Chinese Scientists Report Using Quantum Computer To Hack Military-grade Encryption

schwit1 writes: Chinese scientists have mounted what they say is the world's first effective attack on a widely used encryption method using a quantum computer. The breakthrough poses a "real and substantial threat" to the long-standing password-protection mechanism employed across critical sectors, including banking and the military, according to the researchers.

Despite the slow progress in general-purpose quantum computing, which currently poses no threat to modern cryptography, scientists have been exploring various attack approaches on specialised quantum computers. In the latest work led by Wang Chao, of Shanghai University, the team said it used a quantum computer produced by Canada's D-Wave Systems to successfully breach cryptographic algorithms.

Using the D-Wave Advantage, they successfully attacked the Present, Gift-64 and Rectangle algorithms -- all representative of the SPN (Substitution-Permutation Network) structure, which forms part of the foundation for advanced encryption standard (AES) widely used in the military and finance. AES-256, for instance, is considered the best encryption available and often referred to as military-grade encryption. While the exact passcode is not immediately available yet, it is closer than ever before, according to the study. "This is the first time that a real quantum computer has posed a real and substantial threat to multiple full-scale SPN structured algorithms in use today," they said in the peer-reviewed paper.

The computer they use

[i kan reed]

The quantum computer they use in this research, the D-Wave quantum computer is built and maintained at Los Alamos national laboratory in the United States. This paper is just about software methods to perform decryption using it, not some secret quantum computer only China has access to.

Re:

[bill_mcgonigle]

There's a long history of people here calling D-Wave a scam.

At this point I wonder if they were just dumb or disinfo operatives.

Some spooks call those categories professionals and useful idiots

Re:The computer they use

[HiThere]

D-Wave is not a general purpose quantum computer. It's also not a scam. It is a special purpose computer, useful for certain particular functions. That it could be used to break "military grade encryption" is a real slam at "military grade encryption".

(FWIW, I expect that story is a lot more complex, but I'm not interested enough in either quantum computers or military grade encryption to dig it out.)

Re:

[drinkypoo]

There's a long history of people here calling D-Wave a scam.
At this point I wonder if they were just dumb or disinfo operatives.

China puts out more completely fabricated research papers than all other nations combined, and here you are believing them uncritically. Are you just dumb, or a disinfo operative?

Re:

[gweihir]

I do not think this one is "fabricated". But the title of the story here is, at the very least, grossly misleading. Enough that calling it a lie-by-misdirection would be accurate. This is not even remotely close to an actual or academic break of an actually used secure cipher.

Re:

[gweihir]

The D-Wave is and always was a scam. That does not mean it cannot do some things. But it can do almost no useful things and the useful things it can do can be gotten far cheaper with other approaches. The only thing it shines at is "simulatining" itself. But that is a bullshit metric.

"Dumb or disinfo operatives"? Nope. The term you are looking for is "people with a clue". As these are rare, I get your confusion. But not everybody is clueless and identifying those that are not is hard for the clueless majori

Progress

[Asgard]

The study emphasizes that while a quantum computer has not yet revealed the specific passcodes used in the algorithms tested, it is closer to doing so than previously achieved.

Title makes it sound like its 'hacked'. Instead it is 'progress towards a hack'.

Re:

[gweihir]

Indeed. And these happen all the time. This may be "closer than ever before", but at the same time it is nowhere close at all.

Re:

[Asgard]

Which isn't to say we shouldn't migrate to post-quantum crypto as soon as practical, just that it isn't a 'OMG that box from the 1995 movie Hackers is real *today*; No More Secrets' situation.

Re:

[gweihir]

We very definitely should _not_ migrate to post-quantum crypto at this time. It is untried, has not stood the test of time, and there have already been some rather embarrassing failures. Incidentally, the D-Wave is not a Quantum Computer.

Sneakers

[chuckugly]

Too many secrets

You have to keep this in mind

[Zontar_Thing_From_Ve]

Both China and Russia like to make all sorts of claims about how great they are. I always ask the question - Does it really make sense if they truly did what they claimed to do that they announced it to the world? Almost always, the answer is "No".

Re:

[i kan reed]

As I note above, this is just a paper about a method for using an American quantum computer. If you had the hundreds of thousands of dollars buying time on a research quantum computer requires, you could run the algorithm they present in the paper yourself. It's pretty reproducible. You know, if you can read Chinese.

Not sure what fraud is possible in this scenario.

what?

[nyet]

"Military grade".

Any time you see that, rest assured the author is completely clueless, unless the phrase is in scare quotes.

Re:

[zlives]

or used the word plutonium, or describing back to the future movies.

Re: what?

[Midnight_Falcon]

Exactly, "military-grade" is a marketing term to sell to consumers and cybersecurity people who play too many video games and think they should have been a Navy SEAL. AES isn't military grade, it's supported by every web browser and mobile phone made in the last decade. By that standard my Sig P226 handgun is "military-grade." Sure it's a nice pistol used by the military, but most owners are civilians. They also have aircraft carriers, cruise missiles and jets...those items are truly military grade.

Re:

[iamwahoo2]

AES is used all over the place including the military and is the recommended standard encryption for many military use cases. So if the military is specifying that their communications products should use it, then how would that not be military grade?

Re: what?

[Midnight_Falcon]

It's a deceptive term used by marketing to indicate a level of quality beyond consumer-grade, when really it just means anything used by the military they can also sell to consumers. The military uses Starlink, but that wouldn't be commonly understood as military-grade, it's a consumer product also opportunistically used by the military. Neither would Campbell's soup be considered military grade, but it's eaten a lot by armed forces. Writers focused on marketing use the term military-grade to puff whatev

Re:

[Aighearach]

Not only did their attack fail, they're not even attacking AES. They're attacking simplified algorithms that they consider the "representative" of the "foundation" of AES.

FUD

[sinij]

AES is not vulnerable to Quantum.

Re:

[awwshit]

I'm ignorant here. Do you have any supporting info?

Re:

[gweihir]

Also, the D-Wave is not actually a "Quantum Computer".

Re:

[Aighearach]

I'm ignorant here. Do you have any supporting info?

If you're ignorant it is on you to educate yourself.

To rephrase your question, you could instead say, "Please oh wise teacher will you fill up my head by pouring knowledge over it!"

It is not how know is gained. If you want to learn about the subject it will require substantive effort on your part, and others can't do that for you.

When you do understand what is being said then you'll be in a position to join a discussion about it.

When you ask for supporting information, what are you asking for? A website wit

Re:

[awwshit]

Gee, thanks, Dad.

Maybe if you make a claim, you can back it up. I'm asking OP to back up his claim. OP made a claim without evidence. Where is the evidence for the claim?

Difficult paper to find

[wetmice]

It's 100x easier to find press releases about this paper than download the PDF itself. What I found was a scraped result, whose title translates to "Quantum annealing public key cryptographic attack.." published in January by "Wang Chao, Ph.D., professor, member of China Computer Federation (CCF), main research fields are artificial intelligence, cyberspace security, quantum computing cryptography." AES is a symmetric cipher, not a public key algorithm. It does use an SPN structure, but attacking toy 64-bit SPN-based algorithms like Present, Gift-64 and Rectangle does not mean the attack scales to other algorithms, especially not to AES-256 which is a standard (CNSA 2.0, FIPS 197) requirement for many DoD systems. One can pick a shitty lock. This does not mean a new threat to Fort Knox has emerged.

"closer than ever before" = "still not close"

[gweihir]

This is just a small, incremental step and not anything to worry about.

Caesar Cypher is Roman military grade.

[Culture20]

"Military Grade" is relative.