this post was submitted on 15 Oct 2024
55 points (78.4% liked)

Technology

35123 readers
65 users here now

This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.


Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.


Rules:

1: All Lemmy rules apply

2: Do not post low effort posts

3: NEVER post naziped*gore stuff

4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.

5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)

6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist

7: crypto related posts, unless essential, are disallowed

founded 5 years ago
MODERATORS
 

cross-posted from: https://lemmy.zip/post/24515831

The research team, led by Wang Chao from Shanghai University, found that D-Wave’s quantum computers can optimize problem-solving in a way that makes it possible to attack encryption methods such as RSA.

Paper: http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf

Follow up to https://lemmy.ca/post/30853830

top 17 comments
sorted by: hot top controversial new old
[–] mogoh@lemmy.ml 44 points 2 months ago (2 children)

22-bit RSA integer

If its true it is a big "achivement", but it still did not broke RSA.

[–] Jesus_666@lemmy.world 24 points 2 months ago (2 children)

Speak for yourself. I'm going to migrate all of my 22-bit RSA keys to a longer key length. And not 24 bits, either, given that they're probably working on a bigger quantum computer already. I gotta go so long that no computer can ever crack it.

64-bit RSA will surely be secure for the foreseeable future, cost be damned.

[–] MinekPo1@lemmygrad.ml 4 points 2 months ago

honestly while I agree that slightly longer keys wont be safe for long , but tbh I'm gonna sit a bit more on my 23-bit RSA keys before migrating

[–] fushuan@lemm.ee 1 points 2 months ago (1 children)

... How about going for a EC key?? Staying with RSA is stupid at this point.

[–] hummus273@feddit.org 5 points 2 months ago (1 children)

I'm sure he is joking. For example the lowest key size openssl supports is 512 bits and this is really small. Anything below 1024 bits has been considered insecure for a while now. Typical RSA key length is 2048. For a 22 bit RSA key you don't need a quantum computer, this is so small a laptop CPU can break this in a short time. As with EC crypto: this won't save you from quantum computer attacks, in fact a typical 256 bit EC key needs less qbits to be broken (1500) then 2048 bit RSA(4096).

[–] fushuan@lemm.ee 1 points 2 months ago

...I admit I didn't do the math with the amount of bits they stated xD. Still, it's like 10 times the amount of bits, you can get a stronger EC key with 5 times less bits compared to RSA.

[–] iopq@lemmy.world 3 points 2 months ago

It means that if quantum technology improves, the same technique can break higher bit integers. So it's in fact broken, we just don't have the future hardware to execute it on yet.

[–] drspod@lemmy.ml 22 points 2 months ago

They didn't break RSA.

[–] drwho@beehaw.org 21 points 2 months ago (1 children)

So it factored a trivial (22 bit) RSA key.

1024-bit RSA has been deprecated for years. 2048-bit RSA is the recommended minimum.

Interesting. Not quite worrisome.

[–] theshatterstone54@feddit.uk 6 points 2 months ago

So, it's cool, but not worrying. Title is a bit clickbait-y.

[–] cypherpunks@lemmy.ml 12 points 2 months ago

The headline should mention that they're breaking 22-bit RSA, but then it would get a lot less clicks.

A different group of Chinese researchers set what I think is the current record when they factored a 48-bit number with a quantum computer two years ago: https://arxiv.org/abs/2212.12372

I guess the news here is that now they've reached 22 bits using the quantum annealing technique which works on D-Wave's commercially-available quantum computers? That approach was previously able to factor an 18-bit number in 2018.

🥂 to the researchers, but 👎 to the clickbait headline writers. This is still nowhere near being a CRQC (cryptanalytically-relevant quantum computer).

[–] utopiah@lemmy.ml 10 points 2 months ago

So if you are genuinely worried about this, don't.

First because, as numerous persons already clarified, researchers here are breaking deprecated cryptography.

It's a bit like taking toothpicks and opening a lock while the locks used in your modern car is very different. Yes, it IS actually interesting but the same technique does not apply in practice, only in principle.

Second because IF in principle there IS a path to radically grow in power, there are already modern cryptography techniques which are resistant to scaling the power of quantum computers. Consequently it is NOT just about small the key is, but also HOW that key is made, what are the mathematical foundations on which a key is made, and can be broken.

Anyway for a few years now there has been research, roughly matching the interest in quantum computers, to what is called post-quantum encryption, or quantum resistant encryption. Basically the goal of the research is to find new ways to make keys that are very cheap to generate and verify, literally with something as cheap and non powerful as the chip in your credit card, BUT practically impossible to "crack" for a computer, even a quantum computer, even a powerful one. The result of that on-going research are schemes like Kyber, FALCON, SPHINCS+, etc which answer such requirements. Organizations like NIST in the US verify that the schemes are actually without flaws and the do recommendations.

So... all this to say that a powerful quantum computer is still not something that breaks encryption overall.

If you are worried TODAY, you can even "play" with implementations like https://github.com/open-quantum-safe/oqs-demos and setup a server, e.g Apache, and a client, e.g Chromium, so that they can communicate using such schemes.

Now practically speaking if you are not technically inclined or just want to bother, you can "just" use modern software, e.g Signal, which last year https://signal.org/blog/pqxdh/ announced that they are doing just that on your behalf.

You can finally expect all actors, e.g hosts like Lemmy, browsers like Firefox, that you use daily to access content to gradually both integrate post-quantum encryption but also gradually deprecate older, and thus risky, schemes. In fact if you try to connect today to old hardware via e.g ssh you might find yourself forced to accept older encryption. This very action is interesting because it does show that over the years encryption changes, old schemes get deprecated and replace.

TL;DR: cool, not worried though even with a properly powerful quantum computer because post-quantum encryption is being rolled out already.

[–] toothbrush@lemmy.blahaj.zone 6 points 2 months ago* (last edited 2 months ago) (2 children)

the paper is no longer online, I cant access it.

[–] Hirom@beehaw.org 3 points 2 months ago* (last edited 2 months ago)

Does this attack scale linearly with key size?

Using the D-Wave Advantage, we successfully factored a 22-bit RSA integer, demonstrating the potential for quantum machines to tackle cryptographic problems

That attack is a threat only if it scale better than existing attacks.

[–] geneva_convenience@lemmy.ml 2 points 2 months ago

Quantum computers were magical when they came out. The magic wore off and now they are... cracking tools?