Scott Francis

New paper from a team at Shanghai University outlines how a team there factored a 22-bit RSA integer on a #quantum computer (D-Wave's Advantage).

They reframed integer factoring as combinatorial optimization (which matches well with quantum annealing hardware) instead of Shor's period-finding approach. The previous best effort was 19 bits and was less efficient (more qubits per variable required).

The researchers also attacked some AES underlying algorithms including Present, Rectangle, and the Gift-64 block cipher.

(Notable context: Back in 2022 a different team in China claimed to have factored a 48-bit semiprime with a 10 qubit quantum computer, but that was later retracted.)

n.b., headline is clickbait but article is actually pretty good.

#PQC

https://www.earth.com/news/china-breaks-rsa-encryption-with-a-quantum-computer-threatening-global-data-security/

http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf

China breaks RSA encryption with a quantum computer, threatening global data security

Researchers in Shanghai break record by factoring 22-bit RSA key using quantum computing, threatening future cryptographic keys.

Earth.com
Jun 25 at 1:21pmWeb
Show threadWelkinJun 25

@darkuncle Does that improve the chances of us see a practical quantum computer soon?

#quantum_computing, #quantum_computer, #QuantumSystems

Show threadScott FrancisJun 25

@welkin7 marginal improvement, but still an improvement. In the last six months we have seen hardware, algorithmic, and efficiency advances, as well as significant improvements in error correction and coherence times (plus new frontiers in distributed QC).

Schneier says "attacks always get better, they never get worse” ... I think the pace of advancement is going to continue to accelerate, and adopting quantum-resistant encryption is something people need to start on *now* not later. (Also because the time required just to inventory and asses all your installed cryptography will be years for most orgs.)

Show threadWelkinJun 28

@darkuncle I like that phrase, "attacks always get better, they never get worse"

Can I propose an alternative? Do not look for quantum-resistant encryption. Rather replace the entire existing public-key-private key cryptography with something entirely new. If possible something based on quantum computing principles.

#quantum, #quantum_computing, #quantum_computer, #QuantumSystems

Show threadScott FrancisJun 28

@welkin7 quantum key distribution would do that, but for now it requires specialized network hardware on both ends and is only suitable for carrier interlinks (metro area dark fiber, ground to orbit, etc.)

However, the world's first QKD-secured commercial network service went live in Paris a few weeks back due to a partnership with Orange and Toshiba: https://thequantuminsider.com/2025/06/11/orange-business-toshiba-partner-to-launch-commercial-quantum-safe-network-service-in-france/

Show threadStephan NeuhausJul 14
@darkuncle Slightly different take on the topic of quantum factorisation: https://eprint.iacr.org/2025/1237 (full disclosure: I'm an author).
Replication of Quantum Factorisation Records with an 8-bit Home Computer, an Abacus, and a Dog

This paper presents implementations that match and, where possible, exceed current quantum factorisation records using a VIC-20 8-bit home computer from 1981, an abacus, and a dog. We hope that this work will inspire future efforts to match any further quantum factorisation records, should they arise.

IACR Cryptology ePrint Archive
Show threadScott FrancisJul 14
@sten yes, was discussing with @poleguy yesterday: https://infosec.exchange/@darkuncle/114847226679959226
Scott Francis (@darkuncle@infosec.exchange)

@poleguy@mastodon.social Gutmann has a history and agenda that’s pretty well-known :) He’s not wrong here, but he’s also critiquing past history rather than looking at the trajectory of where things are headed. integer factoring is not the first problem that quantum computers will tackle; it might not even be in the top five. But the march of progress here is undeniable; you can rent time on a QC today and work on optimization problems (which is why materials science, drug discovery, and other molecular modeling problems are at the forefront of research). The problem with Gutmann and other skeptics is that they are predicting future results based on prior activity (and a subset, at that), and dismissing any incremental progress that falls below some chosen benchmark. But progress doesn’t work that way: it is often as Hemingway once wrote, “gradually, then all at once”. Gutmann is using integer factoring (which isn’t far along yet) to cast aspersions on quantum computing broadly, but he’s either unaware or ignoring most of the actual progress that’s been going on (my two favorite developments this year are the Oxford distributed QC breakthrough, and the Google paper that has nothing to do with QC but still improves factoring efficiency by a factor of 20, just from algorithmic improvements). He’s always entertaining, but being funny or satirical often requires you to ignore the aspects of your topic that don’t play into the satire.

Infosec Exchange
Show threadStephan NeuhausJul 14

@darkuncle @poleguy Ah, for some reason I can't respond to that post directly, but as a co-author of that paper, perhaps a few words here then:

At no point are we criticising QC, Shor's Algorithm, PQC or anything of the sort. What we are criticising is the slew of papers (and by extension, tech or mainstream press articles) that report results that are not what they seem. 1/2

Show threadStephan NeuhausJul 14

@darkuncle @poleguy Some papers mistakenly claim or at least strongly insinuate that they have successfully attacked RSA (the D-Wave paper cited in our article is an example), when they do no such thing.

But it gets reported in the tech and mainstream press, and then it is liable to skew public perception of the capabilities of QC. This article is meant as a correction to this perception. 2/2

Show threadpoleguy looking for lost toolsJul 14

@sten @darkuncle I appreciate the very clear and easy to understand style of the VIC-20, abacus, dog paper.

I'm the kind of guy who likes to read the actual papers.

Last night on darkuncle's recommendation I started to read the Oxford paper. It's not terribly hard to understand, yet it's also not written to make it easy to critique.

https://www.nature.com/articles/s41586-024-08404-x

I'd love to see your other writing, especially if you have a sober assessment of the current state of the art and challenges!

Distributed quantum computing across an optical network link - Nature

The distribution of quantum computations is demonstrated between two photonically interconnected trapped-ion modules, using repeatable, deterministic teleported controlled-Z gates to perform Grover’s search algorithm.

Nature
Show threadScott FrancisJul 14
@sten @poleguy and that part is extremely valid, and needs more visibility - the reporting on this lacks essential nuance, and we end up reading about things that haven’t happened, and not about the very significant things that have.
Show threadpoleguy looking for lost toolsJul 14

@darkuncle @sten I bet there are few people who can read (and understand) these papers, and of those fewer who are willing to write about them, and of those even fewer who will write about them in a manner that delineates the hype words vs the true nuggets of improvement.

Most of the 'dumbed down' commentary is either pure hype and speculation, or weak analogies that only give a vague sense of the truth, and are only useful to advance the understanding of the truly uninitiated.

Show threadTony “Abolish ICE” Arcieri🌹🦀Jul 14
@darkuncle I'll just leave this here...
Show threadScott FrancisJul 14

@bascule I’m all for novel approaches that provide flexibility in adapting problem spaces to different topologies … but yeah, this is pretty funny :)

(Am convinced the biggest success factor in quantum for at least the next 10 years is going to be figuring out how to break up a problem into discrete chunks that can be tackled on a combination of CPU, GPU, and a given quantum hardware topology. Kinda like how the biggest factor in successfully using an LLM is figuring out the right question to ask.)

Show threadpoleguy looking for lost toolsJul 14
@darkuncle Yikes. I probably live in a hole: this is literally the first complete paper I've ever run across that I've wanted to read that is in a non-western script. I wonder if there is there a translation of this paper available.