"We investigate the cost of Grover's quantum search algorithm when used in the context of pre-image attacks on the SHA-2 and SHA-3 families of hash functions. Our cost model assumes that the attack is run on a surface code based fault-tolerant quantum computer. Our estimates rely on a time-area metric that costs the number of logical qubits times the depth of the circuit in units of surface code cycles."
@screwtape
> this is the one that basically halves the number of bits of encryption you used expecting a classical attack?
This question is way beyond me :P I just stumbled upon the paper by following a link in something else I was reading, and thought it might be interesting to share.
@strypey like they're talking about in the article, this one is very practical to implement; conversely you can basically just double the number of bits you're using for your crypto, which is supported by libcrypto or w/e trivially.
Add comment