Stories
Slash Boxes
Comments

SoylentNews is people

Breaking RSA With a Quantum Computer

posted by janrinok on Saturday January 07, @04:45AM   Printer-friendly
from the clarity-of-ambiguity dept.

Quantum Computers Can Break Major Encryption Method, Researchers Claim

upstart writes:

Quantum computers can break major encryption method, researchers claim:

A group of researchers has claimed that quantum computers can now crack the encryption we use to protect emails, bank accounts and other sensitive data. Although this has long been a theoretical possibility, existing quantum computers weren't yet thought to be powerful enough to threaten encryption.

Breaking RSA With a Quantum Computer - Schneier on Security

upstart writes:

Breaking RSA with a Quantum Computer - Schneier on Security:

A group of Chinese researchers have just published a paper claiming that they can—although they have not yet done so—break 2048-bit RSA. This is something to take seriously. It might not be correct, but it's not obviously wrong.

We have long known from Shor's algorithm that factoring with a quantum computer is easy. But it takes a big quantum computer, on the orders of millions of qbits, to factor anything resembling the key sizes we use today. What the researchers have done is combine classical lattice reduction factoring techniques with a quantum approximate optimization algorithm. This means that they only need a quantum computer with 372 qbits, which is well within what's possible today. (The IBM Osprey is a 433-qbit quantum computer, for example. Others are on their way as well.)

The Chinese group didn't have that large a quantum computer to work with. They were able to factor 48-bit numbers using a 10-qbit quantum computer. And while there are always potential problems when scaling something like this up by a factor of 50, there are no obvious barriers.

Honestly, most of the paper is over my head—both the lattice-reduction math and the quantum physics. And there's the nagging question of why the Chinese government didn't classify this research. But...wow...maybe...and yikes! Or not.

"Factoring integers with sublinear resources on a superconducting quantum processor"

In email, Roger Grimes told me: "Apparently what happened is another guy who had previously announced he was able to break traditional asymmetric encryption using classical computers...but reviewers found a flaw in his algorithm and that guy had to retract his paper. But this Chinese team realized that the step that killed the whole thing could be solved by small quantum computers. So they tested and it worked."

EDITED TO ADD: One of the issues with the algorithm is that it relies on a recent factoring paper by Peter Schnorr. It's a controversial paper; and despite the "this destroys the RSA cryptosystem" claim in the abstract, it does nothing of the sort. Schnorr's algorithm works well with smaller moduli—around the same order as ones the Chinese group has tested—but falls apart at larger sizes. At this point, nobody understands why. The Chinese paper claims that their quantum techniques get around this limitation (I think that's what's behind Grimes's comment) but don't give any details—and they haven't tested it with larger moduli. So if it's true that the Chinese paper depends on this Schnorr technique that doesn't scale, the techniques in this Chinese paper won't scale, either. (On the other hand, if it does scale then I think it also breaks a bunch of lattice-based public-key cryptosystems.)

I am much less worried that this technique will work now. But this is something the IBM quantum computing people can test right now.

Original Submission #1Original Submission #2

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Breaking RSA With a Quantum Computer | Log In/Create an Account | Top | 22 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by maxwell demon on Saturday January 07, @08:07AM (2 children)

    by maxwell demon (1608) Subscriber Badge on Saturday January 07, @08:07AM (#1285644) Journal

    It being expensive is more important than it being illegal. Criminals don't care about things being illegal (else they'd not be criminals). They do usually care whether what they do is profitable, though. If breaking the encryption used to secure a bank account with a few thousand dollars on it costs a few million dollars, there's simply no incentive to do it.

    --
    The Tao of math: The numbers you can count are not the real numbers.
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by crafoo on Saturday January 07, @05:42PM

    by crafoo (6639) on Saturday January 07, @05:42PM (#1285710)

    legality does not matter at all. "legality", the act of writing down a law is a "letter to santa claus". No one cares. At all. The punishment, the money & dedication of competent men spent to investigate, enforce, and punish matter. You can write laws all day and call this or that illegal and no one cares. What matters are the resources and people dedicated to enforcing, punishing, and investigating.

    If it costs one dollar more to break the lock than the goods are worth no one will ever steal it.

  • (Score: 0) by Anonymous Coward on Saturday January 07, @05:48PM

    by Anonymous Coward on Saturday January 07, @05:48PM (#1285711)
    Also if it's easier and safer to just scam people (e.g. convince them to transfer credentials/money to you) there's less need to hack into an ISP, find the subset of TLS traffic you want and then break TLS etc, and then use the info to profit.