Researchers at Shanghai University in China have shown that quantum mechanics might pose a genuine threat to existing encryption methods, even before fully developed quantum computers are accessible.
The researchers’ paper details their development of an effective RSA public key cryptography attack utilizing D-Wave’s Advantage quantum computer. They specifically employed the machine to successfully factor a 50-bit integer into its prime components. Which enables them to derive private keys for decryption.
Notable Advancement
Security researchers who have reviewed the report generally agree that the demonstration does not present any immediate risk to modern encryption systems. Which typically employ 2048-bit keys—sometimes even larger. Cracking these 2048-bit keys continues to be computationally impractical, and this new research has not altered that reality.
However, it does demonstrate the potential for quantum methods to break modern cryptography in ways that researchers have not previously considered.
According to Avesta Hojjati, head of R&D at DigiCert, realistically obtaining the computational power needed to break RSA-2048 encryption—which demands approximately 10,000 stable, error-corrected qubits—remains several years away due to current technological constraints.
However, according to Hojjati, the Chinese research highlights considerable advancements in utilizing cryptographic vulnerabilities via specialized quantum techniques rather than relying on fully developed universal quantum computers. “This effectively shows that progress in specific quantum methods could present earlier and smaller-scale threats to cryptography, suggesting a gradual progression toward large-scale quantum risks instead of an immediate leap.”
The consensus is that quantum computers, expected to emerge in the coming years, will likely disrupt modern cryptographic protections. Leveraging their immense computing power, these machines are perceived as a significant threat with the potential to break even the strongest encryption protocols currently in use. Consequently, various stakeholders—including governments, hardware manufacturers, software developers, cloud service providers, and enterprises—recognize the need for new cryptographic standards resistant to quantum threats and are actively collaborating on developing these protections.
An Innovative approach to an old Problem
The Chinese research has garnered significant attention due to its innovative approach to utilizing quantum mechanisms in cryptography. This involves employing a method known as quantum annealing. It is typically used for optimization and sampling tasks rather than factorization. Traditionally, much of the study on how quantum computing impacts cryptography has concentrated on gate-based systems. According to Hojjati, “D-Wave’s use of quantum annealing—employing fewer qubits compared to the anticipated requirements for universal quantum computers designed for large-scale cryptographic purposes—achieved more efficient factoring.” By recasting RSA’s integer factorization challenge into an optimization problem. These researchers highlight how quantum annealing could potentially exploit vulnerabilities in encryption before universal quantum computers become widely available.
Rahul Tyagi, CEO of SECQAI, highlights the importance of Chinese research due to its novel approach to quantum computing. It provides new perspectives beyond the traditional focus on algorithms designed for gate-based quantum computers. “The study underscores the need to explore alternative computing paradigms like D-Wave, which might be more suitable for specific algorithmic strategies,” explains Tyagi.
Notably, this research does not seem to undermine current cryptographic systems. Rather, it offers enhancements of existing techniques and introduces fresh concepts and strategies. “In the end, exploring new attack vectors is crucial. This paper highlights the importance of moving beyond traditional methods to embrace a wider view that includes quantum computing.”
Similar to Hojjati, Tyagi believes that substantial progress is needed before quantum computers can unravel encryption mechanisms. And this development will probably take years. In the interim, organizations should stay proactive by investing in quantum-resistant technologies and consistently updating their security measures. Tyagi points out that from an academic perspective, a key question is how to redesign existing attack methods to take advantage of the rapidly changing array of computational capabilities.
At present, organizations need to assess their infrastructure and determine which cryptographic methods are in use and their locations. Tyagi suggests that systems expected to last 10 years or more should be urgently upgraded to quantum-resistant encryption. Systems with a lifespan of around four years may not require immediate action. However, it’s crucial for organizations to develop a long-term plan outlining when the migration should take place.
Hojjati recommends that organizations increase transparency in their existing encryption methods to pinpoint weak algorithms and develop plans for swift shifts to quantum-safe options. He states, “By promoting crypto agility today, organizations can efficiently adopt quantum-resistant encryption as standards evolve, which will lower long-term risks and minimize disruption.”
