[Cryptography] 795-bit factoring and discrete logarithms [NMBRTHRY]

Phillip Hallam-Baker phill at hallambaker.com
Wed Dec 4 08:47:28 EST 2019 

On Mon, Dec 2, 2019 at 7:57 PM iang <iang at iang.org> wrote:

>
> https://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;fd743373.1912&FT=M&P=T&H=&S=
>
>
> *Subject:*
> 795-bit factoring and discrete logarithms
> <https://listserv.nodak.edu/cgi-bin/wa.exe?A2=NMBRTHRY;fd743373.1912&FT=M&P=T&H=&S=>
> *From:*
> Emmanuel Thomé <[log in to unmask]
> <https://listserv.nodak.edu/cgi-bin/wa.exe?LOGON=A2%3DNMBRTHRY%3Bfd743373.1912%26FT%3DM%26P%3DT%26H%3D%26S%3D>
> >
> *Reply To:*
> Number Theory List <[log in to unmask]
> <https://listserv.nodak.edu/cgi-bin/wa.exe?LOGON=A2%3DNMBRTHRY%3Bfd743373.1912%26FT%3DM%26P%3DT%26H%3D%26S%3D>>,
> Emmanuel Thomé <[log in to unmask]
> <https://listserv.nodak.edu/cgi-bin/wa.exe?LOGON=A2%3DNMBRTHRY%3Bfd743373.1912%26FT%3DM%26P%3DT%26H%3D%26S%3D>
> >
> *Date:*
> Mon, 2 Dec 2019 13:53:58 +0100
> *Content-Type:*
> text/plain
> *Parts/Attachments:*
> text/plain
> <https://listserv.nodak.edu/cgi-bin/wa.exe?A3=1912&L=NMBRTHRY&E=0&P=543&B=--&T=text%2Fplain&header=1>
>  (91 lines)
>
>
We have been due a new factorization of RSA for some time. It is clear that
1024
bits is now within reach for an attacker that really wants to break a key.
Fortunately,
there shouldn't be so many 1024 bit keys left that matter.

What does give me concern is that right now, everyone seems to be focused
on the
threat from Quantum cryptanalysis and the threat of algorithm improvement
seems to
be ignored.

Yes, people are doing bigger and bigger science projects. But that is all
they are. We
could build a 10,000 Qbit machine today. What we can't do is operate one
long enough
to make real use of more than a dozen of those QBits.

There are very good reasons to continue to look at Quantum. Not least that
it seems
likely consciousness will turn out to be a Quantum effect. Just as turnips
happily fix
nitrogen without using the temperatures and pressures of our industrial
processes, it
is possible that low temperatures aren't needed for quantum interactions.

The state of quantum certainly justifies serious concern and development of
contingency
plans. But that is a really low bar. Even a 1% probability of successful
development of
quantum cryptanalysis within 20 years demands the current level of
attention QR is getting.

But the current state of quantum does not justify writing off public key
crypto yet. Or
abandoning any public key approaches that we can't be confident can be made
QR.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20191204/aff340de/attachment.htm>

More information about the cryptography mailing list