If all of AES, then yes. But a particular choice of algorithm parameters can become insecure much earlier.

> If AES is broken in your lifetime, you're going to have _way_ bigger problems than somebody decrypting your blockchain ciphertext.

I'm not so sure about that. Not a lot of encrypted data is simply lying around at rest, available for everyone to run attacks against. Most encrypted data is either ephemeral (encrypted data connections) or secured by additional measures (e.g. to even get the raw bytes of an encrypted partition, you need access to the machine, appropriate permissions, etc) That gives the data owners various opportunities to react and mitigate the risks: Stop processes that send sensitive data, unmount sensitive partitions, detete data, etc.

You can't do a lot to protect data on the blockchain - it's literally out there for everyone to access.

AES being broken doesn't mean someone managed to brute force a key. It means someone found a flaw that enables them to break any key in much less time than you'd expect a brute force attack to take. In other words, if AES is broken people would be able to read that ephemeral data quickly enough for it to be useful.

I know - and the ephemeral data that attackers were able to capture would of course be at risk.

My point was that data owners have options to limit damage - e.g. immediately stopping any data transmission and not producing any future ephemeral data.

That’s a very optimistic opinion :)

And just to nitpick about blockchains, ledgers, etc.: they don’t need to be world-readable. You can protect them the same as you would a regular database.

> You can protect them the same as you would a regular database.

Then you'll need some central entity to manage access to the chain. If you already have a central entity, you can just use a regular database instead of a blockchain and save yourself all the energy waste.

The key aspect of a blockchain is that each block contains the hash of the previous block. That provides integrity guarantees that you don't get simply by using a central entity.

I'd say the "each block contains the hash of a previous block" property is the implementation but not the key aspect. (Unless you count a git repo as a blockchain too)

I think the key aspect is that it is a database that no single person or organisation can delete or alter - not even the developers or operators of the database themselves. The only operation possible is append.

But this property requires that the majority of nodes participating in the chain are not under your control. When the nodes are under your control, you could just order them to swap out the current chain with one you just made up. (Which is effectively how git's "history rewriting" features work) This doesn't provide any more integrity than an ordinary database.

On the other hand, if you want an append-only database and you already have a central gatekeeper that you trust (as required for access enforcement), you also can use an ordinary database and have the gatekeeper enforce the append-only property. No blockchain required.

That part is very easy to implement without all the extra cruft that a blockchain also brings with it. Git manages to do that same thing without burning a ton of coal every time you make a commit.

Bitcoin blockchain does not use AES, wallets do.

Elliptic curve signatures of the blocks are _significantly_ more fragile to quantum attacks than AES.

The thread is about somebody storing ciphertext in a blockchain.