AES Vulnerability
Contents
AES Quantum Safe Claims Persistent AES quantum-safe claims are precarious at best
Cryptographically Relevant Cryptographically relevant computers are here now
AES is Quantum Toast Quantum computers process all combinations at once
Brute Force Decryption Quantum computers break encryption/decryption asymmetry
Data at Risk All data secured by classic block encryption is at risk

AES Quantum Safe Claims

It appears that mainstream quantum computer cybersecurity threat analysis is focused on public/private key encryption and RSA key-exchange.

We agree RSA is quantum vulnerable, but our focus here is on AES, the Advanced Encryption Standard.

While NIST has quantum resistant RSA replacement candidates, they have no quantum safe replacement for AES.

The persistent claim is that 'AES remains quantum safe while quality keys are used'.

Our analysis is that the assertion that AES is quantum-safe is based on a fundamental misunderstanding of the potential quantum computing power for brute-forcing.

Quantum systems, even in these early stages, can exploit AES vulnerabilities by operating on 128, 192 or 256 bit key spaces simultaneously, rendering any "quantum-safe" claim precarious at best.

The persistent narrative around AES’s quantum resilience overlooks the reality:

Quantum computers, at current scale,
reduce the time complexity for brute-force attacks exponentially.

AES was designed before quantum threats were even conceivable, so its architecture isn’t inherently equipped for a quantum landscape.

RSA public key encryption is often used to exchanges keys for AES symmetric encryption.

What use is a securely exchanged RSA key when the AES encrypted cipher is readily brute-forced by quantum computers, irrespective of the key used?

Cryptographically Relevant Quantum Computers

The other persistent claim is that the danger exists in the future, when Quantum Computers scale, when they become "Cryptographically Relevant".

This persistent belief that quantum computers aren’t an immediate threat because they’re “not cryptographically relevant yet” is in error. The fact is that at current scales, Quantum Computers can expose classic cryptographic vulnerabilities by brute force.

The phrase "cryptographically relevant" is often used as a comfort blanket, implying a long runway before we need to act. But the pace of quantum advancement has already produced "cryptographically relevant" Quantum Systems.

The Flatow Algorithm, even as a theoretical model, shows how a purpose-orchestrated quantum system exposes AES with 433 qubits available since 2022.

AES is Quantum Toast

The universally adopted Advanced Encryption Standard (AES), can be brute-force decrypted in near real time by current Quantum Computers.

Facts:

  • Classic computers take thousands of years to sequentially process all possible combinations of 256 bits.
  • Quantum computers process all possible combinations of 256 qubits
    (2 ^ 256) at once.
  • The largest key size for AES is 256 bits.

A 256 qubit key register linked to a quantum computer AES decrypt function can brute-force crack AES.

The total number of qubits required is less than 433 qubits, available since 2022 with the IBM Osprey quantum computer.

Brute Force Decryption

AES block encryption ciphers are brute forced by:

  1. Configuring a 128, 192 or 256 qubit key register
  2. Linking a quantum AES decrypt function
  3. Detecting a sensible result, and
  4. Collapsing the qubits to their binary condition

When a sensible result collapses qubits to their binary condition, the correct key is readable in the qubit key register. Only the correct AES key yields a sensible result.

A full AES quantum brute force system is described by the Flatow Algorithm.

Data at Risk

Data at quantum computer risk includes:

  • Key stores and password managers
  • Encrypted files
  • Encrypted databases
  • Encrypted communications

The AES algorithm is used to secure a vast amount of our data both at rest and in transit. Some of its more common applications can include:

  • WinZip
  • VeraCrypt
  • Signal
  • WhatsApp
  • TLS
  • SSH

AES is also approved by the U.S. Government for encrypting classified information:

  • SECRET data can be encrypted with 128-bit keys.
  • TOP SECRET data can be encrypted with either 192-bit or 256-bit keys.

As AES is a government approved and mandated security algorithm a very broad range of services and applications rely on its security.

Establishments seeking to secure sensitive client data would generally use government approved AES for all of their high security data.

Broadly, all penetrable classic block encryption algorithms, associated data stores and transports, are at risk.



The Quantum Elephant
Flatow's Algorithm
scroll to top of page