Chinese researchers claim to have reached a breakthrough in quantum computing, having figured out how to crack the RSA public-key cryptosystem using a quantum computer with power that will soon be available to the public.
Finding a way to break 2048-bit RSA, that is, to find the secret prime numbers that underpin the algorithm consistently and quickly, is very important. The RSA algorithm itself has been largely superseded by consumer protocols such as Transport Layer Security, but it is still widely used in older enterprise and operational technology software, and many code-signing certificates.
If a malicious attacker were able to generate these signing keys or decrypt messages protected by RSA, he or she could snoop on Internet traffic and expose malicious code to legitimate software. It may disguise itself as an update. Take control of third-party devices.
These issues are an important part of the threat quantum computing poses to traditional cryptography. In a white paper published by the UK’s National Cyber Security Center in November 2020, experts found that almost all public-key cryptosystems in widespread use today suffer from the difficulty of factoring very large numbers. I warned you that it’s easy to take apart because it relies on security. Crack it with a large enough general-purpose quantum computer.
The Chinese researcher’s paper “Factoring integers with sublinear resources on a superconducting quantum processor” features one of the first claims that this can actually be achieved. They claim that using a 372-qubit quantum computer he can break a 2048-bit algorithm. However, there are some caveats. They said that for practice he only had access to a 10-qubit device and could not prove his hypothesis for anything larger than 48 bits.
Many experts question their findings. The articles themselves are shared through the preprint service arXiv without meaningful peer review. Peer review is generally considered the minimum standard necessary to assess the scientific merit of a research paper.
A discussion about this paper on Google Groups disputes whether the paper claims that its method of factoring 2048-bit integers is actually faster than traditional methods. Both that argument and an analysis by cryptography expert Bruce Schneier warn that the researchers’ algorithm relies on a controversial paper by German mathematician Peter Schnoll. According to researchers, “they fall apart as they grow in size.”
Schneier wrote that after criticism was raised that the paper relied on Shor’s algorithm, “worries about whether the technique works now are largely gone.”
According to the arXiv publication, the authors are affiliated with some of China’s most prestigious universities, including several national key research institutes that receive direct funding and support from Beijing. Security experts who spoke with The Record said they hoped Chinese authorities would classify a scientific breakthrough with such a big impact on security.
Historically, there have been instances of such information being leaked against the wishes of Beijing ministries. Alibaba Cloud was reportedly sanctioned by the Ministry of Industry and Information Technology after an employee was credited with disclosing Log4J vulnerabilities to the Apache Software Foundation instead of the Chinese government.
A few months earlier, in July 2021, China’s Cyberspace Administration had introduced stricter rules regarding the disclosure of vulnerabilities in companies operating within its borders. Last November, Microsoft accused Chinese government-backed hackers of exploiting these vulnerability disclosure requirements to discover and develop their own zero-day exploits.
