[Cryptography] Has quantum cryptanalysis actually achieved anything?
Jon Callas
jon at callas.org
Thu Feb 20 14:46:21 EST 2025
> On Feb 20, 2025, at 00:32, Peter Fairbrother <peter at tsto.co.uk> wrote:
>
> On 20/02/2025 07:57, Jon Callas wrote:
> [...]
>>
>> As a factoid, the special forms that 15 and 21 have is that they're 2^n-1 * 2^n+1 -- so a string of 1 bits times a high bit, a bunch of zero bits, and then the low bit.
>
> So, don't use prime pairs for RSA? Just in case...
>
> Personally I'd use safe* primes, none of this 128- or whatever- bit
> factors of p-1, avoiding unnecessary structure; and there aren't any**
> pairs of safe primes
No, it's just that those factorings did not pick an arbitrary number, they picked one that would be easier to solve. I'm not criticizing the feat, nor, I think is Peter. We're just noting that it was a subset of Shor's algorithm that only factors numbers of that form.
Jon
More information about the cryptography
mailing list