, fully fault-tolerant quantum computers capable of running Shor's algorithm have arrived. The day when this happens has been referred to as "Q-Day". If this information gets out, especially if…
Mark S
  • 288
  • 2
  • 10
6
votes
3 answers

Can Quantum Computers crack RSA and AES?

Im trying to learn more about cryptography and ran into a post, Is AES-128 quantum safe?, which asks if AES-128 is safe. From the articles and replies it seems that AES-128 (symmetric key) is safe even with the advent of quantum computers (for now).…
cryptoman534345
  • 69
  • 1
  • 1
  • 3
6
votes
1 answer

How many qubits can break NIST P-521 ECC?

NIST P-521 has the longest key size for standardised ECC, which has 521 bits instead of 512. If a quantum computer is available, how many qubits can break P-521?
Flan1335
  • 381
  • 2
  • 6
5
votes
1 answer

Factoring 2048-bit integer with quantum computer?

In this paper, there is a statement in the abstract: Our construction uses $3n + 0.002n \log(n)$ logical qubits, $0.3n^3 + 0.0005n ^3\log(n)$ Toffolis, and $500n^2 +n^2 \log(n)$ measurement depth to factor n-bit RSA integers. The title of the…
NB_1907
  • 740
  • 4
  • 14
5
votes
1 answer

What are the misconceptions of IBM's CEO Arvind Krishna talk on the "Axios on HBO" about the quantum computing

IBM CEO Arvind made a talk in HBO's Axios program. It seems that there are misconceptions/misleading/flaws in reasoning etc. What are those! Some of the details of the speech is given as; IBM says its new Eagle processor can handle 127 qubits, a…
kelalaka
  • 49,797
  • 12
  • 123
  • 211
5
votes
1 answer

Logical Qubits vs Toffoli gates

Craig Gidney's recent preprint How to factor 2048 bit RSA integers with less than a million noisy qubits has this graph Figure 2: Pareto frontiers achieved by this paper for the Toffoli and logical qubit cost of factoring $n$ bit RSA integers, for…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
4
votes
1 answer

A question about performing quantum computations on uniform superpositions

Let us consider the following situation. Let $U_f$ be a gate computing $f$ mapping $\{0,1\}^n$ to $\{0,1\}^n$. That is, $U_f\left\vert x,0^n\right\rangle=\left\vert x,f(x)\right\rangle$. Let $\left\vert\phi\right\rangle$ be the uniform superposition…
Henry
  • 55
  • 3
4
votes
1 answer

Is Mega.nz encryption vulnerable to brute force cracking by quantum computers?

I am interested in Mega.nz cloud storage. It is using end-to-end encryption. It says that it uses AES-128 to encrypt files And there are more details in their white paper But I saw that quantum computers could be dangerous for AES-128: Grover's…
le menhir
  • 43
  • 1
  • 4
4
votes
0 answers

Comparing quantum computing resources to break the DLP on elliptic curve group vs Schnorr group

Take an elliptic curve group of 256-bit prime order $n$ over a 256-bit prime field in which the Discrete Logarithm Problem is believed hard, e.g. secp256r1. Build an isomorphic Schnorr group by taking $p$ as the smallest prime of the form $p=n\,r+1$…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
4
votes
1 answer

Difficulty of Shor's algorithm in a Schnorr group as a function of the modulus

Consider a Schnorr group with order a prime $q$ sized for security against current computers (like $q$ of 256 bit); modulus a prime $p=q\,r+1$ large enough (e.g. 3072 to 32768-bit) that the algorithms of choice for solving the DLP in the group are…
fgrieu
  • 149,326
  • 13
  • 324
  • 622
1
2 3 4