Not So Fast: China, Quantum, and the RSA Panic Button

TL;DR

No, RSA isn’t broken—yet. But the future is marching steadily toward quantum decryption. Chinese researchers just proved conceptually that even quantum annealing can nibble at RSA’s edges. It’s not a crisis—but it is a warning shot.

If your current provider isn’t building for a quantum-resilient future, maybe it’s time to ask why.

This week, headlines popped up claiming China has broken RSA encryption with a quantum computer, sending a ripple through the cybersecurity world—and a shockwave through LinkedIn armchair analysts. Let’s unpack what actually happened, and why this isn't quite the quantum doomsday some are pretending it is.

So, What Did China Actually Do?

A research team at Shanghai University, led by Wang Chao, used a D-Wave Advantage quantum annealing processor to factor a 22-bit RSA key. Yes, 22 bits. Not 2048. Not 4096. Twenty-two. That’s a key length so laughably small, you could factor it on a smartphone.

Still, the method is novel—they converted the factoring challenge into a Quadratic Unconstrained Binary Optimisation (QUBO) problem and ran it through a quantum annealer, rather than the more widely hyped universal gate-based quantum computers like those from IBM or Google.

Their results? Slightly better than previous quantum factoring experiments (which topped out around 19-bit keys). It’s a proof of concept. Impressive, yes. But not scary.

Here’s Why It’s Not Time to Panic

1. Quantum Annealers Aren’t General-Purpose Tools
   The D-Wave system is a specialised kind of quantum computer that’s very good at solving optimisation problems—but not ideal for running algorithms like Shor’s, the one designed to truly shred RSA. This experiment doesn’t scale meaningfully toward real-world 2048-bit RSA encryption.

2. Exponential Scaling Still Applies
   Even if the technique worked flawlessly at 22 bits, scaling up to break even a 256-bit key would be like trying to reach the Moon on a bicycle. 2048-bit RSA? You’ll burn through a small sun before that happens.

3. NIST, NSA, and the Grown-Ups Are Already on It
   The global cryptographic community hasn’t been asleep at the wheel. Organisations like NIST have been working for years to define post-quantum cryptography standards, and many companies (ours included) are already migrating toward quantum-resistant architectures.

   The real concern isn’t tomorrow. It’s the “harvest now, decrypt later” model—where attackers hoard encrypted data now, betting they’ll be able to decrypt it once quantum computing finally catches up.

We Saw This Coming—And Built for It

At PrivID, we’ve been ahead of this curve for years. Our platform doesn’t rely on fragile public-key infrastructure alone. We use:

• Zero-Knowledge Proofs (ZKPs) for identity authentication that doesn’t expose the data.

• Fully Homomorphic Encryption (FHE) for computations on encrypted data—meaning your information stays encrypted even while it’s being processed.

• Post-quantum encryption layers, ready to swap in when today’s crypto starts cracking.

We aren’t playing catch-up. For us, it’s about being uncrackable by design.