SAFENetwork Quantum Resistant?


Will the SAFENetwork/SAFECoin be quantum resistant? Here is an recent article on how quantum computing will disrupt bitcoin.




It has to be seen if, when and how quantum computing will work (see this post and the replies).
The SAFE Network uses mainly AES-256, which is quantum resistant unlike ECDSA, RSA etc (see also this post).


Although I’ve my doubts, there is a lot of quantum computing R&D:


China and Europe are also investing at least $1 billion.

1 Like
1 Like

This last paragraph seems to sum it up

But while some may be overselling the qubit’s codebreaking capabilities over the course of the next decade, researchers have already set their sights on alternatives to today’s encryption standards that may one day prove more quantum-resistant. And it looks like we might have a good few decades to work on those while quantum gets up to speed.

1 Like

To me that article sounds like opinions and assumptions à la “if everything continues as expected, then …”.
I think @draw put it very well in his first answer

It has to be seen if, when and how quantum computing will work

Until that is not clear, I believe the OP question can not be answered definitely.


While we don’t know how the hardware might perform, there are few quantum algorithms that would take advantage of a quantum computer for cracking.

Without algorithms, the quantum computers might as well be the heaviest paperweight in the world.

Two major ones are Shor’s algorithm (for asymmetric crypto) and Grover’s algorithm (for symmetric crypto)
The one that applies to SafeNetwork would be Grover’s, and it only reduces the actual strength to half. So a AES-256 would have the strength of a AES-128 on a quantum computer with Grover’s algorithm.
It is similar for the hash function SHA3.

So that’s the current theoretical limit of the advantages that you can get on a fully functional quantum computer.

PS: as a side note, Shor’s algorithm completely destroys the future viability of current public-key cryptography.


Correct me if I am wrong, but half of AES-256 is AES-255, right? Difficulty doubles with each increment.


Power of the q computer doubles with each new bit. How long until it cracks the one time pad? There is always that as a recourse against the quantum.

Two people meet up and exchange quadrillions of serial one time pads and then each with a copy of the random 1 time pads can communicate indefinitely at distance going through their one time pads.

If they can just exchange some strange action at a distance physical bits (being sure they are not coupled on the way to other such bits) they might not even have to meet to exchange pads. If quantum teleportation which has been demostrated is possible so also is quantum communication- qbits in a q machine use such a channel as a kind of bus. Even if quantum communication turns out to not be super practical even beyond pad exchange there can always be pad exchange. But I guess people might also be left hand decrypting electronically communicated messages because how would you trust storing the pads electronically even if electronics generated the pads- and you’d destroy the isolated pad generators any way.

1 Like

Ok, what kind of PubKey crypto is Safe using? There has to be some kind of PubKey crypto for node IDs, SafeCoin owners etc.

edit: could be used, but hard to impl


Currently I think they are still using the libsodium library so they are using Curve25519xsalsa20poly1305 for Public-key authenticated encryption, xsalsa20poly1305 for Secret-key authenticated encryption, ed25519 as Public-key signatures and SHA-512.

But in Nov 17 @dirvine said:

It would be interesting if there was any updates on that idea.

In this case, Grover’s algorithm halves the effective key length for symmetric encryption.
AES-512 -> AES-256
AES-256 -> AES-128
So even though it takes a significant hit, it would be still considered fairly secure (aka. “quantum resistant”)

1 Like

No, only sha3_256 and not from libsodium but from tiny_keccak. They are using cryptographic primitives from rust_sodium (a library wrapper over libsodium) but not its hash part anymore.

A long time ago they were using sha512, and I think the evolution has been:

  • sha512 from libsodium
  • sha256 from libsodium
  • sha3_256 from tiny_keccak

Are there more sources available stating that AES-256 is quantum resistant?

I’ve been watching this project closely:

1 Like

Like this. You could build this in two a messaging app. Meet in person with a friend, rub your phone’s together as you generate one time pads.

Next to each friend in your address bar, have a one time pad health bar, visual indication of how many more secure messages you can send.


Yeah, I like it too! It reminds me of one of the quantum isms- two things that touch forever resonate. Given the singularity it would seem there is already a quantum back channel.