Security experts have recommended caution following a series of doom-laden reports in recent days claiming that Chinese researchers have cracked military-grade encryption via quantum computing technology.
The reports, which first appeared in the South China Morning Post last week, are based on a study published in a Chinese journal called Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage.
Shanghai University researchers employed a D-Wave Advantage quantum computer to study Substitution-Permutation Network (SPN) algorithms, notably the Present, Gift-64, and Rectangle algorithms, which are fundamental to Advanced Encryption Standard (AES) cryptography.
AES-256 is regarded as a nearly unbreakable symmetric encryption method employed by banks, governments, and the military to safeguard data, prompting the research team to reportedly claim that their findings prove quantum poses a "real and substantial threat" to current encryption.
However, Avesta Hojjati, DigiCert's chief of R&D, has criticised some of the media coverage of the research, stating that it sensationalised the findings in order to instill fear, uncertainty, and doubt in readers.
“While the research shows quantum computing's potential threat to classical encryption, the attack was executed on a 22-bit key – far shorter than the 2048 or 4096-bit keys commonly used in practice today. The suggestion that this poses an imminent risk to widely used encryption standards is misleading,” he argued. “This research, while intriguing, does not equate to an immediate quantum apocalypse.”
Indeed, even the initial study apparently warned that a real quantum threat to the symmetric encryption currently in use is still some time off due to environmental interference and immature hardware. The difficulties of creating a single algorithm that could be used to reveal several encryption schemes was also mentioned.
"We are still far from a practical attack that can threaten real-world encryption systems, especially with the current state of quantum computing,” Hojjati aded. “The [media] coverage may serve as a cautionary tale, but it exaggerates the timeline and feasibility of quantum threats to make for a more dramatic story. While the research advances discussion on quantum readiness, we should remain cautious but not alarmist.”