Chinese Researchers Tap Quantum to Break Encryption

Researchers at China's Shanghai University have demonstrated how quantum mechanics could pose a realistic threat to current encryption schemes even before full-fledged quantum computers become available.

The researchers' paper describes how they developed a working RSA public key cryptography attack using D-Wave's Advantage quantum computer. Specifically, the researchers used the computer to successfully factor a 50-bit integer into its prime factors, thereby giving them a way to derive private keys for decryption.

Significant Development

Security researchers who have taken a look at the report generally don't consider the demonstration as posing any current threat to modern encryption systems, which typically use 2048-bit — or sometimes even larger — keys. Breaking these 2048-bit keys still remains computationally unfeasible, and the new research has not changed that fact.

What it does show, however, is the potential for quantum approaches to crack modern cryptography in a way that researchers have not considered before.

"Realistically, achieving the computational power necessary to break RSA-2048 encryption — which requires around 10,000 stable, error-corrected qubits — remains at least a few years away, given current technological limitations," says Avesta Hojjati, head of R&D at DigiCert.

But the Chinese research demonstrates significant progress in exploiting cryptographic weaknesses through specialized quantum techniques, rather than full-fledged universal quantum computers, Hojjati says. "It effectively illustrates that advancements in niche quantum methods could pose earlier, smaller-scale cryptographic risks, emphasizing a gradual rather than immediate progression toward large-scale quantum threats."

Almost everyone agrees the arrival of quantum computers in the next few years will completely undermine the protections of modern cryptography. They perceive quantum computers as easily breaking even the strongest current encryption protocols with their enormous computing power. Stakeholders, including governments, hardware makers, software developers, cloud service providers, and enterprises, all foresee the need for new quantum-resilient cryptography standards to protect against the threat and are collectively working toward developing those standards.

A Different Approach to an Old Challenge

One reason the Chinese research has attracted considerable attention is because it takes a different approach to harnessing quantum mechanisms for cryptography. Specifically, it involves a quantum approach called quantum annealing, which typically has been applied in processes like optimization and sampling, but not so much in factorization. A lot of the research around the implications of quantum computing on cryptography has instead focused on gate-based quantum computing. "D-Wave's quantum annealing, operating with fewer qubits than projected universal quantum computers for large-scale cryptography, succeeded in factoring with greater efficiency," Hojjati says. "By reimagining RSA's integer factorization as an optimization problem, the researchers showcase quantum annealing's potential to exploit cryptographic vulnerabilities ahead of the availability of universal quantum computers."

Rahul Tyagi, CEO of SECQAI, says the significance of the Chinese research lies in its innovative approach to quantum computing. It offers fresh insight beyond the well-explored paths of algorithms that are tailored to gate-based quantum computers. "The research emphasizes the importance of considering other computing paradigms, such as D-Wave, which may be better suited for certain types of algorithmic approaches," Tyagi says.

Importantly, this research does not appear to compromise existing cryptographic systems. It seems instead to present optimizations of existing methods while suggesting new ideas and approaches. "Ultimately, any research into new attack vectors is valuable, and this paper underscores the need to look beyond conventional methods and consider the broader quantum computing landscape."

Like Hojjati, Tyagi perceives significant advancements still remain before quantum computers break open encryption mechanisms. And that will likely take years. In the meantime, organizations should remain proactive by investing in quantum-resistant technologies and continuously updating their security protocols. From an academic perspective, the key question is how to redesign known attack vectors to exploit this emerging heterogeneous landscape of computational capabilities, Tyagi adds.

For the moment, what organizations must do is understand their own infrastructure, and establish what cryptography is being used and where. "Systems with a lifetime of 10 years or more need to be migrated ASAP to quantum-resilient encryption," Tyagi says. "Anything with a four-year time horizon is probably OK for now — however, a long-term road map needs to be created to define when the migration needs to occur."

Hojjati recommends that organizations enable visibility into current encryption practices so they can identify vulnerable algorithms and create pathways for swift transitions to quantum-safe options. "By developing crypto agility now," he advises, "organizations can efficiently deploy quantum-resistant encryption as standards evolve, reducing long-term risks and minimizing disruption."