How “post-quantum” is Kyber-1024, really?
Kyber-1024 (ML-KEM-1024) targets ~256-bit security – comparable to brute-forcing AES-256. Even if you give an attacker:
• a classical exascale supercomputer (10¹⁸ ops/s), or
• a massive future quantum computer running Grover’s algorithm at 10²¹ iterations/s,
the time to brute-force a single Kyber-1024 key is still on the order of 10¹⁰–10⁵² years.
In practice, that’s far beyond the age of the universe.
That’s why migrating to NIST’s ML-KEM (Kyber) family is such a critical step for long-term confidentiality in a quantum world.
