How far away are we from RSA-Doomsday?
Today, I tried to gain a little insight into the current state of quantum computing and worked on a "smell-test". The following thoughts are mainly based on: https://medium.com/the-quantastic-journal/googles-sycamore-exploring-the-power-of-google-s-quantum-computer-266374339d54
Naturally, organizations tend to boast about number of Qubits their devices can support. Unfortunately, Qubits are pretty noisy and one has to combine several of them to reduce the noise - kind of averaging states across many Qubits. Such low-noise Qubits are called "Logical Qubit". It is quite hard to understand if a text talks about logical or physical Qubits and furthermore how many physical Qubits are needed to get a logical Qubit. Furthermore, the capability to interact between Qubits is limited by design and not universal. However, the goal here is not a scientific study but coming up with a smell-test which allows us to gauge where we are in technology.
What is the pace of developing Quantum Computers?
in 2019 Google's Sycamore processor featured 53 Qubits and in 2024 it features 70 Qubits. Let's assume that the Google Sycamore processor would represent a universal quantum computer and its Qubits are "logical Qubits". Rounding things a little bit to the optimistic side, we observe that it took 5 years to go from ?50 Qubits in 2019 to 70 Qubits in 2024. In other words, an increase of 40% in 5 years.
How much does it take to crack RSA-2048?
I found the minimum amount of Qubits needed to crack RSA reported in https://arxiv.org/abs/2212.12372. It looks a little low compared to other results found on the Internet, but let's take these figures at face value anyway:
Assuming an increase of +40% Qubits over 5 years, it takes until 2049 to arrive at >372 Qubits required to crack RSA-2048.
Note that this smell-test is rather optimistic. If our assumptions about the capabilities of a Sycamore processor and the minimum number of Qubits were true, RSA-128 would have had already been cracked and there is no sign of that.
领英推荐
Are these findings consistent with Industry expectations?
in 2022 the Global Risk Institute published the 2021 Quantum Threat Timeline Report with an often cited diagram whereby industry experts were asked by when they expect RSA-2048 being broken with a Quantum Computer:
Our little smell-test is consistent with the 30-year figure of expert's estimates where a majority of them expect with a likelihood of >50% that Cryptographic Relevant Quantum Computers are capable enough to attack RSA-2048.
Summary
The described optimistic smell-test is broadly aligned with the pessimistic expectations of experts about when a Quantum Computer can crack RSA-2048. It will be interesting to follow how things play out over time. Let's run another smell-test in a few years to see if things accelerate. For now, I tend to bet on the pessimistic experts and would expect RSA-doomsday caused by Quantum-Computers not to arrive before 2050.
#QuantumComputing
#CRQC
US Head of Cryptography and US Field CTO at Arqit
8 个月Interesting view, Gert. Quantum computing is evolving rapidly with significant potential impacts on global security and economic structures, underscored by a global investment of $55 billion.? It may be poised for exponential growth - something difficult to predict.? This could? lead to severe consequences if industries are caught off guard by rapid advancements.? Underestimating the growth of quantum computing could leave industries unprepared, facing significant challenges as governmental agencies continue to caution a substantial technological threats by 2030-2035. https://www.dhirubhai.net/pulse/perils-underestimating-exponential-growth-from-tech-revolutions-faux-u1tbe
Tech expert and product strategist for deep-tech startups | Cyber, AI/ML, FinServ | PhD Physics
8 个月This is really interesting Gert, thanks. I might have misunderstood the figure you posted, but doesn't that show that we reach a majority consensus on >50% likelihood in 15 years, not 30? In any case, the key thing for me is about whether you're willing to take the bet or not. Even if you think the risk is low, you might need to do something about it if the outcome would be catastrophic, which breaking RSA certainly would be. I also wonder whether the same results would be found when looking at the other players (Microsoft, IBM, etc) who are arguably ahead of the game compared to Google.
Cybersecurity Practice Leader @ IBM | Business of cybersecurity, mobility, and quantum augmented with AI | DTech candidate @ Purdue University
8 个月There's certainly a lively debate on when "Q-day" will fall and whether increases in Qbits/Quantum volume will be linear or exponential. My 2c below. The US government is especially concerned around the security of long-life software/firmware signatures for its high value assets (HVA). The public deadline they've set to upgrade signatures to more quantum safe tools is 2025 (CNSA 2.0). The more general US government deadline is 2035 (NSM 8/10). Every organization has a different risk profile. I've seen the most interest in government, finance, telco, energy, and manufacturing infrastructure with PQC / PSK etc. implementations coming via existing network infrastructure vendors like Thales, Keyfactor, and others. If the lessons of WWII still hold, it's unwise to be too confident in the security of todays codes in the face of quantum, HPC, and AI tooling. A generation ago, there was over confidence in the security of airgaps and signatures which lead to Stuxnet. The lessons of the current Ukraine war are that secure communications in particular are as important as the tanks, airplanes, and ships of the Cold War.
Professor at Eindhoven University of Technology
8 个月I think the experts indeed know this. Unfortunately much of the communication in media and in the industry world is done by lobbyists, investors, politicians and (social) media "evangelists", "advocates" and "influencers". It's dangerous, because quantum computing needs x billion per year for 25 years in investment and funding... not 3x billion for 8 years... expectation management is key.