Quantum Computing

No, Chinese quantum computers haven't hacked military-grade encryption

Hacking a 50-bit RSA key is so easy you could do it with your cell phone in seconds
Hacking a 50-bit RSA key is so easy you could do it with your cell phone in seconds

In the last several days, headlines have been plastered all over the internet regarding Chinese researchers using D-Wave quantum computers to hack RSA, AES, and "military-grade encryption." This is true and not true.

A white paper published by the Chinese Journal of Computers in May of 2024 dives into quantum annealing via D-Wave systems using Ising and QUBO models to factor RSA-protected integers, which is a critical component in breaking encryption.

The paper goes on to describe the researchers' success at breaking 50-bit RSA encryption as well as the process in which they did it.

There is no mention of attempts to crack AES encryption in the paper. There is no mention of "military-grade" encryption either.

What does any of this even mean and should I be worried?

TL;DR - NO. But please, read on.

RSA encryption is pretty much the standard encryption we use on the daily every time we check our email or browse the 'net – it's the "s" in "https://". There's a public key and a private key and they're mathematically related through a ridiculously large number that's very difficult to break down into its prime factors needed to crack without the keys. We've been using RSA for decades. Additionally, our devices are generally using 128-bit or 256-bit AES encryption whenever we log into a router with a password when we connect to Wi-Fi.

Yes, Chinese researchers were able to hack a 50-bit encryption key using quantum computers.

They could have also hacked a 50-bit RSA key with an iPhone in just a few seconds. Or even that old Celeron 200 MHz laptop that's been in the back of your closet for the last 20 years that you just can't get yourself to throw away because of its nostalgia. As early as the 1990's, a 512-bit RSA key was considered to be weak by encryption standards.

Modern everyday RSA encryption is 2048-bit. By adding bits, cracking encryption becomes exponentially more difficult – in this case, 50-bits to 2048-bit is 2^1998 times more difficult to crack. That's a 1 followed by 601 zeros. We don't even have a formal name for such a ridiculously high number.

To really illustrate that, in 2010, a team of researchers from around the globe cracked a 768-bit RSA key after two and a half years of continuous number crunching on hundreds of computers working around the clock.

As mentioned before, the paper does not include any verbiage about attempting to crack AES encryption. That being said, "military-grade" encryption is generally 256-bit AES. The RSA key equivalent would be 15,360-bit.

Quantum computers most certainly sound like something from the future, and they still mostly are. Humans have only just scratched the surface of the surface in what may be possible. Years from now, quantum computers very much will be able to crack longer and longer encryption algorithms. But not today.

In conclusion, while a pocket calculator might not have the processing power to hack a 50-bit RSA key, the phone you're likely reading this on absolutely can. And so can a D-Wave quantum computer.

Paper - "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage": Chinese Journal of Computers (PDF)

  • Facebook
  • Twitter
  • Flipboard
  • LinkedIn
4 comments
Rnolds
In the South China Morning post they were described to have achieved more than just RSA 50 bit... "they successfully attacked the Present, Gift-64 and Rectangle algorithms – all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption."
Captain Danger
When they do (if not have done already) why would they let everyone know?
By releasing this they are just lulling us to sleep.
Brian M
Quantum computers might one day be a an encryption threat, but humans are still the weakest link, as they always have been.
Love, temptation and greed can beat any quantum computer for getting hold of secrets!
Karmudjun
Like "Captain Danger" mentions, why would anyone actually report the full capabilities of the quantum computing algorithm breakthroughs? That would be like releasing the "Blackbird's" maximum operational altitude and speed. The U-2's ceiling of 70,000 feet wasn't enough to protect Capt. Gary Powers....but still, the subsequent SR-71 data isn't well known. Why would anyone hacking DoD systems and conducting industrial espionage explain their capabilities anywhere that can be mined by the likes of New Atlas? But thanks anyway.