Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption

Debunking Hype: China Hasn't Broken Military Encryption with Quantum (forbes.com) 43

An anonymous reader shared this report from Forbes: Recent headlines have proclaimed that Chinese scientists have hacked "military-grade encryption" using quantum computers, sparking concern and speculation about the future of cybersecurity. The claims, largely stemming from a recent South China Morning Post article about a Chinese academic paper published in May, was picked up by many more serious publications.

However, a closer examination reveals that while Chinese researchers have made incremental advances in quantum computing, the news reports are a huge overstatement. "Factoring a 50-bit number using a hybrid quantum-classical approach is a far cry from breaking 'military-grade encryption'," said Dr. Erik Garcell, Head of Technical Marketing at Classiq, a quantum algorithm design company. While advancements have indeed been made, the progress represents incremental steps rather than a paradigm-shifting breakthrough that renders current cryptographic systems obsolete. "This kind of overstatement does more harm than good," Dr. Garcell said. "Misrepresenting current capabilities as 'breaking military-grade encryption' is not just inaccurate — it's potentially damaging to the field's credibility...."

In fact, the Chinese paper in question, titled Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage, does not mention military-grade encryption, which typically involves algorithms like the Advanced Encryption Standard (AES). Instead, the paper is about attacking RSA encryption (RSA stands for Rivest-Shamir-Adleman, named after its creators)... While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large.

Moreover, the methods used involve a hybrid approach that combines quantum annealing with classical computation. This means that the quantum annealer handles part of the problem, but significant processing is still performed by classical algorithms. The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today.

Duncan Jones, Head of Cybersecurity at Quantinuum, tells Forbes that if China had actually broken AES — they'd be keeping it secret (rather than publicizing it in newspapers).
This discussion has been archived. No new comments can be posted.

Debunking Hype: China Hasn't Broken Military Encryption with Quantum

Comments Filter:
  • by gweihir ( 88907 ) on Saturday October 19, 2024 @01:37PM (#64877739)

    I said pretty much the same thing a few days ago. Because it was frigging _obvious_.

    • First I've heard of this at all, but the first thought in my mind while reading it was "50-bits of ... symmetric? assymetric? if the latter, ecc, rsa?"

      I'm not even an expert at cryptography or anything remotely approaching it, so if I'm asking that, then why aren't journalists? At least Forbes had the sense to ask somebody who is an expert in this case.

      • News media stylebooks should require an "+IN_TEN_YEARS+" tag to these stories because they are always going to promise the solution will be cheap, available, helping citizens everywhere, cooling the planet just enough, feeding marginalized women and children, proving ever cleaner water, sending every child to college, and curing cancer in ten years.

    • Guess you should've submitted your comments to Forbes... might've made a few bucks!

      • by gweihir ( 88907 )

        Well, maybe then they would not have made demented claims about factoring 50 bits being impressive. But you know what, I do not care about Forbes one bit and I care less and less about trying to enlighten the prevalent human idiot.

    • It's also obvious that current LLM AI will never have reasoning and camera-based self driving will never work, but look at all the hype over those.
  • by paul_engr ( 6280294 ) on Saturday October 19, 2024 @02:03PM (#64877797)
    If they broke AES, they either would A. Not say shit and save it for something big or more likely B. We'd wake up to a broken internet because the attack had been deployed at scale to wreck the internet. A and B are two points on one timeline.
    • What's AES got to do with the internet?

      • What's AES got to do with the internet?

        Really?

        AES encryption is commonly used in a lot of ways, including wireless security, processor security, file encryption, and SSL/TLS.

        • Obviously I'm missing something. The asymmetric encryption used for SSL/TLS is not AES, right? It seems like if you haven't broken that, then you wouldn't be able to grab the symmetric encryption key, so you'd have to just keep brute-forcing all of the (post handshake) traffic... which seems impractical for general use.

          • NIST gave a rough comparison of AES key sizes to RSA key sizes offering similar levels of security: AES-128 ~RSA-3072 AES-192 ~RSA-7680 AES-256 ~RSA-15360 Page 54 here: https://nvlpubs.nist.gov/nistp... [nist.gov] The security of RSA and AES are not directly comparable of course. Different attacks and vulnerabilities apply to each. Also key size isn't everything either. The actual security of a system depends on many factors, including the implementation in code, the algorithms used, and the overall system design...p
          • Obviously I'm missing something. The asymmetric encryption used for SSL/TLS is not AES, right? It seems like if you haven't broken that, then you wouldn't be able to grab the symmetric encryption key, so you'd have to just keep brute-forcing all of the (post handshake) traffic... which seems impractical for general use.

            In SSL (Secure Sockets Layer), the most commonly used symmetric encryption algorithm is AES (Advanced Encryption Standard), which utilizes a single shared secret key to encrypt and decrypt data during a secure session between a client and server; essentially, both parties use the same key to encode and decode information.

            The most common asymmetric encryption algorithm used in SSL is RSA (Rivest-Shamir-Adleman).

            SSL 2 uses RSA only. SSL 3.0 supports RSA key exchange when certificates are used, as well a

      • by bjoast ( 1310293 )
        Oh, only everything.
    • If they broke AES, they either would A. Not say shit and save it for something big or more likely B. We'd wake up to a broken internet because the attack had been deployed at scale to wreck the internet. A and B are two points on one timeline.

      Uh, about that plan B. Don’t you think if the fuck shit up theory were a primary goal, China would have just launched nukes long ago?

      If you actually worked hard to obtain a “master” decryption key, “wreck the internet” be destroying the entire fucking point of that effort. US intelligence, wouldn’t say shit. For years. I mean, how else do you get a speculative execution vulnerability affecting decades of American processor families..

  • by Tablizer ( 95088 ) on Saturday October 19, 2024 @02:06PM (#64877801) Journal

    It's only a rumor that the Military Industrial Complex spreads rumors about enemy super-weapons when they crave cash.

    • Actually its the media that spreads rumors like this because they make better clickbait. As a local politician once said "rumor has it" and someone asked where he heard that rumor the said "I just started it." It was an interesting rumor and widely reported and, not coincidentally, served the interests of the local politician and the people who spread it including the people in the room where the rumor started.

      and off topic. It will no doubt be used to train AI. I have wondered how "intelligence" can be t

      • by Tablizer ( 95088 )

        As a local politician once said "rumor has it"...

        Now it's, "Many people are saying..."

        • No, that's the media's way of reporting it. "Many people are saying" sounds more authoritative than "rumor has it". It implies you have heard it from many sources making it more credible than just a rumor. Once you take all of the vaguely identified sources and unverified claims out of a news story there often isn't much left that is all that interesting.
        • Police say many people are saying it has been suggested that people are more willing to believe bullshit when other people appear to also believe it.
      • Actually its the media that spreads rumors like this because they make better clickbait.

        How is it not obvious to you that it is both things?

        • How is it not obvious to you that without the media the Military Industrial Complex would struggle to spread any rumor. And even with the current media how would they spread any information, rumor or not, that wasn't good clickbait. There are lots of rumors out there, many of them manufactured with a purpose, but the ones that spread in the media go through its clickbait filter.
  • 50 bit! 128 bit md5 was busted 19 years ago on a pentium 4 box. Great progress! I'm not a cryptographer
    • by gweihir ( 88907 )

      I'm not a cryptographer

      That is obvious. MD5 is a _hash_, AES is a block-cipher. Apples and oranges.

  • ...when I saw the headline
    Unfortunately, there is a LOT of nonsense floating around as wannabe influencers fish for eyeballs and clicks

  • For those who don't know, SCMP has been the biggest English language newspaper in Hong Kong for a long time. It was a pretty reliable source until recent changes in the law made damn near everything that doesn't kiss China's ass a crime against the state. It's just a shill for the CCP now. I don't trust them for anything. One of their main opinion writers gets paid to write a daily column on how much America sucks, how Hong Kong is freer than it ever was in the past, and all glories to the CCP, the savior of Hong Kong. So yeah, anything they post about how China did something great should be suspect.
  • by Anonymous Coward

    rot18(rot47(rot13("quantum safe")))

  • China Hasn't Broken Military Encryption with Quantum .... Yet
  • "Military-grade" BS. The could've said "recommended cryptographic standards", but no, they chose clueless and stupid.

    While QC has been solved from engineering- and mathematical-perspectives, they cannot be manufactured in configurations of a threatening size because physics.

    More likely, malicious domestic intelligence agencies will use "military-grade" FUD to manipulate engineering standards groups to adopt backdoored and/or under-vetted "post-quantum" algorithms.
  • Or not. Factoring a 50-bit number is something that's easily achievable using classical means. If the presence of D-Wave quantum things made the factoring faster than if using only the classical parts of the combo, it would be interesting as one of the few examples where D-Wave demonstrates doing something useful. It would be VERY interesting if the factoring was done using the Shor's algorithm... but not likely, because D-Wave quantum things can't really run the Shor's algorithm.

    I keep referring to D-Wave

  • Read the paper. They broke a 22-bit key on commercial hardware.

    They cited being able to do a 50-bit key but didn't discuss it (in the English portion anyway)

The first 90% of a project takes 90% of the time, the last 10% takes the other 90% of the time.

Working...