I stopped following the quantum computing after reading hype about systems in the late 2010’s that had qubits that didn’t match the requirements for BQP. Looking around now though, I’ve started seeing concerns for both symmetric keys and asymmetric keys.<p>For asymmetric, I’ve seen recommendations to sign messages via both PQC and classical crypto simultaneously. Shor’s style algorithms are expected to break classical crypto once big machines exist.<p>For symmetric, I’ve seen concerns that 128-bit keys are insufficient, given the effective key halving from Grover’s algorithm.<p>This seems surprising:
Are we even vaguely close to stable BQP-style quantum computers with enough effective qubits (compensating for the cost of error correction) that they can operate on, say, 4096 bit RSA keys?<p>Are we even vaguely close to machines with high enough clock rates to burn through 64-effective-bit keys? I guess for symmetric, birthday paradox might halve the key size again (in some situations), and 2^32 is “small”. Is that the concern?
I think the idea is that when that day comes, that day is forever after. So it isn't like it is here and we all have time to get our shit together. The day comes and no one is safe, anywhere. Cryptocurrency markets will jilt, the global markets could over turn . There will be a run, a hemorrhage that no one will patch fast enough.<p>Better to be prepared, though that day is not yet here.<p>I'm pretty sure it is not in this decade, though like I said when tomorrow comes it will be too late.