AES (Advanced Encryption Standard)
AES (Advanced Encryption Standard) is the block cipher standardized by NIST in FIPS 197, the workhorse of modern symmetric cryptography. It encrypts 128-bit blocks under a shared key of 128, 192, or 256 bits and underlies TLS record encryption, disk encryption, and countless other protocols.
Quantum impact
AES has no known exponential quantum attack. Grover's algorithm (Grover's algorithm) searches a k-bit key space in roughly 2^(k/2) evaluations, a quadratic speedup that on paper halves the effective key length: AES-128 drops toward 64-bit security and AES-256 toward 128-bit. The attack requires an extremely deep serial quantum circuit that resists parallelization, so its practical cost is far higher than the raw exponent suggests, and NIST assesses AES-128 as secure against foreseeable quantum attacks.
Guidance
Conservative practice for long-lived data is AES-256, which retains a 128-bit margin even against an idealized Grover attacker. AES key sizes also anchor the NIST NIST security levels used to grade post-quantum algorithms.
Sources
- FIPS 197, Advanced Encryption Standard (AES) (NIST, 2001)
- A fast quantum mechanical algorithm for database search (arXiv, 1996)
- Post-Quantum Cryptography FAQs (NIST, 2025)
Cite this entry
"AES (Advanced Encryption Standard)." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/aes@misc{pqwiki-aes,
title = {AES (Advanced Encryption Standard)},
howpublished = {\url{https://postquantum.wiki/aes}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}