Blog entry by Les Bell

Les Bell
by Les Bell - Wednesday, 8 November 2023, 8:56 AM
Anyone in the world

Photo by Michael Dziedzic on UnsplashOnline magazine Tom's Hardware is reporting a claimed breakthrough in quantum computing which can break RSA-2048 - that is, given an RSA public key with a 2048-bit modulus, it can derive the private key in polynomial time. Even better, it can do this without requiring a huge, expensive super-cooled quantum circuit - instead, it works on a smartphone or Linux desktop.

The claim is made in the abstract of a preprint posted to open-source publishing site, ResearchGate, by Ed and Ann Gerck, of Planalto Research.

Now, until last year, I was a university lecturer in Applied Cryptography, and I taught some aspects of quantum crptology - both the use of quantum key distribution (QKD) and quantum cryptanalysis. In particular, I taught the basics of quantum computing and the operation of Shor's Algorithm for factoring large composites (which is the way to break RSA crypto), including how the quantum computer is used to derive the periodicity of a function.

I've read the abstract in question, and it doesn't make much sense to me. A few points to bear in mind:

  • I cannot conceive of any way to run a quantum algorithm on a smartphone. Quantum computing just doesn't work that way.
  • A breakthrough of this magnitude would not be published on an open-source site - if I had come up with it, I'd submit it for one of the major cryptology conferences like IACR, CRYPTO or EuroCRYPT. What's more, if it passed muster, I'd get star billing.
  • Peer review, while important for academic publishing, could easily be dispensed with in a case like this: the claim can be verified by returning the private keys in response to a few public keys given as a challenge. For bonus points, show it actually running on a smartphone.
  • The abstract also reveals that "that we are working on a post-quantum, HIPAA compliant, end-to-end, patent-free, export-free, secure online solution, to replace RSA as soon as possible". This work is apparently based on an earlier proprietary crypto algorithm called ZSentry. Frankly, nobody cares whether crypto is HIPAA-compliant; the question is whether it is FIPS accredited. This is just hand-waving, with added buzzwords for the technically unsophisticated, and one can only wonder whether the claim to have broken RSA is an attempt to stimulate demand for post-quantum crypto - which can in any case be met by several other solidly-based algorithms already on the standards track.

I've been banging the drum pretty consistently for many years on the need for cryptographic agility - preparedness to replace existing public-key algorithms before it is too late. But I'd be very surprised if this was the expected quantum apocalypse.

As I've long told my students, in the world of cryptology, there's not a great distance between secret sauce and snake oil. And, as UTS researcher Chris Ferrie points out, the world of quantum physics has spawned a lot of BS.

Tyson, Mark, Scientist Claims Quantum RSA-2048 Encryption Cracking Breakthrough, Tom's Hardware, 4 November 2023. Available online at https://www.tomshardware.com/software/security-software/quantum-rsa-2048-encryption-cracking-breakthrough-claim-met-with-scepticism.

Gerck, Ed and Ann Gerck, QC Algorithms: Faster Calculation of Prime Numbers, preprint, August 2023. Available online at https://www.researchgate.net/publication/373516233_QC_Algorithms_Faster_Calculation_of_Prime_Numbers.

Ferrie, Chris, Quantum Bullshit: How to Ruin Your Life with Advice from Quantum Physics, Sourcebooks, 2023. Available in Kindle format via Amazon at https://www.amazon.com/Quantum-Bullsh-Ruin-Advice-Physics-ebook/dp/B0BQCGRT4V/.


Upcoming Courses


About this Blog

I produce this blog while updating the course notes for various courses. Links within a story mostly lead to further details in those course notes, and will only be accessible if you are enrolled in the corresponding course. This is a shallow ploy to encourage ongoing study by our students. However, each item ends with a link to the original source.

These blog posts are collected at https://www.lesbell.com.au/blog/index.php?user=3. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Creative Commons License TLP:CLEAR Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.