Re: QC-proof cipher?

Paul Rubin wrote:

Peter Fairbrother <zenadsl6186@xxxxxxxxx> writes:
Does anyone know of a secure symmetric cipher which is known to be
resistant to quantum computation techniques?

"Known"? There isn't even a symmetric cipher "known" to be resistant
to conventional computation techniques, let alone quantum computing.

I realise that. Perhaps I misspoke. If we want to be picky, there is only
one "secure" symmetric cipher too, OTP.

What are you really asking?

Isn't it obvious? I'm looking for a symmetric cipher (or even a hash)
designed with resistance to QC in mind.

I'd like a reasonable level of assurance. AES level would be good but almost
certainly not available, even hasty-pudding-level would be good - but
designed under the assumption that qc's are available to the attacker.

I'm preferably looking for something around 512 bits key and 512 bits block
size, for long-term future-proofing.

I'm not getting into the question of whether QC's will exist, or when, just
whether anyone has designed a half-decent or better cipher with resistance
to QC techniques in mind.

Peter Fairbrother