Did China Crack U.S. Military-Grade Encryption?

Jeff Brown
|
Oct 22, 2024
|
Bleeding Edge
|
5 min read

A couple of weeks ago, there was a buzz in the world of cryptography.

Word spread that China had hacked “military-grade encryption,” suggesting that some of the West’s worst fears had come true.

The headlines didn’t make sense to me…

After all, I’m not aware of any computing system that could possibly achieve such a feat.

Cracked?

Current encryption technologies used by governments and militaries – as well as the kinds of RSA encryption that we use in our public communications – are too difficult to crack with any classical computing system.

Even the world’s most powerful supercomputer, Frontier, can’t achieve such a task.

The only system that can theoretically crack this kind of encryption is a quantum computer. None of which is powerful enough to do so… yet.

The research behind the claims came out of a team from Shanghai University in China.

The research was actually published this May. But as often happens when less well-known scientific journals publish research, it takes a while before there is a broader awareness of the research.

As seen in the excerpt above, the research involved quantum-computing technology from publicly traded D-Wave Quantum (QBTS).

D-Wave stands out in the quantum computing industry due to its approach to quantum computing – quantum annealing. That is quite different from what the rest of the industry is working on, which is gate-based quantum computing.

What was interesting was that the D-Wave stock price jumped by almost 41% in the days that followed the news hitting the Western media.

It’s an odd dynamic. The speculation is that if D-Wave computers can crack advanced encryption technology, there would be a spike in sales of D-Wave quantum annealing technology.

But there was one problem with that whole story…

It wasn’t true.

A Critical Nuance

The researchers behind the published research did succeed in breaking 50-bit RSA encryption…

RSA is one of the most widely used encryption standards. It has been around for almost five decades. The RSA standards are used for most public communications like e-mail. They are designed with the complexity of factoring the product of two large prime numbers. This is the problem that no classical computer can solve in any reasonable amount of time.

The issue with the research, however, is twofold…

Since 2015, the National Institute for Standards and Technology (NIST) recommended that all RSA encryption use 2,048 bits. Before that, since 2002, the industry used 1,024-bit RSA encryption. This contrasts the findings of the researchers at Shanghai University, who claim to have cracked 50-bit RSA encryption.

To put that into perspective, the difference between 50-bit and 2,048-bit encryption is 21998 times more difficult to crack. These two challenges aren’t even in the same universe in terms of complexity.

The other issue with the claims is around “military-grade” encryption. When this language is used, it typically refers to 256-bit AES encryption (Advanced Encryption Standard).

NIST established AES encryption in 2001 with the primary goal of protecting sensitive and top-secret information in government and military agencies, hence “military grade.”

And the researchers in Shanghai did not crack AES encryption.

AES technology is particularly good at fast encryption and decryption speeds, which is why it is great for applications like streaming services and data storage.

RSA technology is typically used for communications like e-mails or even digital signatures because speed is less of an issue.

Fortunately, the China-based researchers cracked neither RSA nor AES encryption – the kind that is widely in use today.

Bottom line: There’s no need to panic. We have time before that day comes.

And I seriously doubt it will happen on a quantum-annealing quantum computer.

A Sense of Urgency

D-Wave’s quantum computers are powerful and capable. But the advantage of quantum-annealing technology is that it doesn’t have the fidelity challenges that gate-based quantum computers typically have.

D-Wave likes to refer to its systems as “practical quantum computing” as a way to differentiate its technology from the rest of the industry.

Quantum annealing is best suited for optimization problems. For example, the company announced this summer a deal with Hermes (a European logistics company) to “explore vehicle routing quantum optimization application to route trucks from 50 depots to a network of 17,000 parcel shops throughout Germany.” The goal is to ultimately lower CO2 emissions. This is a great problem for a quantum annealing system to solve.

But the end game of quantum-computing technology is a universal fault-tolerant quantum computer. These are all gate-based quantum computers, and they will eventually be capable of cracking both AES and RSA encryption technology.

This quantum computing technology was the catalyst for NIST’s almost decade-long project to develop post-quantum encryption standards. We explored this previously in The Bleeding Edge – The Most Important Encryption Upgrade in 50 Years.

2024 was a big year for the industry, as NIST finalized three key standards, with a fourth expected before the end of the year:

  • Federal Information Processing Standard (FIPS) 203 – the primary standard for general encryption
  • FIPS 204 – the primary standard for digital signatures
  • FIPS 205 – the secondary standard for digital signatures; acts as a backup method if FIPS 204 is determined to have a weakness
  • FIPS 206 (forthcoming) – also for digital signatures and identity verification.

This initiative at NIST was incredibly important, given the advancements in quantum computing. With encryption technology, we need to establish standards so that an encryption/decryption scheme will work – and tech companies can design their software and hardware to incorporate that technology.

We can expect to see some early industry product support for these new post-quantum standards by next year. In fact, cybersecurity company Cloudflare (NET) and Alphabet (GOOGL) are already using some post-quantum computing software, but it is still limited.

Changing these encryption standards to the new FIPS standards will take years. It’s an incredibly complex problem to solve because an entire industry needs to adopt the new standards – and then government and corporations need to upgrade all of their software systems, as well.

For those who understand how quickly quantum computing is advancing, there is a sense of urgency.

Whether it’s the big, well-funded powerhouses like IBM (IBM), Microsoft (MSFT), Intel (INTC), Honeywell (HON), or Alphabet (GOOGL) – or the earlier stage leaders like D-Wave Quantum (QBTS), Rigetti Computing (RGTI), IonQ (IONQ), Xanadu, Quantinuum, Zapata Computing (ZPTA), or PsiQuantum – progress is being made with quantum computers at an exponential rate.

Regards,

Jeff


Want more stories like this one?

The Bleeding Edge is the only free newsletter that delivers daily insights and information from the high-tech world as well as topics and trends relevant to investments.