Symmetric cryptography

Symmetric cryptography covers algorithms in which the same secret key encrypts and decrypts, including block ciphers such as AES (FIPS 197), stream ciphers such as ChaCha20, and message authentication codes. It is fast and compact, which is why protocols use public-key cryptography only to establish a symmetric key and then encrypt everything under it.

Quantum impact

Unlike public-key schemes, symmetric ciphers face no known exponential quantum attack. Grover's algorithm (Grover's algorithm) searches a k-bit keyspace in about 2^(k/2) steps, a quadratic speedup that in theory halves the effective key length: AES-128 falls to roughly 64-bit quantum security on paper. In practice the attack requires an extremely deep serial quantum circuit, and NIST assesses that AES-128 remains secure against foreseeable quantum attacks as of early 2026.

Key-size guidance

Conservative guidance for long-lived data is AES-256, which keeps a 128-bit margin even against an idealized Grover attacker. The AES key sizes also anchor the NIST NIST security levels used to grade post-quantum algorithms, alongside collision search on the cryptographic hash function families.

Sources

  1. FIPS 197, Advanced Encryption Standard (AES) (NIST, 2001)
  2. A fast quantum mechanical algorithm for database search (arXiv, 1996)
  3. Post-Quantum Cryptography FAQs (NIST, 2025)
Cite this entry
"Symmetric cryptography." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/symmetric-cryptography@misc{pqwiki-symmetric-cryptography, title = {Symmetric cryptography}, howpublished = {\url{https://postquantum.wiki/symmetric-cryptography}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }