While your online banking session may still feel secure, the foundations of digital encryption are facing a quiet but accelerating threat. A research team in China has managed to factor a 22-bit RSA key using a quantum annealer. The experiment, led by Wang Chao at Shanghai University, shows that quantum computing once theoretical is now gradually chipping away at the mathematical backbone of modern cybersecurity.
Using a D-Wave Advantage quantum annealing processor, the Shanghai-based team solved a problem that had previously stumped similar systems: factoring a 22-bit RSA semiprime. RSA encryption, long considered one of the pillars of secure digital communication, relies on the practical difficulty of factoring large semiprime numbers with only two prime factors.
“Using the D-Wave Advantage, we successfully factored a 22-bit RSA integer, demonstrating the potential for quantum machines to tackle cryptographic problems,” the researchers wrote.
Though 22 bits is nowhere near the 2048-bit keys used in real-world systems, the breakthrough matters because it surpasses past limits (which stopped at 19 bits) and does so with more efficient qubit use and reduced noise.
While most headlines about quantum cracking of RSA revolve around Shor’s algorithm, which requires error-corrected, gate-based quantum machines (still in development), this study used a more immediately available approach: quantum annealing.
Rather than finding periodicity (as Shor’s does), the researchers reframed RSA factoring as a combinatorial optimization problem, converted it into a Quadratic Unconstrained Binary Optimization (QUBO) format, and let the D-Wave annealer search for the lowest energy state — a process enabled by qubit tunneling in a 15 millikelvin environment.
This strategy plays to D-Wave’s strength in optimization, even if it scales poorly with key size. Still, as hardware evolves, these tiny cracks could widen, especially with D-Wave planning a 7,000+ qubit Zephyr-topology processor soon.
Interestingly, the team didn’t stop at RSA. They also applied this technique to Substitution–Permutation Network (SPN) ciphers like Present and Rectangle, commonly used in embedded systems.
They called it “the first time that a real quantum computer has posed a substantial threat to multiple full-scale SPN structured algorithms in use today.”
That may overstate things slightly; these algorithms haven’t been “broken,” but the fact that they were seriously targeted by quantum processors is a milestone in itself.
The study has triggered concern among security analysts. As Prabhjyot Kaur from Everest Group put it: “The advancement of quantum computers can seriously threaten data security and privacy for various enterprises.”
Even if current quantum devices can’t crack 2048-bit RSA yet, post-quantum planning is already underway. The U.S. National Institute of Standards and Technology (NIST) finalized new post-quantum cryptography (PQC) standards in 2024 (FIPS 203, 204, and 205) and selected the HQC algorithm in 2025 for future rounds.
At a White House event, federal agencies were urged to transition now, warning that adversaries could be hoarding encrypted data for “hack now, decrypt later” attacks.
The Wall Street Journal put it bluntly: “Businesses must treat cryptographic renewal like a multi-year infrastructure project.”
Yet, many organizations haven’t inventoried which cryptographic algorithms they use. Experts recommend beginning with an audit, then gradually adopting quantum-safe libraries like Open Quantum Safe and testing hybrid key exchange schemes pairing classical RSA with lattice-based methods like CRYSTALS-Kyber to ensure forward secrecy.
While a 22-bit key wouldn’t secure your email, the Shanghai team’s work proves that quantum annealing is improving, especially with clever noise reduction and modeling techniques. Even though the experiment required substantial classical pre- and post-processing, the history of cryptography teaches us not to dismiss these early victories.
Remember DES? It took just four years after the first cracks for it to fall to a $250,000 custom-built machine in 1998.
The study is published in the Chinese Journal of Computers.
