Grover's algorithm is a quantum algorithm for unstructured search, i.e. essentially solving the

The quantum search algorithm (sometimes called a database search algorithm), developed by the American mathematician Lov Grover in 1996, is applied to various cryptanalysis problems. For a given Boolean function

If we consider the problem of decrypting a block cipher with an *n*-bit-long key as a Boolean function-inversion problem, Grover's algorithm can solve it in 2^{n}^{/2} operations, in contrast to the classical computer taking 2^{n} operations. Thus, for a block cipher to maintain a given level of robustness against quantum computer attacks, it is necessary to double the key length.

Similarly, if we consider the problem of finding a hash function preimage, one also needs to double the hash code size to maintain the given level of robustness. Note, however, that the BHT quantum algorithm used for finding collisions is more efficient and requires a three-fold hash code size increase.

Similarly, if we consider the problem of finding a hash function preimage, one also needs to double the hash code size to maintain the given level of robustness. Note, however, that the BHT quantum algorithm used for finding collisions is more efficient and requires a three-fold hash code size increase.

Lov Kumar Grover

Grover's algorithm can also be applied to the analysis of asymmetric cryptographic systems, but in this case, it is usually inferior to specialized algorithms such as __Shor's polynomial algorithm__ for factorization.

The currently used symmetric cryptographic algorithms, such as the block ciphers AES-256, the hash functions SHA-512, are sufficiently robust against Grover's algorithm, while asymmetric cryptographic algorithms, such as RSA, (EC)DSA, which are usually used along with the symmetric ones, can be considered vulnerable. So much so that in the nearest future, it will be necessary to switch to __post-quantum cryptographic algorithms__.