Just weeks after US president Joe Biden signed into law the Quantum Computing Cybersecurity Preparedness Act, there are reports that Chinese researchers have cracked RSA 2048 bit encryption.
Given that quantum computers offer the ability to push computational boundaries, such as solving intractable problems such as integer factorisation, which is used for public key encryption, the US government aims to encourage the migration of Federal Government IT systems to quantum-resistant cryptography.
However, last week, a number of news outlets picked up a Financial Times story which reported that Chinese researchers claim they can break RSA 2048 encryption using quantum computing.
The researchers published a paper, Factoring integers with sublinear resources on a superconducting quantum processor, in which they stated: “We estimate that a quantum circuit with 372 physical qubits and a depth of thousands is necessary to challenge RSA-2048 using our algorithm. Our study shows great promise in expediting the application of current noisy quantum computers, and paves the way to factor large integers of realistic cryptographic significance.”
They concluded that the pace of development of Nisq devices means they would be able to scale quickly to meet the challenge of cracking RSA 2048 encryption.
In his blog, commenting on the news reports, American cryptographer Bruce Schneier wrote: “I don’t think this will break RSA. Several times a year the cryptography community received “breakthroughs” from people outside the community. That’s why we created the RSA Factoring Challenge: to force people to provide proof of their claims. In general, the smart bet is on the new techniques not working. But someday, that bet will be wrong. Is it today? Probably not. But it could be. We’re in the worst possible position right now: we don’t have the facts to know. Someone needs to implement the quantum algorithm and see.”
Other security experts have dismissed the claim, describing it as “Chinese propaganda”.
Since 2016, the US National Institute of Standards and Technology (NIST), has been looking to develop a new standard for post quantum cryptography (PQC). In October last year, it announced that the PQC standardisation process would be continuing with a fourth round of submissions.
Discussing the evolution of quantum computers and the potential for them to reach a point where they would be able to crack public key encryption, Daniel Shiu, chief cryptographer at Arquit, said that in the short term, quantum computers will remain inadequate. But, he said: “When you start talking longer term, it’s a question of risk appetite.”
For instance, if there is a 1% chance in the next three years that a public key cracking quantum computing would exist, then that will influence organisations’ risk exposure. Given that NIST began its quest for PQC way back in 2016, and seven years on, it is still looking for submissions, Shiu said the industry is starting to feel jumpy.
“The whole process has taken longer than everybody was hoping,” he said. “There are big maturity and migration concerns, and another part of NIST, the Cyber Centre of Excellence, is doing a migration study where the experts are talking about decades that might be needed to fully update internet public key cryptography.”
The industry has also been focused on developing quantum-safe systems. Last year, IBM claimed that its newly introduced z16 system was the industry’s first of that description. It said the z16 is able to protect data against future threats that could evolve with advances in quantum computing, and that it uses “lattice-based cryptography”, an approach for constructing security primitives that helps protect data and systems against current and future threats.
The firm said the new hardware provides secure boot, which, when combined with quantum-safe cryptography, can help businesses tackle threats such as “harvest now, decrypt later” attacks, which lead to extortion, loss of intellectual property and disclosure of other sensitive data.
For Shiu, public key encryption, like RSA, represents a pre-internet way to verify the authenticity of a user, and provides public key certificates to support offline validation of credentials.
“We should be moving to a time when we can have much more actively managed trust,” he said. For instance, Kerberos offers a different way to mediate trust based on what Shiu describes as “purely symmetric primitives”. This means it requires a centralised key management server that everybody uses for trust.
But changing a fundamental approach to internet encryption is not something that can easily be rolled out, which is why so much attention is being given to quantum-safe encryption.