Quantum Fears Overhyped: AES-128 Encryption Remains Unbroken, Expert Insists
A leading cryptography engineer is pushing back against persistent fears that quantum computers will soon break the widely used AES-128 encryption standard, calling the belief a dangerous myth that ignores fundamental physics.
“AES-128 is perfectly fine in a post-quantum world,” Filippo Valsorda, a renowned cryptography engineer, told reporters. “The supposed halving of its key strength to 2^64 via Grover’s algorithm ignores the critical fact that quantum computers cannot parallelize the attack in the way people assume.”
Valsorda’s statement comes as global attention intensifies on the existential threat quantum computing may pose to encryption. AES-128, the most common variant of the Advanced Encryption Standard adopted by NIST in 2001, has no known vulnerabilities in its 30-year history—making brute-force the only practical attack, with 2^128 possible key combinations.
Background
AES-128 uses a 128-bit key, providing 2^128 or approximately 3.4 × 10^38 possible combinations. To put that in perspective, using the entire bitcoin mining network as of 2026, a brute-force attack would take about 9 billion years.
The confusion began when amateur cryptographers and mathematicians applied Grover’s algorithm—a quantum search method—to AES, claiming it would halve the effective strength to just 2^64. This would, in theory, allow the same bitcoin-level resources to crack the key in under a second.
“The comparison is purely for illustration and flawed,” Valsorda explained. “Grover’s algorithm requires serial operations on a single quantum computer; it cannot be parallelized across thousands of ASIC miners. A cryptographically relevant quantum computer would need to run the algorithm sequentially, which is not how bitcoin mining works.”
What This Means
For organizations and governments, the message is clear: AES-128 remains secure for the foreseeable future. The widely circulated fear that quantum computers will render it obsolete is based on a misunderstanding of how quantum algorithms operate.
While post-quantum cryptography standards are being developed, the transition does not require immediate panic or replacement of existing AES-128 systems. The real vulnerability lies in public-key cryptography (like RSA and ECC), not symmetric ciphers like AES.
“We should focus quantum resistance efforts where they matter—on asymmetric cryptography,” Valsorda said. “AES-128 is not the problem.”
In summary, AES-128 remains the gold standard for symmetric encryption even in a post-quantum world, provided the underlying implementation is correct. The myth of its quantum demise stems from flawed parallelization assumptions that do not reflect actual quantum computing capabilities.
Related Articles
- Procurement Leaders Struggle to Scale Supplier Oversight as Complexity Surges
- 7 Ways Dell's 'Big Tent' Strategy Is Reshaping Enterprise Infrastructure
- Unlocking Supplier Expertise: How AI Agents Bridge the Gap for Procurement Managers
- GitHub Copilot Shifts to Consumption-Based Pricing: What You Need to Know
- 8 Key Facts About the Philippines' Offshore Wind Revolution and Its 11 TWh Promise
- Bridging the AI Accountability Gap: Why Strategy Ownership Doesn't Always Match Decision-Making
- Navigating Tesla's Future: A Step-by-Step Guide to Understanding the $10 Trillion Opportunity and Why TSLA Could Be a Buy Before 2029
- Why Thrive Capital's $100 Million Shopify Bet Highlights a New AI Investment Strategy