Chinese researchers say they have become the first people to use a quantum computer to compromise the type of password-based security system widely employed in critical industries such as defense.
Instead of using bits, which can only be 0 or 1, to make calculations like a traditional computer, quantum computers rely on quantum bits—or qubits—which can be both 0 and 1 at the same time due to the principles of quantum mechanics. This allows them to solve certain problems much faster than traditional computers.
Although quantum computers are advancing quickly in many fields, progress on cracking cryptographic security has so far been slow.
However, in a peer-reviewed paper published last month in the Chinese Journal of Computers, researchers from Shanghai University wrote they had used a D-Wave Advantage quantum computer to successfully attack three algorithms—Present, Gift-64, and Rectangle—that are critical to the advanced encryption standard (AES) framework used to secure data in the government, military and financial sectors.”
The team warned that their success had for the first time exposed a “real and substantial threat” of hackers penetrating multiple such encryption methods, the South China Morning Post reported.
Lukas Schulze/Getty Images
This threat could extend to AES-256, an encryption that has been considered virtually uncrackable. The researchers said they had not been able to penetrate AES-256, but had come closer than ever before.
The D-Wave Advantage, built by Canadian quantum computing firm D-Wave Systems, solves complex problems through a process called annealing, a term borrowed from metallurgy.
In a similar way to how metals are strengthened and purified through repeated heating and cooling, quantum annealing guides a system through various energy states before gradually settling into the lowest one, which represents the best solution to the problem.
“It has a unique quantum tunneling effect that can jump out of local extremes that traditional intelligence algorithms are prone to fall into,” the authors wrote.
While this discovery has made headlines and raised concerns over apparent vulnerabilities, some experts say the hype is overblown.
“This research, while intriguing, does not equate to an immediate quantum apocalypse,” Infosecurity Magazine cited Avesta Hojjati, head of research and development at Utah-based digital security company DigiCert, as saying on Wednesday. “While the research demonstrates quantum computing’s potential threat to classical encryption, the attack was performed on a 22-bit key.”
That particular key is a string of numbers or characters with 2²² (4,194,304) possible combinations, far fewer than the 2048 and 4096-bit keys widely used today, he noted.
“The suggestion that this poses an imminent risk to widely used encryption standards is misleading.”
