In a serious warning for industries relying on current encryption standards, a new research paper by Google Quantum AI reveals that breaking RSA encryption requires far less quantum compute power than widely believed. The paper’s findings are a wakeup call to cybersecurity professional to develop quantum-safe security technologies.

The research paper, whose lead author is Google quantum research scientist Craig Gidney, reflects quantum computing’s rapid progress over the last five years. “We published a preprint demonstrating that 2048-bit RSA encryption could theoretically be broken by a quantum computer with 1 million noisy qubits running for one week,” Gidney wrote. Remarkably, he noted, this is a 20-fold decrease in the number of qubits from the number required in a paper he co-authored in 2019.

Fortunately for the security of today’s IT systems, a quantum system at the level Gidney wrote about does not yet exist. IBM’s fastest quantum system contains approximately 1,100 qubits, and Google’s top quantum machine, Sycamore, has a mere 53.

Still, the development is worrying for security pros. RSA is a major target because it’s so commonly used for Web-based communications and digital signatures; it’s essential for securing connections between servers and e-commerce. RSA is deployed at a variety of levels by healthcare organizations and financial institutions.

Experts have long known that RSA—which some security analysts call “antiquated”—is in danger of succumbing to quantum-based attacks as quantum continues to develop. As a result, tech researchers are currently working to develop cryptographic technology to guard RSA against a quantum-based hacks.

Although still theoretical for many use cases, quantum computing has a major advantage over traditional computing because qubits—the core element for quantum—can represent both a 1 and a 0, unlike traditional computer bits that are limited to representing either a 1 or a 0. This superposition capability gives quantum computing exponentially more compute power.

In theory, bitcoin is not currently at risk from the quantum advances that Gidney detailed. The cryptocurrency uses elliptic curve cryptography (ECC), which is widely considered safer than RSA. ECC’s use of the discrete logarithm problem is another factor that makes it harder to crack than RSA, which relies on a relatively simpler method of factoring larger numbers.

However, some cybersecurity professionals caution that, based on continuous improvements in algorithms and quantum computing—which are improving at an increasing rate—bitcoin may at some point be compromised by advances related to those in Gidney’s research paper.

In his paper, Gidney noted that “there’s a saying in cryptography: ‘attacks always get better.’ Over the past decade, that has held true for quantum factoring.” Looking forward, he agrees with the initial public draft of the NIST report that made recommendations for transitioning to post- quantum cryptography standards: vulnerable systems should be deprecated after 2030 and disallowed after 2035.

He agrees with this advice, Gidney wrote, “Not because I expect sufficiently large quantum computers to exist by 2030, but because I prefer security to not be contingent on progress being slow.”

TECHSTRONG TV

Click full-screen to enable volume control
Watch latest episodes and shows

Cloud Field Day

SHARE THIS STORY

RELATED STORIES:

Building Quantum-Resistant Encryption Systems, with Cisco

Post-Quantum Conundrums with DigiCert

A Quantum Computing Breakout Maybe Close, but There Are Still Hurdles to Cross

Considering the Promise of Quantum Computing in AI with Dr Bob Sutor of The Futurum Group | Utilizing Tech 06×11