[Cryptography] Claims of factoring 2048-bit RSA
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Nov 6 09:48:44 EST 2023
On 11/3/23 17:34, Amarendra Godbole wrote:
> https://www.bankinfosecurity.com/blogs/researcher-claims-to-crack-rsa-2048-quantum-computer-p-3536
>
> Of course quantum computer. I am not qualified enough to comment on
> this article and its claims, though this group has many people who
> are.
I, too, am not an expert, but I note that some who are say that the news
of RSA's imminent demise is overrated:
https://arstechnica.com/information-technology/2023/01/fear-not-rsa-encryption-wont-fall-to-quantum-computing-anytime-soon/
I've checked with people who know the matter well, and they have assured
me that this view is at least consistent with the known facts (about the
universe and about quantum computing):
* No one knows how to make quantum computers that are large enough to
factor numbers large enough so that they can realistically be used in RSA.
* No one knows whether this failure is "just" engineering or whether
there is something more fundamental going on.
* The current record for factoring an actual integer on an actual
quantum computer with Shor's algorithm (the main source of speedup for
factoring on quantum computers), unchallenged since 2016, is 21 = 3*7.
* A 2019 attempt to factor 35 was aborted because too many errors were
accumulating (source: Wikipedia).
* If ever RSA should be challenged by quantum computers, we expect to
see this number increase, but certainly not from 21 all the way to
2^2048 in one go.
In my opinion, that doesn't mean that we shouldn't research post-quantum
algorithms. We should, just to be on the safe side. But I at least am
not worried about RSA just yet (for what that's worth).
Peter Gutmann has a good non-technical writeup that summarises the
current situation, in my opinion quite accurately:
https://www.cs.auckland.ac.nz/~pgut001/pubs/heffalump_crypto.pdf
Fun
Stephan
More information about the cryptography
mailing list