Which of the following cryptosystems is considered sufficiently secure against quantum computing attacks?

Question

BlackTom AI · Accepted Answer

First, I’ll restate the question and lay out the answer choices as they appear to us to ensure we’re evaluating the same set.
Question: Which of the following cryptosystems is considered sufficiently secure against quantum computing attacks?
Answer options (as presented):
- a. AES-256 encryption
- AES-256 encryption
- b. ECDSA digital signature
- ECDSA digital signature
- c. AES-128 encryption
- AES-128 encryption
- d. Diffie-Hellman key exchange
- Diffie-Hellman key exchange

Now, let’s evaluate each option in light of quantum-era security expectations.
Option 1 (AES-256 encryption) as a candidate: Under Grover’s algorithm, a quantum attacker can reduce the effective security level by roughly a square root of the key length. For AES-256, that would imply an effective security level near 128 bits, which is still considered strong and commonly cited as quantum-resistant for practical purposes. This makes AES-256 the most robust of the listed symmetric options against quantum attacks, compared with AES-128, which would drop to about 64-bit effective security, and is thus less secure in the quantum model.
Option 2 (AES-256 encryption) — repeating the same choice here doesn’t introduce any new information; duplicates don’t alter the assessment, but they reinforce that among the symmetric options, AES-256 aligns with the commonly accepted quantum-resistance claim for symmetric ciphers.
Option 3 (ECDSA digital signature): Elliptic Curve Digital Signature Algorithm relies on the discrete logarithm problem over elliptic curves. In a quantum setting, Shor’s algorithm can break such schemes efficiently, yielding a catastrophic vulnerability for ECDSA. Therefore, this option is not considered secure against quantum attacks.
Option 4 (ECDSA digital signature) — again, duplicative presentation of the same concept reinforces that the underlying problem (elliptic-curve discrete logarithm) is quantum-weak, so this option remains insecure under quantum threats.
Option 5 (AES-128 encryption): While AES-128 is secure against classical attacks, Grover’s algorithm would reduce its effective security to about 64 bits in a quantum context, which is problematic for long-term security goals. Compared to AES-256, AES-128 is generally viewed as less quantum-resistant.
Option 6 (AES-128 encryption) — repetition doesn’t change the fact that its quantum-resistance is inferior to AES-256, so it remains a weaker choice under quantum threat models.
Option 7 (Diffie-Hellman key exchange): Diffie-Hellman relies on the discrete logarithm problem as well. In the presence of a quantum attacker using Shor’s algorithm, DH becomes breakable efficiently, so it is not considered quantum-secure.
Option 8 (Diffie-Hellman key exchange) — this repeated option shares the same weakness as the prior DH choice; it does not offer quantum resilience.

Put together, the options show a clear contrast between symmetric ciphers (where longer keys help against quantum attacks) and public-key schemes (where Shor’s algorithm undermines security). Among the choices, the symmetric option with the strongest quantum-resilience is AES-256, since it yields the highest effective security level under Grover’s algorithm, whereas the public-key options (ECDSA, Diffie-Hellman) are fundamentally vulnerable to quantum attacks. The inferior quantum posture of AES-128 relative to AES-256 is also highlighted by the effective security drop to around 64 bits for AES-128, which is inadequate for many security scenarios.

In sum, the reasoning hinges on how Grover’s algorithm impacts symmetric-key lengths and how Shor’s algorithm affects discrete-log-based public-key systems. The bipartite contrast between the AES variants and the EC/DH-based schemes explains why AES-256 is the preferred choice when considering resistance to quantum threats among the listed options.

Which of the following cryptosystems is considered sufficiently secure against quantum computing attacks?单项选择题

类似问题

The only algorithm selected so far by the NIST PQC process that is suitable for protecting data confidentiality is___.

The lower-risk approach to migrating to post-quantum cryptography is to adopt hybrid ciphersuites consisting of ________.

Which of the following PQC scheme(s) do not rely on lattices?

Why is increasing the key length of RSA not a practical method to defend against quantum attacks?

Why is it essential to start shifting towards upgrading cryptography to resist quantum attacks?

What is the main focus in the field of cryptography with regards to quantum computing?

更多留学生实用工具

智能学习助手

风格化写作助手

论文查重助手

文献引用助手

课堂转译助手

课堂笔记助手

Quiz搜索助手

学校历年真题

智能刷题助手

智能匹配练习

希望你的学习变得更简单