The advance was incremental at best. So why did so many think it was a breakthrough?
There’s little doubt that some of the most important pillars of modern cryptography will tumble spectacularly once quantum computing, now in its infancy, matures sufficiently. Some experts say that could be in the next couple decades. Others say it could take longer. No one knows.
The uncertainty leaves a giant vacuum that can be filled with alarmist pronouncements that the world is close to seeing the downfall of cryptography as we know it. The false pronouncements can take on a life of their own as they’re repeated by marketers looking to peddle post-quantum cryptography snake oil and journalists tricked into thinking the findings are real. And a new episode of exaggerated research has been playing out for the past few weeks.
Very interesting turn of events. I had already highlighted that 50 bits is nowhere from breaking military grade RSA (see #735995), but this shows it's even worse than that. Thanks for sharing, I was consciously not clicking anymore on any article referencing this infamous paper as I thought it was a closed story. Turns out it isn't.
Among the many problems with the article was its failure to link to the paper—reportedly published in September in the Chinese-language academic publication Chinese Journal of Computers—at all. Citing Wang, the paper said that the paper wasn’t being published for the time being “due to the sensitivity of the topic.” Since then, the South China Morning Post article has been quietly revised to remove the “military-grade encryption” reference.
[...]
The paper makes no reference to AES or RSA and never claims to break anything. Instead, it describes a way to use D-Wave-enabled quantum annealing to find the integral distinguisher. Classical attacks have had the optimized capability to find the same integral distinguishers for years. David Jao, a professor specializing in PQC at the University of Waterloo in Canada, likened the research to finding a new lock-picking technique. The end result is the same, but the method is new.
reply