Filippo Valsorda Debunks Myth: AES 128 Remains Secure Against Quantum Attacks

Cryptography engineer Filippo Valsorda confirms that AES 128 encryption maintains its security against theoretical quantum computer attacks. Claims of halved security leading to rapid decryption are unfounded, reinforcing its long-term viability.

The Advanced Encryption Standard (AES) 128 is a block cipher, adopted by the U.S. government in 2001, securing vast amounts of digital data globally. For years, a persistent concern has centered on quantum computing's potential to compromise this widely used encryption standard. Speculation suggests that future quantum machines could render AES 128 vulnerable, necessitating immediate transitions to post-quantum cryptography.

However, cryptography engineer Filippo Valsorda clarifies that AES 128 remains secure against quantum computing threats. Proponents of the vulnerability theory often assert that a quantum computer, leveraging algorithms like Grover's, could effectively reduce AES 128's security to 2^64. This would hypothetically allow a brute-force attack, which attempts every possible key, to succeed in under a second using resources comparable to current Bitcoin mining operations.

Valsorda counters this, highlighting a critical misunderstanding of how quantum computers operate in this context. A brute-force attack on AES 128, even utilizing the full capacity of all Bitcoin mining resources projected for 2026, would still demand approximately 9 billion years to succeed. This estimate underscores the impracticality of such an attack, even with significant computational power. The core issue lies in the erroneous assumption that quantum computers can easily parallelize the brute-force search problem for AES keys.

This clarification from Valsorda provides crucial context for organizations planning their cybersecurity strategies. While the broader transition to post-quantum cryptography for other algorithms, particularly public-key systems like RSA and ECC, remains vital, this guidance indicates that AES 128 itself does not present an immediate quantum vulnerability. Security teams should focus on implementing strong key management practices and maintaining current encryption standards. The ongoing development of quantum computing capabilities will continue to shape cryptographic research; organizations must monitor NIST's post-quantum cryptography standardization efforts for long-term strategic planning.