PQC (Post-Quantum Cryptography) 10-23-2024

Why recent Chinese encryption research isn’t a threat—yet

Dr. Avesta Hojjati
Why Recent Chinese Encryption Research Isn’t A Threat—Yet

In May 2024, four Shanghai University researchers published a paper in the Chinese Journal of Computers. The study revolved around the researchers’ successful use of a D-Wave quantum annealing machine to develop an attack on classical encryption systems.

By October, the Chinese research had started a media frenzy, with many news outlets declaring that the study meant the world had entered a “crypto apocalypse.” If you believe the hype, you might think our classical encryption methods are under immediate threat. 

But the panic is premature. While quantum computing does hold the potential to eventually challenge encryption standards, the technology isn’t there yet—a fact highlighted within the study itself.

Let’s take a look at some of the important context much of the reporting is missing to better understand what this research really means. 

What is quantum annealing?

While the term “quantum computing” has been on many people’s radars for a while, there are different types of quantum machines. Quantum annealing is a method that solves optimization problems, like looking at many possible solutions and choosing the best. What quantum annealing does not do is perform the kind of universal quantum computations that would be required to break modern encryption.

The D-Wave quantum annealer used in the Shanghai University study operates with fewer qubits than a more powerful cryptographically relevant quantum computer (CRQC). The integer it factored was only 50 bits, much smaller than the 2048-bit keys seen in military-grade encryption.

In other words, the annealer isn’t the type of quantum machine that could crack encryption algorithms like RSA-2048. Instead of actually cracking the algorithm, the researchers used quantum annealing to reframe RSA’s well-known integer factorization problem (the math behind RSA encryption) as an optimization problem.

That doesn’t mean the study is meaningless—it does show progress. But the D-Wave machine is still a long way from threatening modern encryption. 

How worried should we be?

Here’s the key point: The Shanghai University study doesn’t prove that RSA-2048 (one of today’s go-to encryption methods) or AES-256 (another widely used standard) are at risk right now. While the researchers did make progress in using a hybrid quantum-classical algorithm to optimize certain problem-solving tasks, the real-world implications are still limited.

Yes, quantum computing is something organizations should already be preparing for. But breaking encryption protocols like RSA would require quantum machines with far more power than what’s currently available. We’re not at the point where quantum computers can actually “break” encryption—not yet.

But that doesn’t mean you should ignore quantum computing altogether. This study is a useful reminder that the quantum future will come—it's just a question of when.

How to prepare for the real crypto apocalypse

At the moment, the quantum threat is more theoretical than practical. But the study does serve as a cautionary tale. Whether you call it a crypto apocalypse or Q-Day, quantum is coming—and the time to prepare is now.

Experts in post-quantum cryptography (PQC) are already developing encryption techniques that can resist quantum attacks, and many organizations are investing in solutions like DigiCert Trust Lifecycle Manager to achieve the crypto-agility they need to be ready for the arrival of quantum computing. 

So if you’ve seen the hype about the crypto apocalypse, don’t panic. But take it as a sign that it’s time to prepare.

The latest developments in digital trust

Want to learn more about topics like post-quantum computing, encryption, and crypto-agility? Subscribe to the DigiCert blog to ensure you never miss a story.

Frequently Asked Questions

What is a qubit?

What is a cryptographically relevant quantum computer?

What is RSA-2048 encryption?

What is post-quantum cryptography?

What is crypto-agility?

What is a qubit?

In quantum computing, a quantum bit, aka qubit, is the basic unit of information. Unlike a classical bit that can be either 0 or 1, a phenomenon known as superposition allows a qubit to exist in multiple states simultaneously. Thanks to qubits, quantum computers can process complex calculations at much higher speeds than classical computers.

What is a cryptographically relevant quantum computer?

A cryptographically relevant quantum computer (CRQC) is a quantum computer powerful enough to break widely used encryption algorithms like RSA-2048 or AES-256. Unlike current quantum computers, which are primarily experimental and used for research, CRQCs would have the capability to solve the complex mathematical problems that modern encryption relies on, like factoring large prime numbers or solving discrete logarithms. 

While today’s quantum machines are far from achieving this level of computational power, CRQCs represent the future threat that could eventually compromise traditional cryptographic systems. That's why researchers are focused on developing post-quantum cryptography to prepare for the eventual arrival of CRQCs.

What is RSA-2048 encryption?

RSA is short for the names of the men who first publicly described RSA algorithm: Ron Rivest, Adi Shamir, and Leonard Adleman. RSA-2048 is a widely used public key encryption algorithm that relies on the mathematical difficulty of factoring large integers. The “2048” refers to the key size, which is 2048 bits long. RSA-2048 is commonly used to secure data transmissions like in HTTPS connections and email encryption.

Until quantum computing arrives, RSA-2048 will remain secure because the mathematical problem it relies on is extremely difficult for classical computers to solve. Even with advanced technology, it could take classical computers thousands of years to break the encryption.

What is post-quantum cryptography?

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks from both classical and quantum computers. While these encryption methods are still being researched and developed, the National Institute of Standards and Technology (NIST) announced three quantum-safe encryption methods in August 2024: FIPS 203, 204, and 205.

What is crypto-agility?

Crypto-agility refers to the ability of a security system to quickly switch between different encryption mechanisms without causing significant disruption to the system’s infrastructure. It requires an organization to have clear visibility into where encryption is being used—whether in protocols, libraries, algorithms, or certificates—and how these technologies are deployed.

 

Crypto-agility also involves the ability to rapidly identify and fix encryption-related issues when they arise. This flexibility is crucial when encryption standards become outdated or vulnerable, allowing a company to update or replace its cryptographic assets efficiently. Many organizations achieve crypto-agility through automation, which helps streamline the process of managing and replacing encryption technologies.

Subscribe to the blog