0

"Factoring integers with sublinear resources on a superconducting quantum processor" seems to indicate the end is getting closer for RSA - much faster than anticipated earlier:

We proceed by estimating the quantum resources required to factor RSA-2048. We find that a quantum circuit with 372 physical qubits and a depth of thousands is necessary to challenge RSA-2048 even in the simplest 1D-chain system. Such a scale of quantum resources is most likely to be achieved on NISQ devices in the near future.

But does this method affect ECC?

In other words: If we get the NISQ device needed to break RSA-2048 using the method above, will that affect ECC with a comparable strength?

Can we buy some time by moving to ECC now, so we can wait for the pqcryto to be standardized, before we move to pqcrypto?

fgrieu
  • 140,762
  • 12
  • 307
  • 587
Ole Tange
  • 331
  • 6
  • 14
  • We have a question about that aspect of the linked article. In said article, the 24 authors discuss a technique purported to improve how hypothetical Cryptographically Relevant Quantum Computer could factor integers, thus break RSA. It's unclear if the idea holds water. And there's neither a word about ECC, nor any advance towards CRQC hardware. The present comment is not an answer, it only aims at giving context. – fgrieu Mar 27 '23 at 11:45
  • 2
    Also discussed at length here. Short version: the article is misleading (read: wrong) and does not threaten RSA in any way. – Geoffroy Couteau Mar 27 '23 at 11:59

0 Answers0