Chinese researchers crack encryption with quantum computing

A group of Chinese researchers have claimed to have orchestrated the world’s first effective attack on the classical encryption method used in military applications, finance, and digital assets using a quantum computer.

The team was led by Wang Chao of the Shanghai University and published its research in a Chinese-language academic journal run by the state-owned China Computer Federation.

A South China Morning Post report describes the project as the first time quantum computing has threatened the encryption methods that most sectors rely on today.

“This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today,” the scientists said in their paper, which is written in Mandarin, except for the English abstract.

Chao’s team relied on a quantum computer developed by D-Wave Systems, a Canadian company that claims to be the world’s first to sell computers that exploit quantum effects. The team used this computer to attack the Gift-64, Present, and Rectangle algorithms, all cryptographic algorithms designed for secure data encryption in small and resource-limited environments.

The three are foundational algorithms used in the advanced encryption standard (AES), used in complex finance and military applications. AES is also used in the digital asset sector for wallet encryption and by exchanges to secure user data against breaches.

The Chinese team relied on quantum annealing, in which the quantum computer searches for the lowest energy state and, consequently, the best overall solution. Traditional approaches explore every possible path, making them expensive and prohibitively time-consuming.

Chao and his team declined any interviews due to the sensitive nature of their research. However, a quantum computing expert who asked to remain anonymous told SCMP that the D-Wave quantum computers are “specifically adept at solving binary optimisation problems.” The massive leap Chao and his team had made was “transforming a real-world issue into a binary optimisation problem that a quantum computer can handle.”

While this was a significant milestone in quantum computing, Chao acknowledged that he still hadn’t solved decryption, as large-scale operations were still limited by underdeveloped hardware and environmental factors.

When will quantum computing pose a real threat?

The research reignites the debate over how quickly quantum computing can threaten existing encryption methods. Adi Shamir, one of the brains behind the widely used RSA public-key encryption standard, says that quantum computers are at least three decades away from causing any concern on a global scale.

Some experts like Cliff Cocks, who developed a version of RSA for the U.K. government years before it became a global standard, have aimed at Chinese decryption claims, saying they are limited to lab tests with small data sets. There’s “no evidence whatsoever” that they could work on a global scale, he says.

Others believe that the threat could be closer. The Monetary Authority of Singapore (MAS) called on local banks to adopt post-quantum encryption, warning that experts believe “that cyber security risks associated with quantum will materialize in the coming decade.”

While there is no consensus over when quantum computing will threaten existing encryption and security protocols, many organizations and public institutions are investing in being post-quantum ready. Singapore invested $74 million earlier this year to boost quantum computing in the country, while the U.S. Air Force is now leveraging quantum computing for military logistics.

Private entities are also boosting their capabilities. Earlier this year, Apple (NASDAQ: AAPL) announced that iOS 17.4 will protect its iMessage users against quantum computing attacks. Google (NASDAQ: GOOGL) also released post-quantum cryptography for Chrome users a month ago.

Under the Quantum Computing Cybersecurity Preparedness Act 2022, the U.S. government is also pushing federal agencies and institutions to enforce post-quantum security measures as the threat of attacks from China looms.

Watch: Adaptable blockchain system to tackle real-world problems