2

An efficient algorithm for factoring would be a major mathematical achievement giving the person who discovered it anstant fame. About two years ago, C. P. Schnorr claimed such a breakthrough but it turned out the approach did not work as well as he thought. The technical details of his approach were extensively discussed with good answers in this question here.

I want to ask about responsible disclosure of such catastrophic breakthroughs. The answers may to an extend be opinion based but I think there are real issues to discuss.

A question here discusses what responsible disclosure should look like, with factors such as who to inform, how much time to allow before public disclosure, etc.

Schnorr's method of disclosure (stemming from I presume a belief in a major breakthrough) was to put up a preprint claiming the result. If he was right, this would have pretty much instantly rendered all RSA based cryptograpy insecure.

The question then becomes, is it even possible to have responsible disclosure of such a major breakthrough?

One sketch of a possible response is that places like CERT, government authorities, Root CAs, etc. need to be notified so that the standards are "rolled over". Staying in the alternate universe where Schnorr was successful, how much time is needed to expunge RSA from the ecosystem? The fact that it is being expunged will surely leak and cause panic. If the person who achieved the breakthrough is discovered before the system is replaced her life will surely be in danger. So will this approach even work?

I hope to see an interesting discussion, and I think this question is not off-topic.

kodlu
  • 22,423
  • 2
  • 27
  • 57
  • 1
    Don't the researchers give 6 months before disclosure and In the meantime, they also provide possible mitigations? The Black Hat contains tons of such attacks? for example HartBleed? – kelalaka Nov 10 '23 at 09:10
  • Yes, sure, but I am asking about something as major as Schnorr's claimed breakthrough. He just published it. Did he really have another option? It would affect all crypto, no? So maybe the question is, is it possible to effectively expunge all traces of RSA from the internet infrastructure in 6 months? Schnorr wants to publish his mathematical breakthrough, and there is always the possiblity that he may get scooped by someone else while waiting. It is common for math breakthroughs to happen simultaneously – kodlu Nov 10 '23 at 09:15
  • 1
    Well, nobody can force Schnorr or someone else (publish or perish). They work theoretically, If you work in the wild, as the GCD them all attacks you inform the corresponding. This depends on the case, I think. – kelalaka Nov 10 '23 at 09:23
  • 3
    Facing a lesser kind of situation in 1999, I posted a public announcement, circulated test vectors to (initially skeptical) researchers that contacted me, learned LaTex to publish a paper at Eurocrypt 1999, made a lecture. The vulnerable signature standard was withdrawn. – fgrieu Nov 10 '23 at 10:04
  • 1
    How about proving that you have a solution without disclosing it (by solving challenges, or using ZK proofs if you want to be fancy), and leaving people, say, a year to adapt? – Geoffroy Couteau Nov 10 '23 at 22:11
  • @fgrieu Did you consider selling that to DGSE or a 3rd party company? – Paul Uszak Nov 11 '23 at 12:50

1 Answers1

1

Or, you don't.

This question is predicated on the notion that such a break though is made by an academic (as was Schnorr). And also that it would be "catastrophic". To whom?

Since we're dealing with alternative realities, can I suggest an alternative to your alternative? The brightest and best cryptographers work for the NSA, so imagine if the NSA achieves the breakthrough. Would that not then be an "advantageous" break through for the entire world? It would only be catastrophic for terrorists, paedophiles and those countries we don't like. And disclosing such would only benefit them. This is the main principle of the NOBUS doctrine.

So instead of naive disclosure, the discoverer might try being a patriot, think of the children and keep it within/offer it their government.

Or, or, you could try to sell it as discussed here. If cryptography is your profession and rice bowl, then why not?

Paul Uszak
  • 15,390
  • 2
  • 28
  • 77
  • 2
    What is more likely to happen is that the person who creates the breakthrough in such an organization keeps it to themselves. Given the existence of cryptocurrencies, not doing so is literally pissing billions of dollars away. – LightTunnelEnd Nov 10 '23 at 19:19
  • @LightTunnelEnd , Balls. I hadn't thought of that scenario. I have limited knowledge of cryto, but do you really believe that a distributed (so called immutable) blockchain could be subverted so? – Paul Uszak Nov 10 '23 at 20:04
  • 2
    For example, if you break the discrete log problem in secret, you can start stealing billions of dollars. You can also start forging zero knowledge proofs for most schemes. – LightTunnelEnd Nov 10 '23 at 21:34