Quantum Fears Overhyped: AES-128 Encryption Remains Unbroken, Expert Insists
A leading cryptography engineer is pushing back against persistent fears that quantum computers will soon break the widely used AES-128 encryption standard, calling the belief a dangerous myth that ignores fundamental physics.
“AES-128 is perfectly fine in a post-quantum world,” Filippo Valsorda, a renowned cryptography engineer, told reporters. “The supposed halving of its key strength to 2^64 via Grover’s algorithm ignores the critical fact that quantum computers cannot parallelize the attack in the way people assume.”
Valsorda’s statement comes as global attention intensifies on the existential threat quantum computing may pose to encryption. AES-128, the most common variant of the Advanced Encryption Standard adopted by NIST in 2001, has no known vulnerabilities in its 30-year history—making brute-force the only practical attack, with 2^128 possible key combinations.
Background
AES-128 uses a 128-bit key, providing 2^128 or approximately 3.4 × 10^38 possible combinations. To put that in perspective, using the entire bitcoin mining network as of 2026, a brute-force attack would take about 9 billion years.
The confusion began when amateur cryptographers and mathematicians applied Grover’s algorithm—a quantum search method—to AES, claiming it would halve the effective strength to just 2^64. This would, in theory, allow the same bitcoin-level resources to crack the key in under a second.
“The comparison is purely for illustration and flawed,” Valsorda explained. “Grover’s algorithm requires serial operations on a single quantum computer; it cannot be parallelized across thousands of ASIC miners. A cryptographically relevant quantum computer would need to run the algorithm sequentially, which is not how bitcoin mining works.”
What This Means
For organizations and governments, the message is clear: AES-128 remains secure for the foreseeable future. The widely circulated fear that quantum computers will render it obsolete is based on a misunderstanding of how quantum algorithms operate.
While post-quantum cryptography standards are being developed, the transition does not require immediate panic or replacement of existing AES-128 systems. The real vulnerability lies in public-key cryptography (like RSA and ECC), not symmetric ciphers like AES.
“We should focus quantum resistance efforts where they matter—on asymmetric cryptography,” Valsorda said. “AES-128 is not the problem.”
In summary, AES-128 remains the gold standard for symmetric encryption even in a post-quantum world, provided the underlying implementation is correct. The myth of its quantum demise stems from flawed parallelization assumptions that do not reflect actual quantum computing capabilities.
Related Articles
- How Microsoft Built Unshakeable Trust with Open-Sourced Hardware Security: A Step-by-Step Guide
- How to Navigate the Accelerated Computing Revolution and AI Factory Transformation
- Dow Jones Industrial Average Breaches 50,000 Mark for First Time, Led by Tech Giants Nvidia and Broadcom
- Investing Insights: Tom Gardner on the Magnificent Seven, Market Trends, and Listener Questions
- iOS Crypto Wallet Phishing: How Fake Apps Steal Your Digital Assets
- How Monzo Achieved Record Growth: A Step-by-Step Blueprint for Fintech Success
- FBI Alert: Cyber-Criminal Cartels Driving Record $725M Cargo Theft Surge in North America
- Bitcoin's Early Days: Inside Morgan Stanley's Strategy and the Urgent Education Gap