What Is RSA Encryption, And Did China Really Break It?

RSA encryption is a major foundation of digital security and is one of the most commonly used forms of encryption, and yet it operates on a brilliantly simple premise: it's easy to multiply two large prime numbers but incredibly difficult to factor them. RSA, named after its creators' surnames of Rivest–Shamir–Adleman, is what's commonly known as a "one-way function." The RSA creates a public-private key pair by multiplying two large prime numbers to produce an RSA modulus. The public key is openly shared, which allows others to encrypt data on the one end, while the private key holder, who knows the original primes, can decrypt it. This method is an integral part of ensuring secure internet browsing, digital signatures, and financial transactions.

When news started to circulate that China had cracked RSA with quantum tech, it was understandably met with much fear and uncertainty. The idea that a country, especially one as powerful as China, may have cracked the code that protected everything from bank passwords to state secrets was understandably alarming. But after a bit of digging, it became clear that the story wasn't quite what the headlines made it out to be. Sure, there was a breakthrough that involved quantum computing, but it didn't compromise real-world cyber security.

So, what really happened? Researchers in China managed to factor a small portion of the encryption using a quantum machine. An impressive feat that shows quantum computers are getting faster than ever before, but not yet threatening when you understand how far off they still are.

Unlike the headlines initially claimed, the researchers at Shanghai University did not crack RSA encryption, only a small portion of it. The team used a special type of quantum computer called an annealer, which is different from a general-purpose quantum processor. This machine managed to achieve what is a relatively small-scale problem: cracking a 22-bit RSA number. Later efforts reportedly climbed to 50-bit keys using a mix of both quantum and classical methods. These are impactful steps in the confusing world of quantum computing, but they are certainly not a major threat in terms of cybersecurity yet.

Cracking a 22-bit key is somewhat trivial when compared to an entire RSA encryption, as it only represents 4 million possibilities. To put it into perspective, a real RSA encryption uses 2048-bit keys, that's a 617-digit number, an astronomically larger figure. That's a number so massive it would take classical computers, which currently have more factoring power, countless years to factor. The quantum machines that we have now don't come close to having enough power to decrypt it. Running something like Shor's algorithm, the theoretical method capable of breaking RSA, at that scale, would require hardware that doesn't exist yet.

Still, the media ran with the "RSA has been cracked" and "Cybersecurity is now obsolete" narrative. Some articles even painted it as if the foundations of digital security were about to come crashing down. But industry experts have been quick to interject and clarify that it's not currently a threat, but that's not to say that the progress should be ignored.

So, what does all this mean for your digital safety? In the short term, not much. RSA still stands firm against the progress of quantum computing, as breaking a 2048-bit key remains far out of reach for both quantum and classical tech. But that's not to say it will remain that way forever. Experts agree that the time to prepare for quantum computing is now, before the technology can catch up, hence why the military wants to build quantum computers. 

This is why organizations such as The National Institute of Standards and Technology (NIST) are already rolling out post-quantum cryptography standards. These new algorithms, Kyer and Dilithium, are designed to withstand future quantum attacks. This doesn't mean that RSA will be ripped out overnight, it's more about bridging the gap between today's systems and tomorrow's threats.

If we're being frank, the real cybersecurity risks currently are not quantum computers, they are human ones. Weak passwords, phishing scams, and compromised credentials are still the most frequent ways that personal data is stolen. RSA is holding steady for now, but the Chinese quantum experiment is a reminder that cybersecurity is an ever-evolving world. It hasn't matured yet, but it's growing up fast.