Researchers in China have claimed a significant breakthrough by being the first to utilize a quantum computer to breach a password-based security system, commonly used in critical sectors such as defense.
Unlike traditional computers that operate using bits (0s and 1s), quantum computers utilize quantum bits, or qubits, which can exist in multiple states simultaneously. This property allows them to tackle specific challenges much more efficiently than classical computers.
Despite rapid advancements in quantum computing, progress in compromising cryptographic security has lagged until now.
A recent study published in the Chinese Journal of Computers reveals that a team from Shanghai University successfully attacked three key algorithms—Present, Gift-64, and Rectangle—that are integral to the advanced encryption standard (AES) used by government and financial institutions.
This accomplishment signals a “real and substantial threat” to encryption methods, as reported by the South China Morning Post.
Lukas Schulze/Getty Images
While the team could not break AES-256, an encryption standard widely considered secure, they reported making unprecedented progress towards it.
The quantum computer used for the research, the D-Wave Advantage, relies on a method called quantum annealing. This technique, inspired by metallurgy, helps find optimal solutions by navigating different energy states.
According to the researchers, quantum annealing allows for unique tunneling effects to avoid local optima—problems traditional algorithms often struggle with.
Although the findings have sparked concern regarding encryption vulnerabilities, some experts caution that the situation may not be as dire as it appears. Avesta Hojjati, from digital security company DigiCert, noted that this study does not signal an imminent “quantum apocalypse.” He pointed out that the attack focused on a 22-bit key, which offers far fewer combinations than the 2048 or 4096-bit keys commonly in use today.
Thus, the idea that this research poses an immediate threat to established encryption standards is seen as exaggerated.