No, RSA Encryption Isn’t Obsolete

RSA is dead, long live RSA! At the end of December 2022, Chinese researchers published a paper claiming that they can crack RSA encryption using current-generation quantum computing. For decades, the RSA algorithm has been one of the most widely used methods for governments and industry to create secure communications channels by encrypting and decrypting messages. While quantum computing can revolutionize cryptography—both as a threat and an enhancing tool—experts have maintained that this prospect is still years away. Therefore, the research released by Chinese scholars has major security implications: Governments could crack other governments’ most sensitive codes and secrets with quantum computing sooner rather than later.

But let’s pump the brakes on the quantum panic. Yes, these research findings are potentially a big deal for national security purposes. However, there are at least four reasons to be skeptical about how the study will actually translate to the real world.

First, the scope of the study was relatively small. Because the Chinese researchers did not have a large quantum computer to work with, they deployed an algorithm to break encryption at roughly 1/50th the scale of RSA encryption. Modern RSA utilizes 2048-bit numbers (617 decimal digits); the study only cracks 48-bit numbers. This research would require significant scaling up to have real-world implications.

Second, and relatedly, the researchers rely on an algorithm that notoriously fails to scale up. The algorithm works well in breaking encryption in smaller doses, such as the 48-bit numbers that the Chinese researchers are utilizing. But again, this is 1/50th the scale of 2048-bit RSA, and the algorithm falls apart in larger models. The authors claim that specific quantum computing techniques circumvent scaling concerns of the algorithm but do not offer any evidence or even details for applying their methods to a larger model.

Third and most problematically, the authors remain unclear about the real payoff of using quantum computing in the study. Specifically, the research team has no clue how much quantum computing actually speeds up the algorithm compared to regular computers. In other words, running the algorithm may have taken just as long on quantum computers as it would have on laptops. And apparently, the researchers only utilized quantum computing to fix a flaw in another scholar’s paper that peer reviewers had rejected. While it may make for a great academic paper, the benefits of using quantum computing to speed up codebreaking in the real world remain to be seen.

Finally, if this study is so groundbreaking, why didn’t the Chinese Communist Party classify the research? One would think that cracking sophisticated RSA encryption is the type of capability Beijing would want to develop and test in secret. Instead, the findings are publicly available. This should lend additional skepticism to claims of an impending quantum revolution in national security. If quantum computing were really so close to defeating RSA-style encryption at scale, you can bet that this would be a government’s most closely guarded secret.

So while the Chinese study might be pioneering and the claims plausible within limited scope conditions, it seems the real-world implications for governments and businesses are still years off. Interestingly enough, the researchers conclude that a 372-qubit quantum computer would be required to actually challenge 2048-bit RSA. This is something that IBM could test right now with its Osprey quantum computer. Only if and when they do will we have a better basis for assessing the impact of quantum computing on keeping government secrets secret.

The post No, RSA Encryption Isn’t Obsolete appeared first on American Enterprise Institute – AEI.