SAFENetwork Quantum Resistant?

Will the SAFENetwork/SAFECoin be quantum resistant? Here is an recent article on how quantum computing will disrupt bitcoin.




It has to be seen if, when and how quantum computing will work (see this post and the replies).
The SAFE Network uses mainly AES-256, which is quantum resistant unlike ECDSA, RSA etc (see also this post).


Although I’ve my doubts, there is a lot of quantum computing R&D:

China and Europe are also investing at least $1 billion.

1 Like

This last paragraph seems to sum it up

But while some may be overselling the qubit’s codebreaking capabilities over the course of the next decade, researchers have already set their sights on alternatives to today’s encryption standards that may one day prove more quantum-resistant. And it looks like we might have a good few decades to work on those while quantum gets up to speed.


To me that article sounds like opinions and assumptions à la “if everything continues as expected, then …”.
I think @draw put it very well in his first answer

It has to be seen if, when and how quantum computing will work

Until that is not clear, I believe the OP question can not be answered definitely.


While we don’t know how the hardware might perform, there are few quantum algorithms that would take advantage of a quantum computer for cracking.

Without algorithms, the quantum computers might as well be the heaviest paperweight in the world.

Two major ones are Shor’s algorithm (for asymmetric crypto) and Grover’s algorithm (for symmetric crypto)
The one that applies to SafeNetwork would be Grover’s, and it only reduces the actual strength to half. So a AES-256 would have the strength of a AES-128 on a quantum computer with Grover’s algorithm.
It is similar for the hash function SHA3.

So that’s the current theoretical limit of the advantages that you can get on a fully functional quantum computer.

PS: as a side note, Shor’s algorithm completely destroys the future viability of current public-key cryptography.


Correct me if I am wrong, but half of AES-256 is AES-255, right? Difficulty doubles with each increment.

Power of the q computer doubles with each new bit. How long until it cracks the one time pad? There is always that as a recourse against the quantum.

Two people meet up and exchange quadrillions of serial one time pads and then each with a copy of the random 1 time pads can communicate indefinitely at distance going through their one time pads.

If they can just exchange some strange action at a distance physical bits (being sure they are not coupled on the way to other such bits) they might not even have to meet to exchange pads. If quantum teleportation which has been demostrated is possible so also is quantum communication- qbits in a q machine use such a channel as a kind of bus. Even if quantum communication turns out to not be super practical even beyond pad exchange there can always be pad exchange. But I guess people might also be left hand decrypting electronically communicated messages because how would you trust storing the pads electronically even if electronics generated the pads- and you’d destroy the isolated pad generators any way.

1 Like

Ok, what kind of PubKey crypto is Safe using? There has to be some kind of PubKey crypto for node IDs, SafeCoin owners etc.

edit: Hash-based Signatures could be used, but hard to impl

Currently I think they are still using the libsodium library so they are using Curve25519xsalsa20poly1305 for Public-key authenticated encryption, xsalsa20poly1305 for Secret-key authenticated encryption, ed25519 as Public-key signatures and SHA-512.

But in Nov 17 @dirvine said:

It would be interesting if there was any updates on that idea.

In this case, Grover’s algorithm halves the effective key length for symmetric encryption.
AES-512 → AES-256
AES-256 → AES-128
So even though it takes a significant hit, it would be still considered fairly secure (aka. “quantum resistant”)

1 Like

No, only sha3_256 and not from libsodium but from tiny_keccak. They are using cryptographic primitives from rust_sodium (a library wrapper over libsodium) but not its hash part anymore.

A long time ago they were using sha512, and I think the evolution has been:

  • sha512 from libsodium
  • sha256 from libsodium
  • sha3_256 from tiny_keccak

Are there more sources available stating that AES-256 is quantum resistant?

I’ve been watching this project closely:

1 Like

Like this. You could build this in two a messaging app. Meet in person with a friend, rub your phone’s together as you generate one time pads.

Next to each friend in your address bar, have a one time pad health bar, visual indication of how many more secure messages you can send.


Yeah, I like it too! It reminds me of one of the quantum isms- two things that touch forever resonate. Given the singularity it would seem there is already a quantum back channel.

I’ve been sceptical that Quantum computing would develop fast enough to become a serious threat to network security in the near term (in any network) … but now beginning to think it needs to be taken very seriously.


From Financial Times article:

The system can only perform a single, highly technical calculation, according to the researchers, and the use of quantum machines to solve practical problems is still years away.

And in this article from MIT Technology Review some other critical remarks.


The paper on NASA’s website was taken down … they sure have stirred the pot and are inviting a lot of speculation and conspiracy … publicity stunt? IDK. Wait and see I guess.

Even if it’s a minor improvement, Moore’s law may apply to qubits too, so IMO nothings off the table yet.


As I see it - and I am not in the field - once knew a bit about photo-lithography - Moore’s “law” is not a law in the sense that Newton’s Laws are, merely a remarkably prescient observation and prediction on the evolving state of semi-conductor technology with major emphasis on photo-lithography. These advances continued until we ran up against some quantum roadblocks which mean we are unlikely to see any further huge increases in the density of devices on a wafer.
So these advantages are already won and cannot be won again in a parallel field. However as more teams work on qubits and there are more eyes on the problem/field making all the bugs shallower, we can expect the pace to pick up. But nothing so far suggests anything like the dramatic gains of Moore;s law is in effect . Yet…

1 Like