Shanghai Researchers Crack 22-Bit Encryption Key with Quantum Computer

October 16, 2024 Kaitlin Harvey

Digital authentication with key

Recently, a compelling study from Shanghai University emerged, underscoring the fact that quantum computing can already factor the prime numbers underlying public-key encryption.

That is, at least, on a small scale.

In this blog, we’ll dive into the new research, as well as discuss why it’s a wake-up call for security teams who have yet to hash out their quantum preparedness plans. Finally, we’ll discuss how to quantum-proof your enterprise with robust machine identity security.

The Key to Cracking the Key

The study I mentioned above came through the university’s use of a D-Wave quantum annealing system, specifically targeting public-key cryptography. With their sights set on Substitution-Permutation Network (SPN) algorithms, they successfully cracked a 22-bit key.

Now I know you’re thinking, “22 bits? That’s nothing!”

Of course, compared to today’s real-world standards of 2048 or 4096 bits, that’s true. But the breakthrough isn’t about the key length. It’s about what it means for the ongoing battle between advancing quantum technologies while fortifying our world’s current digital infrastructure.

As such, the study serves as a wake-up call. As more research continues, we can expect to see more novel techniques and longer keys broken, until we reach the point of cryptographically relevant quantum computers (CRQCs).

As my colleague Kevin Bocek put it in Cyber Magazine, “The news of today’s quantum technology being used to target encryption systems protecting authentication and data globally marks the quantum starting gun that is already in motion.”

Charting Your Course Toward Quantum Readiness

While this study is eye-opening, there’s no need to panic, but the need to prepare cannot be understated. As CRQCs loom closer, perhaps on a more accelerated timeline than the industry initially thought, there are key challenges to solve for—and threats to mitigate.

Currently underpinning the urgency are “store now, decrypt later” attacks, where data that’s encrypted today can be stolen and deciphered with a CRQC in the future.

Teams need to maintain stringent security controls for data that’s both at rest and in transit and have complete visibility and automated, crypto-agile control over the machine identities in use throughout their enterprise. They also need the knowledge of which machine identities are using cryptography that’s vulnerable to quantum computers, so they can swap for quantum-resistant cryptography when the time comes.

Current State of Post-Quantum Readiness

Our most recent survey on 90-day TLS certificates and quantum computing revealed that 67% of security leaders dread the day their board asks about their transition plans, with the same number reporting that the cutover to post-quantum cryptography will be a nightmare.

What’s even more alarming is that nearly 80% of leaders surveyed said they’ll only address the issue once a capable quantum computer arrives. In other words, a lot of teams are ignoring the problem or dismissing it as hype. At least for now.

But the development in Shanghai indicates that this complacency must change.

How to Face Future Quantum Challenges

The urgency for a shift to post-quantum cryptography is clear. Now that NIST has published their first 3 standards, companies will begin to implement them into their solutions.

In addition to testing early, our team also recommends the following 3-step readiness checklist:

  1. Diagnosis: Inventory all machine identities (i.e. TLS certificates, SSH keys and code side credentials), their protocols and the applications that use them.
  2. Plan your migration: Next you should plan, prioritize and test migration for critical machine identities, and all associated applications, to protocols or schemes leveraging PQC algorithms.
  3. Execute the migration: Determine timing and execute your migration. You can turn to a trusted machine identity security partner to help with this, as well as Steps 1 and 2.

The Time to Act is Now

As research continues to accelerate, your window to prepare for quantum computers starts closing. But waiting to adapt your cybersecurity strategy is risky, as it could leave your data and operations susceptible to misuse and compromise.

To equip your business for the quantum shift, I invite you to read our detailed guide to post-quantum readiness.

Quantum computers may bring several challenges, but by taking informed steps today, we can all build a bright, secure and resilient future. Get started today!

Kaitlin Harvey is digital content manager for machine identity security at CyberArk.

Previous Article
CIO POV: Building Trust in Cyberspace
CIO POV: Building Trust in Cyberspace

Trust lies at the heart of every relationship, transaction and encounter. Yet in cyberspace—where we work, ...

Next Article
Intelligent Privilege Controls™: A Quick Guide to Secure Every Identity
Intelligent Privilege Controls™: A Quick Guide to Secure Every Identity

Security used to be simpler. Employees, servers and applications were on site. IT admins were the only priv...