Quote:
Originally Posted by awhitehead
Theoretically, given a 128 qbit (or larger) quantum computer, Peter Schor's algorithm will be able to factor it. They supposedly got working quantum computers with up to 16 qbits now (that can factor 2^16 keyspace) , so in another 10, 20 years, once AACS is no-longer relevant, this might be feasible. But not until then.
Coincidentially, modelling a quantum computer with more then ~60 qubits using conventional computers requires more bytes of RAM, then there are electrons in universe. A slight problem.
|
This is not RSA, so Shor's algorithm does not apply.
In a quantum computer the speedup is quadratic in the general case, so to break a 128 bit key we would still need sqrt(2^128) effort, i.e. about 2^64 iterations to succeed.
Still a bit too large.