{"id":3339,"date":"2025-05-26T12:53:36","date_gmt":"2025-05-26T12:53:36","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=3339"},"modified":"2025-05-26T12:53:36","modified_gmt":"2025-05-26T12:53:36","slug":"breaking-rsa-encryption-just-got-20x-easier-for-quantum-computers","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=3339","title":{"rendered":"Breaking RSA encryption just got 20x easier for quantum computers"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

A quantum computer with one million noisy qubits running for one week can theoretically crack RSA-2048 bit encryption, representing twenty times fewer qubits than Google\u2019s 2019 estimate, according to new research from Google Quantum AI.<\/p>\n

The findings sharply compress the timeline for when current encryption standards could fall, compelling enterprises to accelerate post-quantum cryptography (PQC) adoption<\/a>.<\/p>\n

\u201cFor decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today\u2019s secure public key cryptography algorithms,\u201d Google researchers Craig Gidney and Sophie Schmieg wrote in a blog post<\/a>.\u00a0\u00a0<\/p>\n

The findings <\/a>arrive amid rapid progress in quantum computing. While current systems still operate with only hundreds of qubits, Google\u2019s research shows that three technical breakthroughs \u2014 more efficient algorithms, advanced error correction, and optimized quantum operations \u2014 are dramatically lowering the threshold for real-world cryptographic threats. <\/p>\n

Specifically, the team adopted a 2024 method for approximate modular exponentiation, slashing overhead from 1000x to just 2x. They also tripled the logical qubit density through layered error correction and introduced \u201cmagic state cultivation\u201d to streamline quantum processing.<\/p>\n

Narayan Gokhale<\/a>, VP & principal analyst at QKS Group, called the findings a \u201cwake-up call for measured urgency, not panic,\u201d saying they affirm existing PQC timelines but stress the need to fast-track transitions for long-lived or high-risk cryptographic systems.<\/p>\n

The rate of progress marks a steep acceleration. Since Peter Shor\u2019s 1994 revelation that quantum computers could theoretically break RSA, resource estimates have plummeted\u2014from one billion qubits in 2012 to just one million today.<\/p>\n

Gartner VP Analyst Bart Willemsen<\/a> warned that \u201cquantum computing will weaken asymmetric cryptography by 2029.\u201d Given that cryptographic upgrades often span multiple years, he urged organizations to begin strategic planning now, especially for infrastructure with hard-coded crypto dependencies. Many developers, he noted, lack deep familiarity with cryptographic libraries and hash functions, making early inventory, performance testing, and system mapping essential to any realistic PQC roadmap.<\/p>\n

Enterprise security implications<\/strong><\/h2>\n

For security leaders, the research highlights two immediate priorities. First, encrypted communications using RSA or similar algorithms face acute \u201cstore now, decrypt later\u201d risks, where intercepted data could be decrypted once quantum computers achieve sufficient scale. Google has implemented NIST-approved ML-KEM across Chrome and internal systems, establishing a benchmark for securing web traffic, VPNs, and messaging platforms.\u00a0<\/p>\n

Digital signature implementations present a more complex challenge, according to security analysts. \u201cBuilding true quantum resilience requires more than technical upgrades,\u201d noted Gokhale. \u201cIt demands comprehensive operational planning that integrates cryptographic asset mapping with broader digital transformation initiatives.\u201d The extended lifespan of signature keys\u2014often embedded in hardware security modules or designed for multi-year use\u2014creates unique migration hurdles that require early planning.<\/p>\n

NIST\u2019s recommended timeline\u2014deprecating vulnerable algorithms by 2030 and removing them entirely by 2035\u2014now appears increasingly firm. Willemsen warned against complacency: \u201cMany organizations underestimate the impact because the quantum threat horizon appears distant. However, the multi-year lead time required for proper migration means preparation cannot wait.\u201d<\/p>\n

Security teams should take several concrete steps, including cryptographic audits, that will help identify the most vulnerable systems, while prioritized transition plans should focus first on high-value assets containing sensitive long-term data. Engaging technology vendors about their post-quantum implementation roadmaps becomes equally important, as does testing quantum-resistant algorithms for operational compatibility within existing infrastructure.<\/p>\n

Practical quantum attacks may still be years away. But the cryptographic transition will take just as long \u2014 if not longer \u2014 to execute well. Organizations that act now will have the time and flexibility to build durable, secure systems, concluded the analysts.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

A quantum computer with one million noisy qubits running for one week can theoretically crack RSA-2048 bit encryption, representing twenty times fewer qubits than Google\u2019s 2019 estimate, according to new research from Google Quantum AI. The findings sharply compress the timeline for when current encryption standards could fall, compelling enterprises to accelerate post-quantum cryptography (PQC) […]<\/p>\n","protected":false},"author":0,"featured_media":3324,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-3339","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3339"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3339"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/3339\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/3324"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3339"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3339"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3339"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}