Encryption too weak ?, Broken Options

[Dakhran the Dark]

Why assume that a brute-force attack will require 2^(bits) cycles to complete? Quantum computers aren't simply a faster type of computer -- they literally perform simultaneous calculations in one cycle. Let's say that, just hypothetically, each commlink has a cypher chip running a quantum computer, say at 1024 qubits. A 1024-qubit system would be able to crack a 1024-bit encryption in one cycle, simply by comparing the cyphertext against every value between 0 and (2^1024)-1 at once -- and that's for a symmetric key algorithm (asymmetric algorithms cannot use the entire keyspace, and are much more vulnerable to quantum attack). For larger keys (2048, 4096, or beyond) you could parcel out the keyspace and distribute the attack amongst a number of systems, each with their own 1024-qubit cyperchip working on 1/1024 of the keyspace. Any hacker worth their chops nowadays has zombies on compromised systems around the world to farm work out to, ranging from DDoS, mass spamming, or cypher cracking. It'll most likely be even more prevalent in a wireless world of nearly infinite bandwidth and memory, where even your apartment toaster could pool some clock cycles towards the cracking attempt. And there becomes a point where the time it takes to encrypt the file in the first place exceeds the usability of the encryption algorithm for realtime transactions, and the cost of the equipment needed to encrypt and decrypt the transactions. So, hackers should reasonably be able to play keep-up with all but the heftiest and most expensive systems (Zurich-Orbital)...

[Chandon]

The estimates I've heard for quantum cryptography imply that, at best, they'd reduce the time for brute forcing crypto to the square root of the time a normal computer would take - so instead of 2^x time it would be 2^(x/2) time.

[Taran]

Can you elaborate on that?