Cracking with Quantum: What Breakthrough Research Means

Share
This development has meant the timeline is shorter for implementing quantum-safe security
A team of researchers from Shanghai University have demonstrated the first time a quantum computer has posed a threat to today's algorithms

In a startling development that has sent ripples through the cybersecurity community, Chinese researchers have claimed a significant breakthrough in using quantum annealing systems to attack classical encryption methods. 

This revelation, led by a team of researchers from Shanghai University and published in the Chinese Journal of Computers, marks a watershed moment in the ongoing race between quantum computing advancements and the security of our digital infrastructure.

The cybersphere has as of late been aware of the threat quantum computing poses down the line, however this new revelation throws the previous timeline enterprises and organisations were working towards out of sync. 

Cracking encryption with quantum

The team lead by Wang Chao utilised a D-Wave quantum annealing system to devise an attack on public key cryptography. 

Their focus was on Substitution-Permutation Network (SPN) structured algorithms, which form the backbone of widely-used encryption standards such as the Advanced Encryption Standard (AES).

While the researchers successfully targeted a 22-bit key—far shorter than those used in real-world applications—the implications are profound. The study represents "the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," according to the researchers.

The mere fact that an off-the-shelf quantum system has been used to develop a viable angle of attack on classical encryption advances debate about the need to revisit the way data is protected. While it's widely assumed that quantum computers will one day possess the power to easily decrypt data enciphered with today's tech, opinion varies on when this will happen.

"News of using today's quantum technology to target encryption systems protecting authentication and data worldwide is all part of the quantum starting gun that's well underway." 

Kevin Bocek, Chief Innovation Officer at Venafi

This development is particularly significant when viewed in the context of ongoing global efforts to prepare for the quantum computing era. 

Youtube Placeholder

The urgency of this transition is highlighted by the "harvest now, decrypt later" threat, where malicious actors could potentially store encrypted data today and decrypt it once powerful quantum computers become available. This concern has prompted industries to take proactive measures in implementing quantum-safe security solutions.

Time to panic, or prepare?

Many companies are struggling to prepare for the quantum future, with 64% of security leaders saying they "dread the day" the board asks about their migration plans, and 67% thinking the shift to post-quantum cryptography will be a nightmare. However, this development does not spell all doom and gloom. 

“So while this research demonstrates a step towards a potential quantum-based attack, we're still a significant distance away from a practical and widespread threat as it is yet to be proven against the recommended industry standard." 

Simon Bain, CEO at data expert OmniIndex

Indeed, major tech companies are already taking significant steps. IBM, for instance, has announced that two of its developed algorithms, ML-KEM and ML-DSA, have been standardised by the US National Institute of Standards and Technology (NIST) in a world first. 

These new Federal Information Processing Standards (FIPS 203, 204, and 205) are designed to replace current encryption methods vulnerable to quantum attacks.

Similarly, global telecom leader Telefónica has developed a quantum security architecture solution incorporating Quantum Key Distribution (QKD) and post-quantum cryptographic algorithms. 

As quantum computers grow more powerful, the timeline for implementing quantum-safe security measures grows shorter.

Government agencies, tech giants, and telecommunications companies are all playing crucial roles in this transition. However, with continued investment, collaboration, and innovation across industries, the proactive steps taken by governments and enterprises mean that defence is being improved as diligently as attacks.  

******

Make sure you check out the latest edition of Cyber Magazine and also sign up to our global conference series - Tech & AI LIVE 2024

******

Cyber Magazine is a BizClik brand

Share

Featured Articles

Markel Cyber Director on Lessons from the Crowdstrike Outage

Markel Cyber Director Chris Burgess discusses how the Crowdstrike outage sparked a renewed focus on resilience and cyber insurance

Why Dow Jones Has Increased Its Investment in Ripjar

Dow Jones has increased its investment with Ripjar for the companies ability to strengthen its analytics and compliance services

Who Stands to Fill Top Cyber Posts in Trump Administration?

Although eyes will be on the big roles like Chief of Staff, many new positions for key cyber roles will be opening up for the incoming administration

DARPA, BBN Technologies and the Cyber Imperative for CPM

Operational Security

Mimecast Updates Bring AI to BEC Battleground

Technology & AI

Dazz: The Firm that Has Wiz Eyeing an Acquisition

Cyber Security