Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Encryption

Chinese Scientists Report Using Quantum Computer To Hack Military-grade Encryption (thequantuminsider.com) 52

UPDATE: Forbes writes that China hasn't broken military encryption. While factoring a 50-bit integer is an impressive technical achievement, it's important to note that RSA encryption commonly uses key sizes of 2048 bits or higher. The difficulty of factoring increases exponentially with the size of the number, meaning that the gap between 50-bit and 2048-bit integers is astronomically large...

The advances do not equate to a scalable method for breaking RSA encryption as it is used in practical applications today."

Long-time Slashdot schwit1 originally wrote: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers.

Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

This discussion has been archived. No new comments can be posted.

Chinese Scientists Report Using Quantum Computer To Hack Military-grade Encryption

Comments Filter:
  • by i kan reed ( 749298 ) on Monday October 14, 2024 @12:50PM (#64863777) Homepage Journal

    The quantum computer they use in this research, the D-Wave quantum computer is built and maintained at Los Alamos national laboratory in the United States. This paper is just about software methods to perform decryption using it, not some secret quantum computer only China has access to.

    • Re: (Score:2, Troll)

      There's a long history of people here calling D-Wave a scam.

      At this point I wonder if they were just dumb or disinfo operatives.

      Some spooks call those categories professionals and useful idiots

      • Re: (Score:3, Interesting)

        by HiThere ( 15173 )

        D-Wave is not a general purpose quantum computer. It's also not a scam. It is a special purpose computer, useful for certain particular functions. That it could be used to break "military grade encryption" is a real slam at "military grade encryption".

        (FWIW, I expect that story is a lot more complex, but I'm not interested enough in either quantum computers or military grade encryption to dig it out.)

        • by tlhIngan ( 30335 )

          D-Wave is not a general purpose quantum computer. It's also not a scam. It is a special purpose computer, useful for certain particular functions. That it could be used to break "military grade encryption" is a real slam at "military grade encryption".

          (FWIW, I expect that story is a lot more complex, but I'm not interested enough in either quantum computers or military grade encryption to dig it out.)

          The problem is there's a lot of truth and a lot of falsehoods because D-Wave is specializing in confusion.

          A

      • There's a long history of people here calling D-Wave a scam.
        At this point I wonder if they were just dumb or disinfo operatives.

        China puts out more completely fabricated research papers than all other nations combined, and here you are believing them uncritically. Are you just dumb, or a disinfo operative?

        • by gweihir ( 88907 ) on Monday October 14, 2024 @02:43PM (#64864095)

          I do not think this one is "fabricated". But the title of the story here is, at the very least, grossly misleading. Enough that calling it a lie-by-misdirection would be accurate. This is not even remotely close to an actual or academic break of an actually used secure cipher.

      • Re: (Score:3, Interesting)

        by gweihir ( 88907 )

        The D-Wave is and always was a scam. That does not mean it cannot do some things. But it can do almost no useful things and the useful things it can do can be gotten far cheaper with other approaches. The only thing it shines at is "simulatining" itself. But that is a bullshit metric.

        "Dumb or disinfo operatives"? Nope. The term you are looking for is "people with a clue". As these are rare, I get your confusion. But not everybody is clueless and identifying those that are not is hard for the clueless majori

  • by Asgard ( 60200 ) <jhmartin-s-5f7bbb@toger.us> on Monday October 14, 2024 @12:50PM (#64863779) Homepage

    The study emphasizes that while a quantum computer has not yet revealed the specific passcodes used in the algorithms tested, it is closer to doing so than previously achieved.

    Title makes it sound like its 'hacked'. Instead it is 'progress towards a hack'.

    • by gweihir ( 88907 )

      Indeed. And these happen all the time. This may be "closer than ever before", but at the same time it is nowhere close at all.

      • by Asgard ( 60200 )

        Which isn't to say we shouldn't migrate to post-quantum crypto as soon as practical, just that it isn't a 'OMG that box from the 1995 movie Hackers is real *today*; No More Secrets' situation.

        • by gweihir ( 88907 )

          We very definitely should _not_ migrate to post-quantum crypto at this time. It is untried, has not stood the test of time, and there have already been some rather embarrassing failures. Incidentally, the D-Wave is not a Quantum Computer.

          • We very definitely should _not_ migrate to post-quantum crypto at this time. It is untried, has not stood the test of time, and there have already been some rather embarrassing failures.

            Interesting point. Do you have links to any of those failures?

  • Too many secrets

  • by Zontar_Thing_From_Ve ( 949321 ) on Monday October 14, 2024 @12:56PM (#64863805)
    Both China and Russia like to make all sorts of claims about how great they are. I always ask the question - Does it really make sense if they truly did what they claimed to do that they announced it to the world? Almost always, the answer is "No".
    • As I note above, this is just a paper about a method for using an American quantum computer. If you had the hundreds of thousands of dollars buying time on a research quantum computer requires, you could run the algorithm they present in the paper yourself. It's pretty reproducible. You know, if you can read Chinese.

      Not sure what fraud is possible in this scenario.

      • by vbdasc ( 146051 )

        I'd imagine that the price would be a higher obstacle than the language. Much higher.

        It's pretty reproducible.

        So, you know Chinese. Hiring you will be cheaper than leasing the quantum computer, no? Problem solved (if I had the money).

    • by vbdasc ( 146051 )

      Mod parent up. If this discovery was of any value, we wouldn't have heard about it.

    • by AmiMoJo ( 196126 )

      It makes complete sense if the goal is to urge people to move to post-quantum encryption, or to sell post-quantum encryption.

      Western scientists and cryptographers have been making similar warnings.

  • by nyet ( 19118 ) on Monday October 14, 2024 @01:06PM (#64863845) Homepage

    "Military grade".

    Any time you see that, rest assured the author is completely clueless, unless the phrase is in scare quotes.

    • by zlives ( 2009072 )

      or used the word plutonium, or describing back to the future movies.

    • Exactly, "military-grade" is a marketing term to sell to consumers and cybersecurity people who play too many video games and think they should have been a Navy SEAL. AES isn't military grade, it's supported by every web browser and mobile phone made in the last decade. By that standard my Sig P226 handgun is "military-grade." Sure it's a nice pistol used by the military, but most owners are civilians. They also have aircraft carriers, cruise missiles and jets...those items are truly military grade.
      • AES is used all over the place including the military and is the recommended standard encryption for many military use cases. So if the military is specifying that their communications products should use it, then how would that not be military grade?

        • It's a deceptive term used by marketing to indicate a level of quality beyond consumer-grade, when really it just means anything used by the military they can also sell to consumers. The military uses Starlink, but that wouldn't be commonly understood as military-grade, it's a consumer product also opportunistically used by the military. Neither would Campbell's soup be considered military grade, but it's eaten a lot by armed forces. Writers focused on marketing use the term military-grade to puff whatev
          • by gtall ( 79522 )

            When I see "military grade X", I like to swap in "military grade jock strap" or "military grade bra", it adds a sense of gravity to the pronouncement.

        • Not only did their attack fail, they're not even attacking AES. They're attacking simplified algorithms that they consider the "representative" of the "foundation" of AES.

  • by sinij ( 911942 )
    AES is not vulnerable to Quantum.
    • I'm ignorant here. Do you have any supporting info?

      • by gweihir ( 88907 )

        Also, the D-Wave is not actually a "Quantum Computer".

      • Symmetric encryption is not thought to be particularly vulnerable to quantum attacks.

      • by sinij ( 911942 )
        Quick answer - they type of hard problem that quantum is good at is not present in AES. Key distribution can be attacked, AES encryption - there is no known Quantum or otherwise algorithm that can crack AES in any reasonable time.
  • by wetmice ( 6229050 ) on Monday October 14, 2024 @01:35PM (#64863895)
    It's 100x easier to find press releases about this paper than download the PDF itself. What I found was a scraped result, whose title translates to "Quantum annealing public key cryptographic attack.." published in January by "Wang Chao, Ph.D., professor, member of China Computer Federation (CCF), main research fields are artificial intelligence, cyberspace security, quantum computing cryptography." AES is a symmetric cipher, not a public key algorithm. It does use an SPN structure, but attacking toy 64-bit SPN-based algorithms like Present, Gift-64 and Rectangle does not mean the attack scales to other algorithms, especially not to AES-256 which is a standard (CNSA 2.0, FIPS 197) requirement for many DoD systems. One can pick a shitty lock. This does not mean a new threat to Fort Knox has emerged.
    • Re: (Score:2, Informative)

      by manu0601 ( 2221348 )
      TFA links to this paper [ict.ac.cn] in Chinese, with only the summary in english. Oddly, I cannot find the word AES. This seems to be an attack against RSA.
      • by spth ( 5126797 )
        Looks like a wrong link to me. Both for the reasons you noticed, too (difference in attacked algorithm). And because TFA mentions an article in the September 2024 issue of "Chinese Journal of Computers", while the link is to an article in the May 2024 issue. But I didn't find any article by the author "Wang Chao" in the September issue of the Chinese Journal of Computers.
  • This is just a small, incremental step and not anything to worry about.

  • "Military Grade" is relative.
  • Somebody needs to set up a challenge machine with a prize for successfully hacking it. Something substantial like "we'll extract you from the country, set you up on a private island with excellent security" and the challenger has to prove that they used quantum computing to do it.

    • by sl3xd ( 111641 )

      That prize already exists: You'll be swiftly extracted, and be transported immediately to a private island. It's excellent security a consequence of your unmarked grave.

    • by vbdasc ( 146051 )

      the challenger has to prove that they used quantum computing to do it.

      This condition should be removed. "Using" quantum computing could meaning anything, even doing something small and unnecessary for the task. Crack it using whatever you want.

He has not acquired a fortune; the fortune has acquired him. -- Bion

Working...