• Welcome! The TrekBBS is the number one place to chat about Star Trek with like-minded fans.
    If you are not already a member then please register an account and join in the discussion!

Researcher Claims to Crack RSA-2048 With Quantum Computer

Snaploud

Snaploud

Admiral
Admiral
Take this one with a massive pile of salt but it's troubling if true...

Researcher Claims to Crack RSA-2048 With Quantum Computer

As Ed Gerck Readies Research Paper, Security Experts Say They Want to See Proof

Mathew J. Schwartz (euroinfosec) • November 1, 2023

A scientist claims to have developed an inexpensive system for using quantum computing to crack RSA, which is the world's most commonly used public key algorithm.

The response from multiple cryptographers and security experts is: Sounds great if true, but can you prove it? "I would be very surprised if RSA-2048 had been broken," Alan Woodward, a professor of computer science at England's University of Surrey, told me.

...

Because of the risk playback attacks pose to civilian and military communications, as well as critical national infrastructure, the U.S. National Security Agency has told organizations involved in maintaining national security systems that they should be planning their transition to the Commercial National Security Algorithm Suite 2.0. This is a set of quantum-resistant algorithms approved for eventual NSS use (see: US Government Picks Quantum-Resistant Encryption Algorithms).

Based on when NSA cryptographers believe quantum computing will pose a threat to public key cryptography, the U.S. government has mandated dates by which it wants to see CNSA 2.0 compliance be in place:

https://www.bankinfosecurity.com/blogs/researcher-claims-to-crack-rsa-2048-quantum-computer-p-3536
 
I'm not going to read the paper, but the Shor method for factoring a number of order 2^n is generally reckoned to require of the order of 2n+2 qubits with around half being clean - the estimate varies somewhat but I'll go with that. The largest quantum computer has 1,000 qubits, so n would be 499. That would seem to fall short. The last trial using the algorithm I heard about factored 15 into 5 and 3. I assume the state of the art has moved on. Maybe there's a simulated annealing way of doing factorisation. I just don't know. :shrug:

Even if a crime organisation or a secret governmental security organisation wanted to build such a machine, would they be able clandestinely to obtain the components and recruit the experts required? Any expert would have to be very well paid as they would be ruining their career - either by engaging in criminal activity or by being unable to publish their research.

I'd like to know a little more about the proposed method here, but I just don't have the time to research it fully. Hopefully, some science journalist will boil it down. The claim that factorisation can be done using equipment worth $1,000 seems wild. Let's hope this is silicon snake oil or everything will go tits up real fast.
 
Last edited:
[QUOTE="
Even if a crime organisation or a secret governmental security organisation wanted to build such a machine, would they be able clandestinely to obtain the components and recruit the experts required? Any expert would have to be very well paid as they would be ruining their career - either by engaging in criminal activity or by being unable to publish their research.
[/QUOTE]

That's a great question. However, nation-state actors and other heavily funded hackers can often be funded by the government or at least supported by the government. Remember, the other countries that are not as friendly with your government might not be against their constituents targeting other governments like yours. In many cases, nation-state actors are well funded and have unlimited time on their hands as they have nothing to do but hack, as that is their job. I was recently at a ISC^2 meeting where we discussed Hacking-As-A-Service. It's actually a whole industry that pays very well, which is a terrifying thought for cybersecurity professionals. Here's a link if you want any more information: https://www.rapid7.com/blog/post/20...ew-offering-is-changing-the-threat-landscape/
 
Yeah, I understand that, but my expectation is that counterintelligence services will be actively looking for signs that such activity is being organised by the usual suspects for cyberwarfare - Russia, China, North Korea and Iran - much like they look for signs of uranium enrichment plants. There is more going on than people such as me rambling on a message board are aware of. I just had a thought that one might disguise large-scale computer usage for cybercrime as bitcoin mining and, of course, the computers need not be located in the bad actor state itself. Let's hope our intelligence services remain up to snuff.
 
You must log in or register to reply here.
If you are not already a member then please register an account and join in the discussion!

Sign up / Register


Back
Top