from an attack with quantum computing, it is enough to simply increase the length of the key.
No, it's not. QC processing power increases exponentially with each new qubit. This is why scaling up a QC can produce such phenomenal power.
Where a classical computer with 'n' bits can represent 'n' states, a quantum computer can represent (2
n) states.
So as we increase complexity, the number of states that can be represented are as follows:
Classical: 1,2,3,4,5,6,7,8 etc
Quantum: 1,2,4,8,16,32,64,128 etc.
So there's something wrong with ECC?
Yes, there is. A QC can use Shor's algorithm to break ECC.
There is a lot of good work being done in post-quantum cryptography, as we've covered previously:
- Modify the PoW system such that QCs dont have any advantage over classical computers. Defending PoW is not as important as defending signatures (as above), because PoW is less vulnerable. However various approaches that can protect PoW against QCs are under development, such as Cuckoo Cycle, Momentum and Equihash.
- Modify the signature system to prevent easy derivation of private keys. Again, various approaches are under development, which use some pretty esoteric maths. There are hash-based approaches such as XMSS and SPHINCS, but more promising (as far as I can tell) are the lattice-based approaches such as Dilithium, which I think is already used by Komodo.
... and I do think that many of these approaches look promising. My main concern is that post-quantum-cryptography solutions are based merely on being
very difficult to hack, whereas quantum-cryptography is in theory
fundamentally unhackable due to the immutable physical laws of quantum mechanics.
----------------------
In my opinion, post quantum cryptography should not be confused with cryptography based on the mutual relation of quantum states of photons.
Post-quantum cryptography uses mathematical coding methods.
Physical laws of the quantum world are used in quantum cryptography.
Post quantum systems, most of them, were developed 10-20 years ago. Some of them are new, developed recently. But they're all based on mathematics.
They should not be confused with related quantum states, it's a completely different approach to the problem.
We are not interested in quantum cryptography, it is not our level, it is not intended for ordinary users.
And it's not even planned for us.
It's post quantum mathematical cryptography that we are planning.
You are very mistaken about the length of the key if you think that a quantum computer can solve the problem of a complete search for a key only 256 bits long. No quantum computer can do that. That's why the AES-256 remains a post quantum system.
If cryptography on elliptical curves, as well as any other cryptography with a public and private key was reliable, and everything depended only on the length of the key, then no search for post quantum systems would be done by mankind.
Moreover, a large number of cryptographic systems that were candidates for post quantum encryption systems were not cracked by quantum computers, but by good old cryptanalysis, mathematical methods.
The key which is not broken by full search in system AES length 256 bits - corresponds to a key 15300-16400 bits in system RSA. If it were only for the speed of quantum computing, you could use an RSA with a key length of 16400 bits or more, or cryptography on elliptical curves (ECC) with a length of 512 bits.
Instead, AES-256 with only 256 bits of key is definitely left (it's a symmetric system), but all our asymmetric systems (including RSA and ECC) are not.
Moreover, for serious secrets 5 years ago they were forbidden to use, this is only what has already leaked to the press.
Neither ECC, nor RSA have ever been used in serious cases 10 years ago.
Details here, post dated December 04, see:
https://bitcointalk.org/index.php?topic=5204368.0.
Therefore, there is only one conclusion - all modern asymmetric systems with a pair of public and private keys - do not fit with any length of the key precisely because they are weak, but the details of this circumstance are not specified and few people know.