1

I was wondering if I have to keep my data safe in an age when quantum computers become a reality. Which AES block cipher modes will be secure? Will AES-OCB will be quantum safe if used in a PGP like application?

Maarten Bodewes
  • 92,551
  • 13
  • 161
  • 313
ANISH M 18CS006
  • 51
  • 13
  • 2
    I have already answered the part about AES-OCB in another question you asked, and you can basically consider all AES modes when used properly (e.g. within their wear-out limits, not reusing a nonce, with a 256-bit key, etc) to be post-quantum secure. However, non-AEADs obviously need to be paired with a MAC. – samuel-lucas6 Jul 20 '22 at 06:49
  • 1
    oh ok thank you – ANISH M 18CS006 Jul 20 '22 at 07:55
  • Does this answer your question? Is AES-256 a post-quantum secure cipher or not? – AleksanderCH Jul 20 '22 at 08:47
  • 1
    @AleksanderCH no , i wanted to ask about security of block cipher modes here – ANISH M 18CS006 Jul 20 '22 at 08:58
  • 3
    Those depend on the security of the block cipher. If the block cipher is secure then the internal operations are generally dependent on XOR or increments, and those may not directly depend on secret information anyway (e.g. the ciphertext is of course not considered secret in CBC mode). I think questioning if modes of operation are susceptible or not is OK and not a dupe. – Maarten Bodewes Jul 20 '22 at 11:04

0 Answers0