In an advancement for quantum computing, researchers from Shanghai University have used a D-Wave quantum annealing processor to successfully factor a 22-bit RSA number—an achievement previously out of reach for this class of hardware. This marks a new milestone in the cryptographic arms race, where traditional security mechanisms such as RSA encryption face mounting pressure from evolving quantum technologies.
The Mechanics Behind the Breakthrough
The research team, led by Wang Chao, reimagined RSA factoring as a Quadratic Unconstrained Binary Optimization (QUBO) problem. This approach allowed them to harness the D-Wave Advantage system’s quantum annealing capabilities. Unlike universal, gate-based quantum computers that rely on Shor’s algorithm, annealers like D-Wave optimize problems by guiding qubits into a low-energy state where the solution emerges.
What set this experiment apart was their ability to scale beyond the 19-bit barrier that had previously limited quantum annealers. By fine-tuning the Ising model’s local-field and coupling coefficients, they reduced system noise and improved success rates in factoring.
Why a 22-Bit Key Still Matters
While a 22-bit RSA key is negligible by modern cryptographic standards, this development signals significant progress. Conventional RSA keys used today are typically 2048-bit or longer, and remain secure against both classical and near-term quantum attacks. However, the importance of this 22-bit demonstration lies in proof-of-concept scalability.
The Shanghai team’s method showed that fewer physical qubits were needed per variable and that smarter embeddings and reduced noise could bring larger key sizes within reach. It also signals the potential for annealers to threaten other cryptographic systems.
Beyond RSA: Threats to Symmetric Ciphers
The researchers didn’t stop at RSA. They applied the same annealing-based approach to Substitution–Permutation Network (SPN) ciphers like Present and Rectangle—lightweight encryption algorithms commonly used in embedded and IoT devices. This marks the first time a real quantum processor has demonstrated the ability to pose a credible threat to both asymmetric and symmetric cryptographic structures in production today.
Global Response: Standards and Urgency
The threat isn’t hypothetical anymore. Recognizing the accelerating pace of quantum advancement, NIST published the first official post-quantum cryptography (PQC) standards in August 2024, including FIPS 203, 204, and 205, based on lattice-based cryptographic schemes. In March 2025, the standardization of HQC (Hamming Quasi-Cyclic) marked another strategic step.
Meanwhile, the White House has urged U.S. government agencies to proactively replace vulnerable encryption keys, warning of “harvest now, decrypt later” attacks—where encrypted data is stored for future decryption once quantum computing matures.
Algoritha: The Most Trusted Name in BFSI Investigations and DFIR Services
Business at Risk: Few Have Started Migration
Despite growing alerts from government and industry bodies, most businesses remain unprepared. Many organizations still:
- Rely on RSA, ECC, and other quantum-vulnerable encryption.
- Lack cryptographic inventories to understand which algorithms their systems use.
- Do not have transition plans for adopting post-quantum algorithms.
Experts recommend starting with an internal audit, identifying use cases for RSA or ECC, and integrating hybrid schemes that combine classical and post-quantum cryptography. Crypto-agility, the ability to change cryptographic algorithms without system redesigns, is also seen as essential for long-term resilience.
Annealing vs. Shor’s Algorithm: A Different Path
While Shor’s algorithm remains the theoretical gold standard for breaking RSA, its implementation on universal, gate-based quantum machines is limited by error correction and scalability issues. D-Wave’s quantum annealers, although not universal, bypass these issues by using analog evolution in ultra-cold environments (~15mK), making them more stable for certain types of optimization.
Though exponential scaling limits how far this approach can go, the success in factoring 22-bit RSA keys with annealers illustrates an important parallel path to quantum disruption, one that may become more potent with increased qubit counts.
D-Wave is already working on a Zephyr-topology processor with over 7,000 qubits, which promises better connectivity and fewer physical qubits per logical variable—potentially enabling larger-scale cryptographic challenges to be addressed.
The Road Ahead: Prepare, Don’t Panic
While RSA-2048 and beyond remain secure for now, the clock is ticking. Sensitive data that must remain confidential for decades—such as health records, genomic data, and government communications—is most vulnerable if migration efforts are delayed.
Security analysts suggest organizations should:
- Begin crypto inventory audits
- Adopt post-quantum libraries like Open Quantum Safe
- Implement hybrid key exchange methods
- Build systems with crypto-agility
Prabhjyot Kaur from Everest Group emphasized, “Quantum computers are evolving fast, and businesses must treat cryptographic renewal like a multi-year infrastructure overhaul.”