Sorry, RSA Isn’t Dead Yet: Inside China’s Quantum ‘Breakthrough’ and the Real Race to Post-Quantum Security

The panicked headlines

In late June a burst of news stories claimed Chinese researchers had “broken RSA encryption.” The narrative sounded apocalyptic: if RSA falls, everything from online banking to state secrets becomes readable. Within hours, cryptographers poured cold water on the idea. The Shanghai University team had only factored a tiny 22-bit semiprime (and later a 50-bit number) on a specialised quantum annealer, interesting lab work, but galaxies away from the 2 048-bit keys that secure today’s internet.

How RSA actually works

RSA relies on a remarkably simple mathematical fact: multiplying two very large prime numbers is easy, but reversing the process, splitting the product back into its factors, is extraordinarily hard. Anyone with the public key can encrypt a message, yet only the holder of the private key (who knows the original primes) can decrypt it. A modern RSA-2048 key is a 617-digit number, about 10^616 possible combinations. Even the fastest classical computers would need longer than the age of the universe to exhaust that search space.

What China’s researchers actually achieved

The Shanghai group used a quantum annealer, not a general-purpose gate-based quantum computer, to factor a 22-bit semiprime, around four million possibilities. Follow-up hybrid experiments nudged the record to 50 bits. That’s impressive progress for quantum hardware, but it’s also work a laptop can do in seconds. Crucially, annealers aren’t designed to run Shor’s algorithm, the quantum routine that could threaten RSA at scale. No one has run Shor at a meaningful size yet.

Why a real quantum break remains distant

Running Shor’s algorithm on a 2 048-bit modulus would require millions of fault-tolerant qubits and heavy-duty error-correction. Estimates range from about 4 000 logical (ideal) qubits to 20 million physical qubits once overhead is included. Today’s flagship devices boast barely a hundred physical qubits, remarkable science, but nowhere near enough to crack RSA.

Preparing for Q-Day

“Safe for now” doesn’t mean “ignore the problem.” Government agencies and tech giants are already migrating to post-quantum cryptography (PQC). The U.S. National Institute of Standards and Technology has finalised new algorithms, ML-KEM (Kyber) for key exchange and ML-DSA (Dilithium) and SLH-DSA (SPHINCS+) for digital signatures, designed to withstand future quantum attacks. Companies from banks to chipmakers are piloting upgrades. RSA won’t vanish overnight; instead, crypto-agile frameworks will let organisations swap algorithms as standards mature.

The real weak link, people, not primes

While researchers debate qubit counts, most breaches still happen the old-fashioned way: phishing emails, credential stuffing, and unpatched servers. A 22-bit quantum demo makes headlines, but a weak admin password opens real doors today. The cryptographic apocalypse hasn’t arrived, but vigilance and upgrade plans need to stay on every risk register.

Looking ahead

The Chinese experiment is a milestone for quantum engineering, not a death knell for internet security. RSA remains resilient in 2025, yet the countdown to Q-Day has begun. The prudent path is dual-track: harden human factors now and accelerate post-quantum adoption before hardware catches up.

Open question: When quantum computers finally scale, will industry have completed the migration, or will attackers be sitting on troves of “harvest-now, decrypt-later” data? The race is on, and complacency is the biggest vulnerability of all.

Photo Credit: DepositPhotos.com