Security experts have urged caution after a stream of doom-laden reports in recent days claimed Chinese researchers have cracked military-grade encryption using quantum computing technology.
First surfacing in the South China Morning Post last week, the reports are based around a paper published in the Chinese Journal titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage.
The Shanghai University researchers used a D-Wave Advantage quantum computer to target Substitution-Permutation Network (SPN) algorithms – specifically the Present, Gift-64 and Rectangle algorithms – which are foundational to Advanced Encryption Standard (AES) crypto.
AES-256 is consider a virtually impenetrable symmetric encryption method used by banks, governments and the military to protect data, leading the research team to reportedly claim its findings prove quantum poses a “real and substantial threat” to current encryption.
Read more on quantum threats: NIST Formalizes World's First Post-Quantum Cryptography Standards.
However, DigiCert head of R&D, Avesta Hojjati, has hit back at some of the media coverage of the research, claiming that it has sensationalized the findings to create fear, uncertainty and doubt among readers.
“While the research shows quantum computing's potential threat to classical encryption, the attack was executed on a 22-bit key – far shorter than the 2048 or 4096-bit keys commonly used in practice today. The suggestion that this poses an imminent risk to widely used encryption standards is misleading,” he argued.
“This research, while intriguing, does not equate to an immediate quantum apocalypse.”
Researchers Urge Caution
In fact, even the original research reportedly cautioned that environmental interference and immature hardware mean that a genuine quantum threat to the symmetric encryption in use today is some way off. It also noted the difficulty of designing a single algorithm which could work to unmask multiple cryptographic systems.
"We are still far from a practical attack that can threaten real-world encryption systems, especially with the current state of quantum computing,” Hojjati concluded.
“The [media] coverage may serve as a cautionary tale, but it exaggerates the timeline and feasibility of quantum threats to make for a more dramatic story. While the research advances discussion on quantum readiness, we should remain cautious but not alarmist.”