Your Money May Not Survive a Quantum Heist

As your credit card is scanned one final time this holiday season, say thanks to prime numbers for keeping the checkout queues short and your money safe. Well, most of the time anyway.

Much of the cryptography that goes into beating credit-card fraud comes down to 3,5, 7 … 197, integers that can only be divided into themselves and 1. Banks randomly generate two very large primes — say, 150 digits long — and use their product to encrypt the payment authorization from the microchip of your card to the point-of-sale terminal.

Even supercomputers can’t easily decipher the original numbers because the time required to run any of the known algorithms increases exponentially with their length. A 250-digit number that was part of a 1991 factorization challenge was finally broken down into a product of two primes in 2020. On a single advanced computer running nonstop, the calculations would take 2700 years.

The Rivest–Shamir–Adleman — or RSA — private keys generated with the help of large numbers allow issuing banks to affix a unique, tamper-proof digital signature via the microchip embedded in most cards nowadays. With EMV chips replacing magnetic strips, the menace of counterfeiting has gone down appreciably. Payment scams are now more likely in e-commerce where cards don’t have to be physically present.

However, a new challenge is emerging that could begin to erode the protection offered by prime numbers, perhaps as soon as by the end of this decade.

The first hint of trouble came at the start of the millennium. A team of scientists at International Business Machines Corp. exploited the mysterious interplay of subatomic matter and energy to run calculations that would be impossible on a classical computer. Their primitive quantum computer figured out that 15 was a product of 3 and 5. A subsequent experiment in 2012 split 21 into 3 and 7.