[Cryptography] Has quantum cryptanalysis actually achieved anything?
Jon Callas
jon at callas.org
Mon Feb 24 15:03:30 EST 2025
Apropos of the discussion, this morning on twitter I saw:
<https://twitter.com/mjos_crypto/status/1893989617575092240>
Oh lord, they published it <screen shot> [This is the paper on the D-Wave
factorization of a 2048-bit RSA number -- jdcc]
<https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=10817698>
If you look at the ten "2048-bit factorizations" in appendix S1, the distance
p-q between the factors is either 2 (a prime pair) or 6. You just compute square
root of n and guess one bit -- the complexity is literally 2^1.
So there's another slight-of-hand trick. Pick a number with the primes really close to each other. I guess this is a real attack on Rabin, though, right? And that's interesting, as we know Rabin is hard.
I also saw <https://arxiv.org/pdf/1411.6758> another subset factorization. Note that I said "subset" because I share the outrage at people pumping up the result, while thinking that inside there's something interesting going on. I could rathole into some interesting speculation, I think.
Jon
More information about the cryptography
mailing list