You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/blog/2025-06-30-post-quantum-roadmap.en.md
+9-5Lines changed: 9 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -13,7 +13,7 @@ params:
13
13
summary: "Quantum computers will break many traditional ciphers. Learn how we plan to adjust Cryptomator Hub in order to stay ahead of attackers."
14
14
15
15
ogimage:
16
-
relsrc: /img/blog/cryptobot-xwing@2x.png
16
+
relsrc: /img/blog/cryptobot-xwing-bg.png
17
17
width: 1480
18
18
height: 832
19
19
---
@@ -22,13 +22,15 @@ If you're reading this, chances are you've heard about quantum computers and how
22
22
23
23
## Cryptographic Breakdown
24
24
25
-
First, let's take a look at the ciphers involved in Cryptomator.
25
+
First, let's take a look at the ciphers involved in Cryptomator:
26
26
27
27
<figureclass="text-center">
28
28
<imgclass="inline-block rounded-sm"src="/img/blog/traditional-cipher-breakdown.svg"alt="Plot showing the growth of 2^n compared to n^2" />
29
29
<figcaption>Cryptographic Breakdown of Cryptomator & Hub</figcaption>
30
30
</figure>
31
31
32
+
As you can see, we mostly rely on AES- and EC-based algorithms. These are considered traditional algorithms, so their security assumptions refer to a world of traditional (non-quantum) computers. The general idea is that computations are easy if you know the right key but practically impossible without. When I say "practically impossible" I mean on traditional computers, as the computations are just "too complex".
33
+
32
34
## A Few Words About Complexity
33
35
34
36
While we aim to avoid complexity when it comes to usability or code legibility, there is a specific kind of complexity that we strive for. Let me explain:
@@ -45,7 +47,7 @@ When we want to express how many steps a certain computation requires, we catego
45
47
46
48
To ensure that breaking a cipher requires an insane amount of time and energy, cryptographic algorithms rely on hard-to-compute problems—i.e., we're operating on the more complex side of the spectrum.
47
49
48
-
The most illustrative example for this is the factorization problem: Determine the prime factors of 8633. The result is easy to verify through a simple multiplication (89 \* 97), but finding the factors from the product is hard; [harder than polynomial but subexponential](https://en.wikipedia.org/wiki/General_number_field_sieve). This is exactly what the RSA crypto scheme is based on (except with some *very* large numbers), where the prime factors constitute the encryption keys.
50
+
The most illustrative example for this is the factorization problem: Determine the prime factors of 8633. The result is easy to verify through a simple multiplication (89 × 97), but finding the factors from the product is hard; [harder than polynomial but subexponential](https://en.wikipedia.org/wiki/General_number_field_sieve). This is exactly what the RSA crypto scheme is based on (except with some *very* large numbers), where the public key essentially is the product of two secret primes that are required to compute the private key.
49
51
50
52
## How Quantum Computers Weaken Ciphers
51
53
@@ -71,9 +73,11 @@ More generally, when a traditional algorithm takes \(n/2\) steps on average, a q
71
73
This "magic" applies to any problem where one can efficiently verify whether a guessed input is correct. That's obviously a problem if you don't want an attacker to guess your secret key. Fortunately, the defense is simple: increase \(n\) to a size where even \(\sqrt n\) becomes large enough to make Grover's algorithm impractical.
72
74
73
75
> [!QUESTION] Why is AES-256 quantum-secure?
74
-
> Ever wondered why we use AES-256 instead of AES-128? The "256" refers to the number of key bits, resulting in \(2^{256}\) possible keys. On average, guessing the correct key would take \(2^{256} / 2 = 2^{255}\) attempts. With Grover's algorithm, however, it would only take \(\sqrt{2^{256}} = 2^{128}\) attempts.
76
+
> Ever wondered why we use AES-256 instead of AES-128?
77
+
>
78
+
> The "256" refers to the number of key bits, resulting in \(2^{256}\) possible keys. Guessing the correct key would therefore take \(2^{256} / 2 = 2^{255}\) attempts on a traditional computer and \(\sqrt{2^{256}} = 2^{128}\) attempts using Grover's algorithm.
75
79
>
76
-
> An effective key space of \(2^{128}\) is still considered secure. So, AES-128 is secure on traditional computers, but in a post-quantum world, we require AES-256.
80
+
> Making \(2^{128}\)guesses is simply unfeasible. So, while AES-128 suffices on traditional computers, the post-quantum world demands for AES-256.
0 commit comments