[Cryptography] Has quantum cryptanalysis actually achieved anything?

[Peter Gutmann]

When I did the "Why quantum cryptanalysis is bollocks" writeup I avoided
getting bogged down in technical detail and just went for the empirical
gnosticism, because once you fall into the mathematical/physics sophistry you
can make people believe anything.

However someone recently pointed out that since the only two non-smoke-and-
mirrors factorisations we have, of 15 and 21, used the compiled form of Shor's
algorithm, which requires knowing the answer in advance and takes advantage of
special properties of the numbers, it could actually be claimed that we have
zero cases of quantum cryptanalysis working in a real-world scenario, not two.

(For a quick overview of how this works, see "Pretending to factor large
numbers on a quantum computer", John Smolin, Graeme Smith, and Alex Vargo).

Since pointing this out is going to make a lot of people very angry, what
would be the best way of stating this?

Peter.