While your online banking session may still seem secure, the foundations of digital encryption are facing a silent but growing threat, wonderfulengineering.com reports.
A research team in China has managed to factor a 22-bit RSA key using a quantum annealing mechanism. The experiment, led by Wang Chao at Shanghai University, shows that quantum computing, once theoretical, is now gradually undermining the mathematical backbone of modern cybersecurity.
Using a D-Wave Advantage quantum annealing processor, the Shanghai team solved a problem that previously plagued similar systems: factoring a 22-bit semi-prime RSA number. RSA encryption, long considered a pillar of secure digital communication, relies on the practical difficulty of factoring large semiprimes with just two prime factors.
“Using the D-Wave Advantage, we successfully factored a 22-bit RSA integer, demonstrating the potential of quantum machines to tackle cryptographic problems,“ the researchers write.
Although 22 bits is nowhere near the 2048-bit keys used in real systems, the breakthrough is significant because it surpasses previous limits (which stopped at 19 bits) and does so with more efficient use of qubits and reduced noise.
While most headlines about quantum RSA cracking revolve around Shor's algorithm, which requires gate-based error-correcting quantum machines (still in development), this study uses a more immediately accessible approach: quantum annealing.
Instead of finding periodicity (as Shor does), the researchers reformulated the RSA factorization as a combinatorial optimization problem, converted it to a quadratic unconstrained binary optimization (QUBO) format, and allowed the D-Wave annealer to search for the lowest energy state—a process enabled by tunneling qubits in a 15-millikelvin environment.
This strategy plays into D-Wave’s strength in optimization, even if it scales poorly with key size. However, as hardware evolves, these small cracks could widen, especially considering that D-Wave is planning a Zephyr-topology processor with over 7,000 qubits soon.
Interestingly, the team didn’t stop with RSA. They applied this technique to Substitution-Permutation Network (SPN) ciphers such as Present and Rectangle, commonly used in embedded systems.
They called it “the first time a true quantum computer has posed a significant threat to many full-scale SPN-structured algorithms in use today.”
That may be a slight exaggeration; these algorithms have not been “broken,” but the fact that they have been seriously attacked by quantum processors is itself a significant milestone.
The study has raised concerns among security analysts. As Prabjot Kaur of Everest Group said: “The advancement of quantum computing could seriously threaten data security and privacy for various enterprises.”
Even if current quantum devices cannot yet break 2048-bit RSA, post-quantum planning is already underway. The U.S. National Institute of Standards and Technology (NIST) is finalizing new post-quantum cryptography (PQC) standards in 2024 (FIPS 203, 204, and 205) and has selected the HQC algorithm in 2025. for future rounds.
A White House event urged federal agencies to make the transition now, warning that adversaries could be hoarding encrypted data for “hack now, decrypt later” attacks.
The Wall Street Journal put it bluntly: “Businesses should treat cryptographic upgrades as multiyear infrastructure projects.”
Yet many organizations have not taken inventory of which cryptographic algorithms they use. Experts recommend starting with an audit, then gradually implementing quantum-safe libraries like Open Quantum Safe, and testing hybrid key exchange schemes that combine classical RSA with lattice-based methods like CRYSTALS-Kyber to ensure forward secrecy.
While a 22-bit key won’t protect your email, the Shanghai team’s work proves that quantum annealing improves, especially with smart noise reduction and modeling techniques. Although the experiment required significant classical pre- and post-processing, the history of cryptography teaches us not to dismiss these early victories.
Remember DES? It took just four years after the first cracks to collapse to a custom-built machine for $250,000 in 1998.
The study is published in the Chinese Journal of Computers.