from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2
n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.
So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.
There is a lot of good work being done in post-quantum cryptography, as we've covered previously:
- Modify the PoW system such that QCs dont have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
- Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.
... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being
very difficult to hack, whereas quantum-cryptography is in theory
fundamentally unhackable due to the immutable physical laws of quantum mechanics.