For the last two days my inbox (and LinkedIn messages) has been flooded with questions about headlines claiming that “Chinese researchers broke RSA encryption with a quantum computer, threatening global data security.” Let’s address this clearly: No, no such cryptographic apocalypse has occurred, and there’s no indication that such a feat is imminent. In fact, the report making the rounds doesn’t bring the quantum threat any closer to reality, let alone break any of today’s encryption.
This buzz stems from a year-old Chinese research paper that – while scientifically interesting – only managed to factor a very small 22-bit RSA number using a D-Wave quantum annealer. That is a far cry from breaking the 2048-bit RSA keys that protect real-world communications (for context, the largest RSA key ever cracked by classical methods is only 829 bits, RSA-250, factored in 2020). The Chinese paper (published in the Chinese Journal of Computers in May 2024) was discussed in a recent news article with the alarmist title “China breaks RSA encryption with a quantum computer, threatening global data security.” That article – in my view a very irresponsible piece – got picked up by other outlets and spread on social media, fueling confusion.
So, let’s set the record straight.
What Did the Chinese Researchers Actually Achieve?
A team led by Professor Wang Chao at Shanghai University published a paper describing how they factored a 22-bit RSA integer using a D-Wave quantum annealing processor. In plain terms, they broke down a number on the order of 2.3 million (specifically 2,269,753) into its prime factors. They did this by reframing the factoring task as a combinatorial optimization problem that the D-Wave quantum annealer could attempt to solve. Essentially, they demonstrated an academically interesting approach with no practical security value, since it worked only on a trivially small RSA number.
Notably, the team also reported using a hybrid quantum–classical method to factor a larger 50-bit RSA number (around 15 decimal digits) – marking the first time a 50-bit RSA integer was factored on quantum annealing hardware. More recently, in 2025, the same group announced factoring a 90-bit RSA number using an improved hybrid approach. That 90-bit demo is the largest quantum-assisted factorization to date – still far smaller than any RSA keys used in practice, but an impressive academic milestone.
To make matters more confusing, the same researchers also published a paper in late 2024 with the clickbaity title “A First Successful Factorization of RSA-2048 Integer by D-Wave Quantum Computer.” Despite its title, that paper did not actually crack a 2048-bit RSA key in any general sense. It used a bit of mathematical trickery – focusing on a special class of 2048-bit integers that are much easier to factor than a real RSA modulus – to claim a result. In other words, they didn’t factor a standard 2048-bit RSA modulus (the kind used in real encryption); they tackled some specially structured number to theoretically demonstrate a method.
Bottom line: None of these papers come anywhere close to compromising the cryptography currently in use. They haven’t demonstrated any path by which these toy demonstrations could scale up to crack contemporary RSA encryption. These results certainly do not bring the so-called “Q-Day” (the day a quantum computer breaks public-key crypto) any closer, nor do they threaten “global data security.” Given the overly grandiose titles of some of their papers, I suspect the research team is well aware that their claims can bait Western media outlets eager to jump on alarmist “China broke encryption” stories.
Is This a Cryptographic Breakthrough? Not Really.
So, is the Chinese 22-bit factoring experiment a meaningful cryptographic breakthrough? Not really. Here’s why this result does not mean RSA is “cracked”:
Trivial Key Size: A 22-bit RSA key is astronomically smaller than the 2048-bit keys used in real encryption. A 22-bit RSA modulus (≈2 million) is so small that a classical laptop can factor it in milliseconds. Even the “breakthrough” 50-bit or 90-bit examples are tiny. (For comparison, the largest RSA key ever factored classically was a 829-bit number, RSA-250, in 2020.) In short, 22, 50, or 90 bits is nowhere close to 2048 bits – these demonstrations were on cryptographically irrelevant sizes.
No Quantum Speedup: The experiment did not demonstrate any scalable quantum speedup over classical algorithms. There’s no evidence that their method is faster than classical factoring on any larger input – quite the opposite. In January 2023, when another Chinese team claimed a hybrid 372-qubit approach to RSA-2048, experts like Peter Shor quickly pointed out that their algorithm had not been shown to run faster at scale and “could still take millions of years” to factor a real RSA-2048 key. The same principle applies here: there is no proven quantum advantage.
Heavy Classical Assistance: The researchers leaned heavily on classical computation before and after the quantum annealing step. Significant classical pre-processing was used to reduce the problem size and to embed the problem onto the quantum hardware. The D-Wave annealer wasn’t doing all the work – it needed a lot of help from classical algorithms to factor even these tiny numbers.
Exponential Scaling Remains: The approach the team used still suffers from exponential scaling as the numbers grow larger. Even the authors acknowledge that only a 22-bit number “fell this time” and that their strategy “pays a price in exponential scaling,” which is why they couldn’t go beyond such a small modulus. There’s no evidence that their method can leap from toy 50–90 bit examples to, say, a 1024-bit or 2048-bit RSA key without an exponential explosion in required time and qubits. In other words, no feasible path to breaking modern RSA has been demonstrated – certainly not by this experiment.
In short, the paper showcases an interesting research result: it shows that quantum annealers like D-Wave can contribute to factoring very small integers, pushing the state-of-the-art by a few bits. It’s a nice incremental step for quantum optimization research. But it’s nowhere near a practical attack on real encryption, and it doesn’t point to any clear route for scaling up to break RSA-2048.
“The Sky is Falling” – Media Hype and Fear-Mongering
If the Chinese result itself was modest, the media coverage around it was anything but. Some outlets and social media posts spun this into a sensational story, tapping into a narrative of an impending “quantum threat” from China. For example, one news article ran the ridiculous headline quoted above and opened breathlessly with the claim that “the math behind RSA encryption is starting to bend to the will of the quantum realm”. It even went on to call the 22-bit demo “the first time that a real quantum computer has posed a substantial threat to… algorithms in use today” – a gross exaggeration, to put it mildly.
Unfortunately, this kind of hyperbole isn’t isolated. Every few months, we see a similar hype cycle when a Chinese research team announces some incremental progress in quantum computing or cryptography. It’s become a predictable pattern. A few recent examples:
January 2023: A group of Chinese researchers (Yan et al.) claimed that with a 372-qubit quantum computer and a hybrid algorithm, they could factor RSA-2048. This was based on actually factoring only a 48-bit number using a 10-qubit test device. The claim made headlines worldwide and provoked panic about an imminent crypto-breaking quantum machine. Within days, experts debunked it – Peter Shor himself pointed out that the team completely failed to address how fast their algorithm would run and that, given the approach described, it would “still take millions of years” to factor a real RSA-2048 key . In short, the claim was vastly overstated. It generated a huge media buzz about “Chinese quantum supremacy” before cryptographers and quantum scientists swiftly explained why it wasn’t a meaningful threat.
December 2024: The same Wang Chao team in Shanghai published “A First Successful Factorization of RSA-2048…” with that misleading title. As mentioned, it did not actually factor a 2048-bit RSA modulus in the sense people care about, but some media nevertheless ran with it as if “China cracked RSA-2048.” I analyzed that claim at the time in a blog post (see above), showing why it was not even close to breaking a real RSA-2048 key.
April 2025: Wang Chao’s group announced factoring a 90-bit RSA number on a D-Wave quantum computer – the largest quantum-assisted factorization to date. While this is a notable research achievement in the quantum realm, it’s still nowhere near breaking real encryption. Yet, some news articles framed it as a “quantum code breakthrough” inching us toward the dreaded Q-Day when all encryption falls. The South China Morning Post, for instance, touted it as setting a “new benchmark… an achievement that not long ago was thought to be impossible”. True in a narrow technical sense, perhaps, but the tone of such pieces fed the notion that our data might soon be unsafe. In reality, 90 bits vs. 2048 bits is a night-and-day difference.
June 2025: The recent piece we’re discussing took things to another level by explicitly claiming the 22-bit experiment is “threatening global data security.” It even roped in quotes about newly minted post-quantum cryptography standards and advice for businesses to urgently migrate their encryption, implying that this little demo is a sign of imminent crisis. In reality, while organizations should be transitioning to post-quantum encryption (more on that later), this specific experiment doesn’t change any timelines – it was not a sign that RSA is about to collapse tomorrow.
The net effect of these recurring hype cycles is counterproductive. They grab headlines and induce panic, but they also breed confusion and fatigue. If every minor research paper is trumpeted as “the sky is falling,” the public and policymakers either overreact repeatedly or eventually become numb to real warnings. It’s akin to crying wolf – after too many false alarms, when a truly significant quantum breakthrough does occur, people might shrug it off because they’ve heard so many exaggerated claims before.
No Proven Path (Yet) to Cracking RSA-2048
It’s important to understand that the approach used by the Chinese researchers is not new, and it has not been proven to scale anywhere close to RSA-2048. The idea of reducing integer factorization to an optimization problem that something like a quantum annealer could try to solve has been around for decades. (Microsoft researchers, for example, published a paper on “Factoring as Optimization” back in 2002 .) Since then, numerous teams have explored these optimization-based factoring methods, but none have found a scalable way to factor large RSA keys. In practice, these methods keep hitting the same wall of exponential complexity.
The takeaway from all this: RSA-2048 remains unbroken, and none of these results thus far have illuminated a clear path to breaking it without a massive leap in quantum computing capabilities (likely requiring a full-fledged, fault-tolerant quantum computer running Shor’s algorithm someday). The quantum annealing route is a fascinating research direction and will likely continue to improve bit by bit, but it has not demonstrated any change in the fundamental scaling law of the problem. Each time the record is extended by a few bits, the effort required (in qubits, runtime, and classical post-processing) grows dramatically. There’s no sign of a sudden jump from these toy examples to factoring a 1024-bit or 2048-bit RSA key.
It’s also worth emphasizing: the Chinese research team themselves are not claiming they’ve broken RSA-2048, nor that they can decrypt your bank traffic or HTTPS communications. They’re exploring an alternative quantum computing paradigm (adiabatic/annealing computing) for cryptanalysis, which is a valid scientific pursuit. Even Professor Wang Chao has described their progress as “an incremental but essential nudge,” noting that mainstream 2048-bit RSA keys remain far beyond their reach. The real problem is how these results get portrayed outside the lab. The researchers published their findings in academic forums – it’s the media and commentators who often misrepresent them as earth-shattering breakthroughs. (Arguably, the researchers could choose less sensational titles to avoid misinterpretation, but that’s a separate issue.)
Stay Informed, Not Alarmist
None of this is to say that the quantum threat to encryption isn’t real in the long run. It certainly is – in the future. Virtually all experts agree that a sufficiently advanced quantum computer (capable of running Shor’s algorithm at scale) will one day break RSA and ECC. That’s why there is a global effort underway to transition to post-quantum cryptography (PQC) in the coming years. Governments and enterprises should indeed be preparing for Q-Day in a rational way: by inventorying their cryptographic systems, adopting the new PQC standards (such as those being standardized by NIST), and ensuring crypto-agility (the ability to swap out cryptographic algorithms easily) in their infrastructure. These are sensible, proactive measures to guard against future quantum threats.
What we don’t need, however, is panic every time a minor academic result is published – especially when such results are hyped out of proportion. Overreactions and sensationalism can be just as harmful as complacency. It’s crucial to stay informed with facts and context, rather than giving in to alarmism or flashy headlines.
In conclusion, to answer the original question that spurred this discussion: No, Chinese researchers have not cracked RSA-2048. Not even close. What they have done is advance the field of quantum computing research by incrementally factoring larger (but still very small) integers with the help of quantum annealing. It’s a cool result for the quantum optimization community and deserves recognition as such – but it’s not a cause for panic, nor a sign of an impending crypto-apocalypse.
I would also suggest that the researchers themselves be careful in how they present their work to the public. As leading computer scientist Scott Aaronson quipped about one of these recent papers, “one has to anticipate and head off the way that claims are going to be misinterpreted.” In other words, it’s not enough to technically avoid false statements; you should also try to prevent people from reading false things into your statements. That’s advice we could all stand to heed in the midst of a hype-prone environment.
