Late last month, a group of Chinese scientists quietly posted a paper purporting to show how a combination of classical and quantum computing techniques, plus a powerful enough quantum computer, could shred modern-day encryption. The breakthrough–if real–would jeopardize not only much U.S. military and intelligence-community communication but financial transactions and even your text messages.
One quantum technology expert said simply “If it’s true, it’s pretty disastrous.”
But the breakthrough may not be all it’s cracked up to be.
The paper, “Factoring integers with sublinear resources on a superconducting quantum processor,” is currently under peer review. It claims to have found a way to use a 372-qubit quantum computer to factor the 2,048-bit numbers of in the RSA encryption system used by institutions from militaries to banks to communication app makers.
That’s a big deal because quantum experts believed that it would require a far larger quantum computer to break RSA encryption. And IBM already has a 433-qubit quantum processor.
The Chinese researchers claim to have achieved this feat by using a quantum computer to scale up a classical factoring algorithm developed by German mathematician Claus Peter Schnoor.
“We estimate that a quantum circuit with 372 physical qubits and a depth of thousands is necessary to challenge RSA-2048 using our algorithm. Our study shows great promise in expediting the application of current noisy quantum computers, and paves the way to factor large integers of realistic cryptographic significance,” they wrote.
Lawrence Gasman, founder and president of Inside Quantum Technology, says he’s a bit skeptical, but “It’s enormously important that some people in the West come to some real conclusions on this because if it’s true, it’s pretty disastrous.”
Gasman said the paper’s most alarming aspect is the idea that it might be possible to break key encryption protocols not with a hypothetical future quantum computer but a relatively simple one that could already exist, or exist soon.
“If you look at the roadmaps that the major quantum computer companies are putting out there, talking about getting to a machine of the power that the Chinese are talking about, frankly, I don’t know. But you know, this year, next year, very soon. And having said that, I tend to be a believer that there’s going to happen soon.”
Yet Gasman said he was concerned about the numbers cited in the paper: “There’s a lot of hand-waving in there.”
Andersen Cheng, CEO of the company Post-Quantum, said via email: “The general consensus in the community is that whilst these claims cannot be proven to work there is no definitive evidence that the Chinese algorithm cannot be successfully scaled up either. I share this skepticism, but we should still be worried as the probability of the algorithm working is non-zero and the impact is potentially catastrophic. Even if this algorithm doesn’t work, a sufficiently powerful quantum computer to run Shor’s algorithm”—a method of factoring the very large numbers used by RSA—”will one day be designed – it is purely an issue of engineering and scaling the current generation of quantum computers.”
Defense One reached out to several U.S. government experts, who declined to comment on the paper. But University of Texas at Austin Computer science professor Scott Aaronson was a bit harsher on the paper in his blog earlier this month. To wit: “No. Just No.”
Wrote Aaronson: “It seems to me that a miracle would be required for the approach here to yield any benefit at all, compared to just running the classical Schnorr’s algorithm on your laptop. And if the latter were able to break RSA, it would’ve already done so. All told, this is one of the most actively misleading quantum computing papers I’ve seen in 25 years, and I’ve seen…many.”
So is the paper a fraud, a “catastrophe,” or something in between? Gasman says that while the political race for quantum supremacy is tightening, it would be uncharacteristic of the Chinese research community to make a bold, easily punctured false claim. He described the majority of published quantum research out of China as fairly “conventional” and said it’s unlikely that China would risk its stature as a leader in quantum science by pushing bunk papers.
“Nobody’s going to say, ‘Oh, it’s the Chinese and they, you know, they’re dissembling and it’s all about the rivalry with the West or the rivalry with the [United States]’,” he said.
Gasman added that while China leads in some aspects of quantum science (such as appalled networking) and quantum computer science, having built the world’s “fastest” quantum computer, the United States leads in many other aspects..
Even if this paper turns out to be wrong, it is a warning of what’s to come. The U.S. government has become increasingly concerned about how quickly key encryption standards could become obsolete in the face of a real quantum breakthrough. Last May, the White House told federal agencies to move quickly toward quantum-safe encryption in their operations.
But even that might be too little, too late. Said Cheng: “We need to be prepared for the first [Cryptographically Relevant Quantum Computer] to be a secret – it is very likely that when a sufficiently powerful computer is created we won’t immediately know as there won’t be anything like mile-high mushroom clouds on the front covers, instead, it will be like the cracking of Enigma – a silent but seismic shift.”