Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications.
However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement:
"Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company.
While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete.
"This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate—it's potentially damaging to the field's credibility."
Originally spotted on Schneier on Security. Dept. stolen from AC.
Previously: Chinese Researchers Claim Quantum Encryption Attack
Related Stories
Arthur T Knackerbracket has processed the following story:
Chinese researchers claim they have found a way to use D-Wave's quantum annealing systems to develop a promising attack on classical encryption.
Outlined in a paper [PDF] titled "Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage", published in the late September edition of Chinese Journal of Computers, the researchers assert that D-Wave’s machines can optimize problem-solving in ways that make it possible to devise an attack on public key cryptography.
The paper opens with an English-language abstract but most of the paper is in Chinese, so we used machine translation and referred to the South China Morning Post report on the paper – their Mandarin may be better than Google's ability to translate deeply technical text.
Between the Post, the English summary, and Google, The Reg understands the research team, led by Wang Chao from Shanghai University, used a D-Wave machine to attack Substitution-Permutation Network (SPN) structured algorithms that perform a series of mathematical operations to encrypt info. SPN techniques are at the heart of the Advanced Encryption Standard (AES) – one of the most widely used encryption standards.
The tech targeted in the attack include the Present and Rectangle algorithms, and the Gift-64 block cipher, and per the Post produced results that the authors presented as “the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today.”
[...] The exact method outlined in the report does remain elusive, and the authors declined to speak with the Post due to the implications of their work.
But the mere fact that an off-the-shelf one quantum system has been used to develop a viable angle of attack on classical encryption will advance debate about the need to revisit the way we protect data.
[...] Vendors, meanwhile, are already introducing “quantum safe” encryption that can apparently survive future attacks.
That approach may not be effective if, as alleged, China is stealing data now to decrypt it once quantum computers can do the job.
Or perhaps no nation needs quantum decryption, given Microsoft’s confession that it exposed a golden cryptographic key in a data dump caused by a software crash, leading a Chinese crew to obtain it and put it to work peering into US government emails.
(Score: 5, Insightful) by AssCork on Thursday October 24, @03:12AM (3 children)
If what they've claim is true, it's a great "baby step" - need to figure out how to crawl before you can walk. However, the source is shady, and diploma-mills playing fast and loose with the numbers is a real detriment to academia as a whole.
Just popped-out of a tight spot. Came out mostly clean, too.
(Score: 3, Touché) by Mykl on Thursday October 24, @06:15AM
But that's just what they want you to think!
(Score: 1, Insightful) by Anonymous Coward on Friday October 25, @08:26AM (1 child)
(Score: 2) by quietus on Friday October 25, @12:58PM
Indeed. The parent poster has confused the Chinese claim that they can break an AES encryption (which is a symmetric algorithm) made with a 22-bit key with a quote by one of the developers of RSA (in the Register article) that he didn't foresee public key encryption (aka (asymmetic) RSA and Diffie-Hellman) not being broken for the next 30 years [by a quantum computer].
So kudos to everybody who modded the original OP insightful: y'all missed the bull's eye by a wide margin.
(Score: 5, Insightful) by stormwyrm on Thursday October 24, @04:55AM
Yeah, they can break "military-grade encryption", that used by the Roman military under Julius Caesar in 44 BC maybe... Publishing the prime factors of RSA-1024 would be a far more convincing demonstration of the power of their technique. RSA will no longer give them US$100,000 for it but they will rightly grab headlines all over the world.
Numquam ponenda est pluralitas sine necessitate.
(Score: 4, Interesting) by RamiK on Thursday October 24, @09:49AM
So, a few days ago google released a paper showing a good improvement on quantum error correction: https://arxiv.org/abs/2408.13687 [arxiv.org]
The highlight is:
However, the caveat is that crosstalk issues are still the same meaning anything useful (cracking RSA... modeling chemical drug interactions...) you want to make out of the tech as is will likely going to run you in the billions due to needing wafer-sized chips and building-sized computers sunk in liquid hydrogen and powered by a whole power plant:
So, while they've hit scalability, it's still a moon shot level project in an economy that is about to see the AI bubble burst and massive layoffs all around.
As for our Chinese comrades, it's basically just them saying they can match and have slightly improved on the scalability factors with a hybrid design. However, like everyone else, they too are still in the realm of mega structure designs if you want to actually make the thing and need to do the same base research on crosstalk that we need to do to reduce the thing to something that anyone can actually afford to build and operate in today's economy.
Finally, with regard's to the "field's credibility", well, the AI bubble is set to blow any moment now so I'd be more concerned about what that would do to everything and anything tech than what some Chinese grant seeker says.
compiling...
(Score: 4, Insightful) by DadaDoofy on Thursday October 24, @10:55AM (1 child)
Why would the Chinese waste the effort to crack US military encryption? Surely they'd use the back doors in their chips.
"the U.S.’ newest Ford-class aircraft carriers depend on over 6,500 Chinese-sourced semiconductors to operate. Many other U.S. Navy ships and aircraft are similarly dependent on thousands of Chinese semiconductors to function as instruments of U.S. defense and power projection."
https://www.forbes.com/sites/erictegler/2024/01/09/americas-carriers-rely-on-chinese-chips-our-depleted-munitions-too/ [forbes.com]
(Score: 0) by Anonymous Coward on Thursday October 24, @07:50PM
There's an easy counterargument: putting in backdoors costs money. Which Chinese manufacturer puts in extra features without charging more? The ones that charge more don't get put on the BOM.
(Score: 3, Interesting) by VLM on Thursday October 24, @05:02PM (1 child)
I cannot provide a decent automobile analogy for quantum decoherence. I can do my best with an op-amp analogy.
Currently, nobody knows how to make a quantum computer that's not essentially an analog computer for I/O. Yes, you can make a "full adder" out of creatively wired analog opamps and it'll relatively slowly output the correct 0-5 volt analog values based upon 0-5 volt analog inputs so in a sense you could drop that into a digital computer's ALU and have an "analog enhanced computer" that does binary math, but it'll be slower than DTL, TTL, plain old CMOS, or ECL.
However, going back decades, the problem with analog computers has always been resolution. Due to noise, inherent limits, 1/f noise, whatevs. Today, on my lab desk, I can build an analog computer that will instantly factor RSA1024 from the classic factoring challenge back in 1991. I would do it this way: I would represent RSA1024 as a voltage, lets say +13.5-something volts (because in decimal RSA-1024 starts with 1350664... etc). Please for the sake of my thought experiment do not concern yourself with the 309 decimal digits of precision present in RSA1024 I WILL get back to that important topic. I implement an analog computing slide rule algorithm as follows: I make two opamp log function operators, this is pretty simple, you feed in a voltage and out comes the log as a voltage, they are or used to be all over in dB and pH measuring devices for obvious reasons. For various crypto reasons its easy to factor a composite number if one of the factors is "2" or "3" ideally you use two really friggin huge different primes around the sqrt of the desired number. So I already know that both factors of RSA-1024 will be "about 3.674234 volts" when I calculate and measure them. Next I generate a sawtooth wave "around" that voltage and feed it into one log amp so it sweeps the range of all possible input factors of RSA-1024 Then the output of an analog mixer goes into an anti-log amp and feed that into a comparator using a stable source of 13.5 something volts that is precisely RSA-1024 as a decimal times ten volts. Then I use a feedback loop on the output of the comparator feeding back to the input of the OTHER log amp. Note that I was up all night doing maintenance so I've probably F-ed this up in some minor detail but I am basically using analog technology to calculate "what voltage times something that is occasionally one factor-of-rsa-1024 volts times another voltage around 3.67 volts generated by the feedback loop equals about 13.6 volts aka the exact composite RSA-1024 number, in other words find me two factors of RSA-1024" in real time using analog opamps. Now most of the factors will be float * float but at some point an accurate enough voltmeter will notice that all three relevant voltages are all zeros after 309 or so digits of precision aka we have both integer factors of RSA-1024 now send me the (no longer offered) prize money. There is a minor problem with my analog factoring computer. I need circuitry with a signal to noise ratio so high to get an answer in reasonable time that I'm not going to waste my time calculating it (most hack amateur EEs can't build something to measure more accurately than 16 bits; I can, but its a PITA. Note there is a difference between measuring 10 bits of signal and 6 bits of noise vs measuring 16 bits of actual signal... building an A/D converter with "1024 bits of resolution" or an opamp with 1024 bits of SNR seems a fools errand) The other problem is my readout is a roughly 309 decimal digit voltmeter. Three digit voltmeters are like $10, six digit meters like the rigol on my desk will set you back like "hundreds", eight digit voltmeters are like "a cheap car" and the price only goes up however we need a 300+ digit voltmeter to read the result.
But, yeah, technically a handful of opamps can factor RSA-1024 in real time on my workbench in some abstract sense. Reading the answer to the require precision is a bit tricky with 2024 tech but analog multipliers and analog log/antilog opamp topologies are old old old technology.
I bet if I was less sleepy right now using a herd of opamps and some meters and stuff I could solve the prime factorization of 35. Yes, you and I know ahead of time the prime factors are 5 and 7. But the opamps don't know and I bet I could build some kind of analog computer circuit to solve that.
Another analog computer solution would involve doing very weird things to very unlikely to work RF multipliers. So ... If I built a x5 frequency multiplier and stuck it in a PLL's loop trying to generate a stable 35 MHz when the loop stabilizes it will "magically" at a 7 MHz VCO freq, then I've used a partially analog computer to "instantly" solve the prime factors of 35, right? Now scaling those frequencies to RSA1024 frequencies is just a difficult day at the lab bench but the EE work is complete.
And quantum decoherence is more or less the same problem but for quantum gadgets instead of opamps (very hand wavy yes I know its not entirely accurate)
For digital reasons we'll probably never build a digital computer using silicon that factors 8192 bit numbers, and for analog reasons we'll probably never analog/quantum factor 1024 bit numbers.
There are sneaky analog techniques to work around SNR limitations; they have their own limitations and they can't go from "10-bits on my breadboard" to "1024-bits to factor RSA1024"
(Score: 2) by AssCork on Sunday October 27, @02:39AM
A fantastically worded explanation.
I look forward to exploring this rabbit-hole further. :)
Just popped-out of a tight spot. Came out mostly clean, too.