{"id":34168,"date":"2025-01-17T15:25:11","date_gmt":"2025-01-17T13:25:11","guid":{"rendered":"https:\/\/www.kaspersky.co.za\/blog\/quantum-cryptography-2024-hype\/34168\/"},"modified":"2025-01-17T15:25:11","modified_gmt":"2025-01-17T13:25:11","slug":"quantum-cryptography-2024-hype","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/quantum-cryptography-2024-hype\/34168\/","title":{"rendered":"Quantum of Lies"},"content":{"rendered":"

Quantum computers remain a highly exotic technology, used by a very small number of companies for very specific computational tasks<\/a>. But if you search for \u201cquantum computer news\u201d, you might get the impression that all the major IT players have already armed themselves with quantum technology, and that any day now hackers will start using it to crack encrypted communications<\/a> and manipulate digital signatures. The reality is both less tense and more complex \u2014 but such nuances don\u2019t make the headlines. So, who\u2019s been making all the noise about quantum hacking?\u2026<\/p>\n

Mathematicians<\/h2>\n

Although the respected American mathematician Peter Shor meant to create neither hype nor panic, it was he who, back in 1994, proposed the idea of an entire family of algorithms for solving computationally complex mathematical problems on a quantum computer. Chief among these was the problem of factoring into prime numbers<\/a>. For sufficiently large numbers, a classical computer would need\u2026 centuries to find a solution \u2014 which serves as the foundation of cryptographic algorithms like RSA. However, a powerful quantum computer using Shor\u2019s algorithm could solve this problem much faster. Although such a computer was still a dream in 1994, Shor\u2019s idea captured the imagination of hackers, physicists, and of course, journalists. Shor recalls<\/a> that when he first presented his idea at a conference in 1994, he hadn\u2019t yet completely solved the factorization problem \u2014 the final version of his research was only published in 1995. Nevertheless, just five days after his presentation, people were confidently proclaiming that the factorization problem had been solved.<\/p>\n

Startups<\/h2>\n

For many years, the quantum threat was considered just a distant possibility. The number of quantum bits (qubits) required to break cryptography was estimated to be in the thousands or millions, while experimental quantum computers were still in single digits. The situation changed in 2007, when the Canadian company D-Wave Systems demonstrated<\/a> the \u201cfirst commercial quantum computer\u201d, boasting 28 qubits, with a plans to scale up to 1024 qubits by the end of 2008. The company predicted that by 2009 it would be possible to rent quantum computers for cloud computations \u2014 using them for risk analysis in insurance, modeling in chemistry and materials science, as well as for \u201cgovernment and military needs\u201d. By 2009, D-Wave expected to achieve quantum supremacy<\/a> \u2014 when a quantum computer could solve a problem faster than a classical one.<\/p>\n

The quantum community had to spend years dealing with the company\u2019s claims. The principle of quantum annealing, used in D-Wave systems, wasn\u2019t even considered a quantum effect, and its existence was only proven in 2013<\/a> \u2014 albeit with serious reservations. Meanwhile, the magnitude (and even the existence) of quantum supremacy continued to be a subject of debate<\/a> even longer. In any case, D-Wave systems can run neither Shor, nor Grover\u2019s algorithms, making them unsuitable for cryptanalysis tasks. The company continues to build computers (or, rather, \u201cquantum annealers\u201d) with ever-increasing numbers of qubits, but their practical application remains very limited.<\/p>\n

Cyber agencies<\/h2>\n

When the U.S. National Security Agency (NSA) issues warnings and advice on a problem, it\u2019s a good reason to take that problem seriously. That\u2019s why the NSA\u2019s 2015 recommendation<\/a> urging companies and governments to begin transitioning to quantum-resistant encryption was taken as a signal that the arrival of practical quantum computers might just be round the corner. This warning came as a surprise: at the time, the largest number that had been factored using Shor\u2019s algorithm on a quantum computer was\u2026 21. This fueled speculation<\/a> that the NSA knew something about quantum computers that the rest of the world didn\u2019t.<\/p>\n

Now, nearly a decade later, we can be fairly confident that the NSA was sincere in its subsequent explanations<\/a>, released six months later: they were simply warning of a potential danger ahead of time. After all, equipment purchased for government agencies tends to remain in service for decades, so systems should be upgraded well in advance to avoid future vulnerabilities. Around the same time, NIST announced a competition to develop a standardized set of quantum-resistant algorithms. In 2024, this new standard was adopted<\/a>.<\/p>\n

Internet giants<\/h2>\n

Many major IT companies, such as Google and IBM, have shown interest in quantum computing \u2014 and invested in it. At the end of the 20th<\/sup> century, IBM labs created the first working quantum computer with two qubits. But it was Google that, in 2019, announced<\/a> the long-awaited achievement of quantum supremacy. Their experimental 53-qubit computer, Sycamore, could reportedly solve a problem in not much over three minutes that would take a classical supercomputer 10,000 years. However, IBM disputed<\/a> this claim, arguing that this problem was purely synthetic, designed for quantum computers specifically, and having no real-world application. For a supercomputer to solve the same problem, it would simply have to simulate a quantum one, which would be quite useless \u2014 not to mention slow. IBM further stated that with sufficient disk space, a classical supercomputer could solve the same problem with greater accuracy and in a relatively short time: no more than 2.5 days.<\/p>\n

Even the original creator of the term \u201cquantum supremacy\u201d, Professor John Preskill, criticized<\/a> Google\u2019s excessive use of the phrase, noting its popularity with journalists and marketers. As a result, its intended technical use has been obscured.<\/p>\n

Governments<\/h2>\n

Security experts, including the NSA, have repeatedly emphasized that the quantum threat is a reality \u2014 even in the absence of a practical quantum computer. One possible scenario is well-resourced malefactors storing an encrypted copy of valuable data today in order to decrypt it in the future when quantum computers become viable. Such an attack, known as harvest now, decrypt later<\/a>, is often mentioned in the context of the \u201cquantum race\u201d, and in 2022, the U.S. government created quite a stir by claiming to already be facing SNDL attacks<\/a>. Experts from the post-quantum security firm QuSecure also referred to SNDL attacks as a \u201ccommon practice\u201d in an article ominously titled Quantum apocalypse<\/a>.<\/p>\n

Meanwhile, the White House coined the term CRQC (Cryptanalytically Relevant Quantum Computer) and ordered U.S. agencies to switch to post-quantum encryption algorithms no later than 2035<\/a>.<\/p>\n

Enthusiasts<\/h2>\n

Quantum computers are complex, unique physical devices that often require extreme cooling. As a result, small firms and individual researchers have a hard time keeping up in the quantum race; however, that doesn\u2019t stop some from trying. In 2023, statements<\/a> from a researcher named Ed Gerck, founder of a company called Planalto Research, created a small buzz. According to Gerck, his company managed to perform quantum computations on a commercial Linux desktop with capital costs of less than a thousand dollars and without using cryogenics. The author claimed to have broken a 2048-bit RSA key despite these limitations. Interestingly, Gerck allegedly developed his own algorithm to do this, rather than using Shor\u2019s. Cryptographers and developers of quantum computers have repeatedly demanded proof of Gerck\u2019s claims but received only excuses in response. Gerck\u2019s paper has in fact been published; however, experts note serious methodological flaws and speculative elements.<\/p>\n

And, of course, the press<\/h2>\n

A study by researchers at Shanghai University directly linking quantum computing to encryption cracking was published in China in September 2024. However, it only caused a splash worldwide after a November article in the South China Morning Post<\/a>. This article claimed that the Chinese scientists had successfully broken \u201cmilitary-grade encryption\u201d, and this headline was carelessly replicated by other media outlets.<\/p>\n

In fact, the authors of the study did target encryption, but solved a much more modest problem \u2014 they cracked 50-bit ciphers related to AES (Present, Gift-64, and Rectangle). Interestingly, they used one of the latest models from the very same D-Wave, using classical algorithms to compensate for its limitations compared to a full-fledged quantum computer. This study is scientifically novel, but its practicality in breaking real-world encryption is highly questionable. In addition to the deficit of qubits, the incredibly long classical pre-calculations required to crack real 128 or 256-bit keys remains an obstacle.<\/p>\n

This wasn\u2019t the first time researchers have claimed success in breaking encryption, but an earlier, similar announcement<\/a> in 2022 received little attention.<\/p>\n

Internet giants (yes, again)<\/h2>\n

A new round of speculation began with Google\u2019s recent announcement<\/a> of its Willow chip. The developers have claimed that they\u2019ve managed to solve one of the key problems in scaling quantum computing \u2014 error correction. This problem arises because it\u2019s extremely challenging to read the state of a qubit without making errors or disturbing its entanglement with other qubits. Therefore, calculations are often run multiple times, and many \u201cnoisy\u201d physical qubits are combined into a single \u201cperfect\u201d logical one. Despite these measures, as the number of qubits increases, errors grow exponentially, making the system increasingly fragile. In contrast, the new chip demonstrates the opposite behavior \u2014 as the number of qubits increases, errors are reduced.<\/p>\n

Willow has 105 physical qubits. Of course, this is far from enough to break modern encryption. According to the Google researchers themselves, their computer would need millions of qubits<\/a> to become a CRQC.<\/p>\n

But such trifles didn\u2019t stop other researchers from declaring the imminent death of modern cryptography. For example, researchers at the University of Kent have estimated<\/a> that advances in quantum computing could require the Bitcoin network to shut down for 300 days in order to update to quantum-resistant algorithms.<\/p>\n

Welcome to reality<\/h2>\n

Leaving the mathematical and technical aspects aside, it\u2019s worth emphasizing that, as of right now, cracking modern encryption using quantum computers is still impossible, and this is unlikely to change in the near future. However, sensitive data that will remain valuable for years to come should be encrypted with quantum-resistant (post-quantum) algorithms today to avoid potential future risks. Several major IT regulators have already issued recommendations on transitioning to post-quantum cryptography<\/a>, which should be studied and gradually implemented.<\/p>\n","protected":false},"excerpt":{"rendered":"

The complete story of the hype, panic, and misunderstanding surrounding attacks on cryptographic algorithms using quantum computers.<\/p>\n","protected":false},"author":2722,"featured_media":34169,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3020,3021],"tags":[261,3762,465,422],"class_list":{"0":"post-34168","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-encryption","11":"tag-post-quantum-encryption","12":"tag-quantum-computers","13":"tag-threats"},"hreflang":[{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/quantum-cryptography-2024-hype\/34168\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/quantum-cryptography-2024-hype\/28454\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/quantum-cryptography-2024-hype\/23712\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/quantum-cryptography-2024-hype\/28587\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/quantum-cryptography-2024-hype\/38893\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/quantum-cryptography-2024-hype\/52884\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/quantum-cryptography-2024-hype\/28702\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/quantum-cryptography-2024-hype\/34541\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.co.za\/blog\/tag\/encryption\/","name":"encryption"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/34168","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/comments?post=34168"}],"version-history":[{"count":0,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/posts\/34168\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media\/34169"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/media?parent=34168"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/categories?post=34168"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.co.za\/blog\/wp-json\/wp\/v2\/tags?post=34168"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}