AES-256 is considered to be [[QuantumPost-quantum computingcryptography|quantum]] resistant]], as it has similar quantum resistance to AES-128's resistance against traditional, non-quantum, attacks at 128 [[bits of security]]. AES-192 and AES-128 are not considered quantum resistant due to their smaller key sizes. AES-192 has a strength of 96 bits against quantum attacks and AES-128 has 64 bits of strength against quantum attacks, making them both insecure.<ref>{{cite journal |last1=Bonnetain |first1=Xavier |last2=Naya-Plasencia |first2=María |last3=Schrottenloher |first3=André |title=Quantum Security Analysis of AES |journal=IACR Transactions on Symmetric Cryptology |date=11 June 2019 |volume=2019 |issue=2 |pages=55–93 |doi=10.13154/tosc.v2019.i2.55-93 |doi-access= free |url=https://inria.hal.science/hal-02397049/document}}</ref><ref>{{Cite web |last=O'Shea |first=Dan |date=April 26, 2022 |title=AES-256 joins the quantum resistance |url=https://www.fierceelectronics.com/electronics/aes-256-joins-quantum-resistance |access-date=September 26, 2023 |website=Fierce Electronics}}</ref>
