Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption Supercomputing

Scientist Claims Quantum RSA-2048 Encryption Cracking Breakthrough (tomshardware.com) 129

Mark Tyson reports via Tom's Hardware: A commercial smartphone or Linux computer can be used to crack RSA-2048 encryption, according to a prominent research scientist. Dr Ed Gerck is preparing a research paper with the details but couldn't hold off from bragging about his incredible quantum computing achievement (if true) on his LinkedIn profile. Let us be clear: the claims seem spurious, but it should be recognized that the world isn't ready for an off-the-shelf system that can crack RSA-2048, as major firms, organizations, and governments haven't yet transitioned to encryption tech that is secured for the post-quantum era.

In his social media post, Gerck states that a humble device like a smartphone can crack the strongest RSA encryption keys in use today due to a mathematical technique that "has been hidden for about 2,500 years -- since Pythagoras." He went on to make clear that no cryogenics or special materials were used in the RSA-2048 key-cracking feat. BankInfoSecurity reached out to Gerck in search of some more detailed information about his claimed RSA-2048 breakthrough and in the hope of some evidence that what is claimed is possible and practical. Gerck shared an abstract of his upcoming paper. This appears to show that instead of using Shor's algorithm to crack the keys, a system based on quantum mechanics was used, and it can run on a smartphone or PC.

In some ways, it is good that the claimed breakthrough doesn't claim to use Shor's algorithm. Alan Woodward, a professor of computer science at the University of Surrey, told BankInfoSecurity that no quantum computer in existence has enough gates to implement Shor's algorithm and break RSA-2048. So at least this part of Gerck's explanation checks out. However, the abstract of Gerck's paper looks like it is "all theory proving various conjectures - and those proofs are definitely in question," according to Woodward. The BankInfoSecurity report on Gerck's "QC Algorithms: Faster Calculation of Prime Numbers" paper quotes other skeptics, most of whom are waiting for more information and proofs before they organize a standing ovation for Gerck.

This discussion has been archived. No new comments can be posted.

Scientist Claims Quantum RSA-2048 Encryption Cracking Breakthrough

Comments Filter:
  • Proof is Easy (Score:5, Insightful)

    by Roger W Moore ( 538166 ) on Tuesday November 07, 2023 @02:09AM (#63986498) Journal

    most of whom are waiting for more information and proofs before they organize a standing ovation for Gerck.

    The proof is very easy: simply find the 2048-bit RSA private key from the public information. There is no need to wade through pages of complex maths to see if all the details are absolutely true in this case because there is a very simple practical test.

    • by Spazmania ( 174582 ) on Tuesday November 07, 2023 @02:19AM (#63986506) Homepage

      The guy is such a genius, he made software that turned his ordinary cell phone into an all-states-at-once quantum computer.

      At least according to his post. Uh... yeah.

      • Re:Proof is Easy (Score:5, Insightful)

        by Anonymous Coward on Tuesday November 07, 2023 @02:28AM (#63986520)
        not quite, he is claiming to use the algorithm/math behind it not a quantum computer. Still way to many questionable statements and such extraordinary claims require extraordinary proof.. Thankfully in this case proving it is simple and you don't even have to expose the method of cracking the key, simply have someone publish a message with 2048 RSA and he will obviously be able to prove it by reading what the message was.
        • by Viol8 ( 599362 )

          Lets be clear, ANY algorithm that can run on a quantum computer can also run on a classical computer such as a smartphone. The Caveat of course is that on the latter it may well take longer than the age of the universe to complete which (if he's not mad and has found a way to do this) is probably the teensy weensy fly in the ointment of his method.

        • by vbdasc ( 146051 )

          not quite, he is claiming to use the algorithm/math behind it not a quantum computer.

          Let's be clear. QC algorithms are different beasts from classical computing algorithms. A QC algorithm requires a quantum computer to be run, or at least a classical computer emulating a quantum computer. If an algorithm can be run on a classical computer, then it's not a QC algorithm, and therefore quotes like "a system based on quantum mechanics was used, and it can run on a smartphone or PC" and "incredible quantum computing achievement" are nonsense.

          I don't deny the possibility of finding a new way to f

          • by mysidia ( 191772 )

            's achievement would have nothing to do with Quantum Computing

            Perhaps his algorithm is a Quantum-inspired algorithm that is actually a standard procedural algorithm that could be executed by a turing machine.

          • "A QC algorithm requires a quantum computer to be run, or at least a classical computer emulating a quantum computer. If an algorithm can be run on a classical computer, then it's not a QC algorithm..."

            Huh?

            You just contradicted yourself.

            What's to say he DIDN'T use a QC emulator to run a QC algorithm on a classical machine?

            If he says it runs on a smartphone, that, is what he probably did given he claims it to be a QC algorithm.

            Proof, however, is a simple demonstration, such as solving the tests by RSA Labs

          • Your comments are highly misleading.

            A classical computer can compute a quantum algorithm approximately and very slowly. The approximation can be very precise but it is very slow. These calculations are commonly done.

            Real quantum computers also run quantum algorithms approximately, but quickly. All quantum computers have error.

            There is no proof that a "classical" computer cannot be designed in the future that will run a quantum algorithm the same way a quantum computer can. It's not really worth thinking

          • by ceoyoyo ( 59147 )

            Not really. Quantum algorithms involve manipulating complex unitary matrices. It's pretty simple linear algebra and really a restricted form of stuff that's used all the time. The tricky bit is limiting your algorithm to operations that you might be able to accomplish on realistic quantum hardware, not the other way around.

            Anyway, if there's any chance this claim is real he's probably not running a quantum algorithm on regular hardware, but using a quantum framework to prove some mathematical result that pr

        • by jbengt ( 874751 )

          . . . simply have someone publish a message with 2048 RSA and he will obviously be able to prove it by reading what the message was.

          As far as I can tell from TFA, he is not claiming that you don't need a quantum computer to crack RSA in a reasonable amount of time. So, you can't prove his allegations that way unless you give him a working quantum computer of sufficient capacity.

          • It seems very clear that he is claiming exactly that:

            In his social media post, Gerck states that a humble device like a smartphone can crack the strongest RSA encryption keys in use today due to a mathematical technique that "has been hidden for about 2,500 years -- since Pythagoras.

            A smartphone is definitely not a quantum computer, it is not even a particularly powerful regular computer. His claim is that he has a new algorithm that makes it possible on current computing technology.

            • A smartphone is definitely not a quantum computer, it is not even a particularly powerful regular computer.

              You mean those Geekbench scores which stack up an iPhone well against a big desktop aren't on the up and up? Pah!

          • Re:Proof is Easy (Score:5, Informative)

            by AvitarX ( 172628 ) <me@@@brandywinehundred...org> on Tuesday November 07, 2023 @10:46AM (#63987224) Journal

            The LinkedIn post makes a few statements.

            1) They claim to have solved rsa-2048
            1) They claim to have only used Linux desktops and mobile devices to run their QC
            3) They claim the breakthrough came from "quantum equivalence" built on 2,500 year old knowledge

            So basically, as I read it, they're claiming to have figured out a way to run quantum style algorithms quickly and accurately enough on commodity hardware to negate the need for actual quantum computers.

            The LinkedIn link is practically the same length as the summary and actually does a good job of explaining the (almost certainly false) claims.

            It then ends with plugging solutions for post quantum algorithms.

      • by haruchai ( 17472 ) on Tuesday November 07, 2023 @08:46AM (#63986996)

        He has a truly marvelous demonstration of this proposition which a smartphone is not too narrow to contain

      • by suutar ( 1860506 )

        He also claims (in the first sentence of the abstract) to have factored a number with 10^1000 decimal digits, for under $1000 in hardware. I want to know where he found enough ram to _store_ a number with 10^1000 decimal digits, for any price.

    • by tlhIngan ( 30335 )

      The proof is very easy: simply find the 2048-bit RSA private key from the public information. There is no need to wade through pages of complex maths to see if all the details are absolutely true in this case because there is a very simple practical test.

      How about starting with the RSA Factoring Challenge [wikipedia.org]?

      Sure the contest is over, but the number is public, and if you can crack RSA-2048, go and factor that number.

      To crack RSA-2048 fundamentally involves figuring out the factors, and I'm sure there's probably

      • Re:Proof is Easy (Score:5, Insightful)

        by mysidia ( 191772 ) on Tuesday November 07, 2023 @06:35AM (#63986806)

        Sure the contest is over, but the number is public, and if you can crack RSA-2048, go and factor that number.

        Yes... Or better yet: Go break the keys to the all the 2048-bit public Signing CA certificates, and use their respective private keys to Digitally sign a message proving that you have knowledge of the keys --- This will without a doubt demonstrate the validity of the claims, And you won't even then need to prove all the logic behind your procedure so much - the Best proof here is results. Many Intermediary signing CAs, such as the Google GTS CA 1C3 certificate authority use 2048-bit RSA certificates

        If you're claiming to be have the algorithm to break 2048 bit keys with a mere Smartphone, then it should be No problem at all using something a bit more powerful.

        • I thought most CAs would have used quantum-proof ECC by now and 4096 or 8192 bits certs. CA certs have to live for a really long time and with advances in both AI and Quantum Computing, I doubt simple RSA 1024 and 2048 bits will be with us for 10-25 years.

          • I thought most CAs would have used quantum-proof ECC by now and 4096 or 8192 bits certs.

            Yes, most of the world has switched to ECC, but ECC is not quantum-resistant. There are a number of post-quantum algorithms available, and they're actually looking pretty good, but CAs are not using them yet.

            • by mysidia ( 191772 )

              Yes, most of the world has switched to ECC, but ECC is not quantum-resistant.

              Well actually both are quantum-resistant against small quantum computers. ECC is actually much more quantum-resistant than RSA, and RSA-3072 is much more quantum-resistant than RSA 2048.

              RSA 2048 is considered Adequate secure until 2030, And that's from a very conservative assumption.. after 2030 RSA key length smaller than 3072 must Not be used, but it's still Not forseeable that a Quantum computer can be built to take on RSA-2

        • by DarkOx ( 621550 )

          breaking a cipher or a secure hashing algorithm, does always imply you have some method of cheaply discovering the secret or the content, just that have some way of discovering it cheaper than anticipated.

          Its like md5 collisions. It still isn't easy computationally cheap to find a collision, just not 'near impossible' like once assumed. Its still quite difficult if the collision candidate has to meet any other significant characteristics in terms of length or structure.

        • by AvitarX ( 172628 )

          Can't you prove you have the factors by multiplying them together?

          I thought the idea was that it was hard to find the factors but easy to check that you have the correct ones (p vs np and all).

          • by mysidia ( 191772 )

            Can't you prove you have the factors by multiplying them together

            Multiplying factors just gives the public number you factored in the first place.

            The point of Signing a message is you can prove your capability without Publishing the confidential factors that would Immediately enable malicious actors; Obviously you don't want to be distributing the Secret factors to a live CA's certificates. On the other hand, Signing an inocuous message declaring that the certificate is being broken and should be re

    • by jbengt ( 874751 )

      The proof is very easy: simply find the 2048-bit RSA private key from the public information. There is no need to wade through pages of complex maths to see if all the details are absolutely true in this case because there is a very simple practical test.

      Except that what I can see from TFA, he isn't actually claiming to be able to crack the encryption using a smartphone or Linux computer in any time frame. He's claiming that a quantum computer could be used to crack the encryption in a reasonable amount of

      • by AvitarX ( 172628 )

        The way I read the LinkedIn post:

        The discovery of quantum equivalency from 2,500 year old knowledge has allowed us to do this. We ran all QC on Linux desktops and mobile devices.

  • Patched (Score:5, Funny)

    by Anonymous Coward on Tuesday November 07, 2023 @02:15AM (#63986502)

    People made fun of me when I upgraded to RSA-2049, but look who *Laughs in Spanish* now!

  • Ah...yeah... (Score:5, Insightful)

    by ArmoredDragon ( 3450605 ) on Tuesday November 07, 2023 @02:17AM (#63986504)

    So why didn't he crack the RSA public key challenge that one of the commenters gave? He just gave some bullshit excuse about waiting to publish sensitive details, yet there's nothing sensitive about cracking the private key behind some random public key that somebody posted and isn't even using. If it's so damn easy to crack it then why not just do so already instead of posting a bunch of pictures of himself like a narcissistic asshole just trying to get attention to himself? He's almost as bad as rsilvergun.

    • yeah while I will reserve judgement till more info is published. Red flags are already ringing about this one as it is incredibly easy to prove if true without absolutely zero risk of exposing any secrets.
  • RSA-2048 (Score:5, Informative)

    by backslashdot ( 95548 ) on Tuesday November 07, 2023 @02:26AM (#63986516)

    He doesn't need to publish the algorithm or any code, just provide the factors of the RSA-2048 challenge: https://en.wikipedia.org/wiki/... [wikipedia.org]

    He'll get a check for $200,000 too.

  • by 93 Escort Wagon ( 326346 ) on Tuesday November 07, 2023 @02:27AM (#63986518)

    One thing about science that got drilled into my head pretty early is you really need to be skeptical of claims made by people who run their own self-named institute. It's been rebranded as "Plenalto Research", but formerly it was Gerck Research - and has exactly two staffers, Ed and Ann Gerck.

    My bogosity radar also got triggered by that claim about a technique that "has been hidden for about 2,500 years". Well, at least he didn't say he used the magical power of sunspots.

    Anyway, let's see if this makes it through peer review.

  • by Alsee ( 515537 ) on Tuesday November 07, 2023 @02:54AM (#63986538) Homepage

    Is this the same guy that proved time travel was possible by generating a negative energy density gravitational lens using any common coffee maker?

    -

  • by drolli ( 522659 ) on Tuesday November 07, 2023 @03:17AM (#63986574) Journal

    Until 2018 he seemed to have been working productively on many topics. (it seems he made a switch in the early 90s from Physic related subjects to cryptography related stuff with some success by seemingly publishing in peer reviewed journals

    His descent into self-citing bullshit and scientific madness began IMHO around 2018. His paper titles got more and more crackpot-science. In his world mixing undergraduate understanding of certain mathematical topics and mixing it up with pseudo-science lingo seems to mandate him to explain the world to everybody.

    He is not the first scientist whom to go that way. Please do not feed the grandiose delusions of such people in general, and if you know him, please recommend to him that he visits a counselor to see if all of this is a sign of some underlying more serious problem.

    His google scholar:

    https://scholar.google.com/cit... [google.com]

  • Sigh. (Score:4, Insightful)

    by ledow ( 319597 ) on Tuesday November 07, 2023 @03:49AM (#63986598) Homepage

    Slashdot, Tom's Hardware.

    Once those names used to mean something, and the people there were able to actually describe the technical details in-depth, and root out all the crooks and crackpots.

  • by jd ( 1658 ) <imipakNO@SPAMyahoo.com> on Tuesday November 07, 2023 @03:50AM (#63986600) Homepage Journal

    ...considers the guy a harmless nut. Nobody there is taking the claims remotely seriously. I suppose there is an infinitesimal possibility that he has found an actual weakness, but as RSA doesn't use surreal numbers, infinitesimals reduce to zero.

  • instead of using Shor's algorithm to crack the keys, a system based on quantum mechanics was used

    Uhhm, isn't Shor's algorithm itself "based on quantum mechanics"?

  • by SonicSpike ( 242293 ) on Tuesday November 07, 2023 @04:24AM (#63986644) Journal

    No more secrets

  • because they are cryptomagically blockchained to someoneelses computer so good luck cracking that open with Pythagoras' e=mc2!

  • by MarkWegman ( 2553338 ) on Tuesday November 07, 2023 @06:01AM (#63986738)
    Maybe he's waiting until he empties all the bitcoin wallets in the world before publishing? I don't believe it.
  • If he hasn't, the temptation for certain 'dark actors' to offer him career opportunities he can't refuse would seem overwhelming...

  • He's not a scientist. Science invovles proof and replication.

    Unfoubtedly when given the opportunity to prove this he will say HE NO LONGER CAN because he signed an NDA with an undislclosed 3-letter agency to provide them exclusive access to his "findings."

    Right now he's the Pons & Fleischman of 2023.

    [Others have already pointed out how trivial it would be for him to provide proof of successful factorization, collect lots of money, and still have time left over to write his "seminal" paper.]

    • by jvkjvk ( 102057 )

      >Right now he's the Pons & Fleischman of 2023.

      I thought that was the superconductor guy? That's my 2023 vote to far. At least he got a *lot* of press. This guy doesn't seem like he will generate a lot of press. Maybe because it's about numbers instead of power and things.

    • by Torodung ( 31985 )

      Formosa's Law, buddy. He may read /.

  • Why did the author say that? If the algorithm runs on those, it'll run on homemade computers or any OS.

    • Why did the author say that? If the algorithm runs on those, it'll run on homemade computers or any OS.

      Read the abstract. It's the words of a person with problems. He was rambling.

  • by PJ6 ( 1151747 ) on Tuesday November 07, 2023 @08:18AM (#63986928)
    Had this odd image in my head of him leaning over a console and saying dramatically, "strange, it would seem I have broken your encryption!"
  • If RSA-2048 has actually been broken by some jackass who brags about it on LinkedIn, then this world we've built deserves to be fucked over.

  • by Torodung ( 31985 ) on Tuesday November 07, 2023 @09:26AM (#63987072) Journal

    Yeah, I've said less crazy, but truly quite crazy, things in a state of hypomania. I have bipolar disorder. I am also really good at math. Sometimes (frequently?) they run together.

    But this sounds more like a manic episode than a legitimate claim. This is psych 101 pathology. Get this guy an atypical and see if he says the same thing after he's landed and come to a complete stop.

    It isn't worth a Slashdot article. No one is this much of a white hat that they wouldn't say, "Wanna crash a few passenger jets?" like Whistler in Sneakers. Or something less diabolical at least. If he had this, with this much bombast and the New Age claims of ancient knowledge, there would have been even more drama. He doesn't have it; he blabbed the ultimate 0-day like it was nothing consequential, all the while claiming its consequentiality. Carry on.

  • This is either complete BS, or perhaps this guy has jailbroken the simulation that is the world around us. ;-)
  • by darronb ( 217897 ) on Tuesday November 07, 2023 @10:25AM (#63987176)

    It's so obvious he's a fraud. People claim to have found secret knowledge ALL THE TIME, and the one thing most of them do is claim it's an ancient secret from some famous historical figure. It's the exact fraudster formula for this kind of thing.

    People like this... who have virtually no understanding of science or mathematics.. view both as a kind of mysticism no different than a religion. That's why they work so hard to ground their bullshit in what they assume is the foundations of that mysticism.

    • by darronb ( 217897 )

      Huh, so the guy used to actually be a productive scientist? Weird.

      My assumption that he didn't know any better was based on the mysticism angle. I suppose knowing it would appeal to generally illiterate people is why he goes that way. SMH

  • Here's a (slightly) obscure phrase encrypted using RSA-2048. Tell me what the original phrase was.

    BUljTK5ikngmB383UZUOsgcMqNmeqBJEWFUykliQpao8TCVu+FgqS9KsnCMnXR+qVBnJS8rLzHHxnDk6/N0ThU/L7L3InNY6McS/du0aPPD50uIgVmgAhyzORngfU5xlKMyN3voHk3a1pYm0e74eRPwJfYz3oRxUjljiWkU94K4=

news: gotcha

Working...