If it is proved that P=NP, what happens to crypto?

Question

If various PKC is shown to be not NP=Hard, what happens to crypto? More importantly, what happens to crypto wallets? If it is shown that P=NP for many currently assumed to be hard problems, but finding the easy solution is itself hard, does the original problem remain NP=Hard?

What happens for factoring algorithms if P=NP?, Consequences of P=NP for Authentication Are post-quantum cryptographic ciphers also secure if the P=NP conjecture holds true? and more search for P NP — kelalaka, Nov 27 '23 at 21:13

score 1 · Answer 1 · answered Nov 27 '23 at 20:22

1

If P=NP and the polynomial complexity is not unreachable (a sufficiently high constant can still render polynomial time impractical) then all non-information-theoretically secure cryptography is impossible in principle.

The reason being is that any computationally-bound cryptography can be represented as a circuit. And solved by solving an NP problem such as boolean satisfiability.

answered Nov 27 '23 at 20:22

LightTunnelEnd

224
7

Ok. Which problems would satisfy P=NP with regard to cryptography, if polynomial time answers are found? – Zekchelovek Nov 28 '23 at 03:15
Would direct methods for factoring and discrete log (modular math) qualify? – Zekchelovek Nov 28 '23 at 03:16
If a method of finding factors, or the "secret" number in a mod operation takes only 5-10x the amount of computation as running the original function, would that qualify as answering the problems as being easy? – Zekchelovek Nov 28 '23 at 03:27

score 0 · Answer 2 · answered Nov 28 '23 at 06:35

First of all, $P\neq NP$ has to do with worst-case complexity not average case, so it's really not a good basis for developing cryptosystems in the positive direction. Systems based on problems which are NP-hard were broken. You want your cryptosystem to be hard to break on average.

With regards to your question:

a method of finding factors, or the "secret" number in a mod operation takes only 5-10x the amount of computation as running the original function, would that qualify as answering the problems as being easy?

Even breaking a supposedly one-way function with a polynomial factor of extra complexity would be easy. So if the reverse direction can be computed within $f(n)\times (n)$ where $f(n)$ is a polynomial and $C_f(n)$ is the complexity of the forward computation, this would be enough to be considered a break. We want $f(n)$ to be exponential in $n$ for security.

Your other comments are unclear. What is a "direct method for factoring or DL"?

Thank you for answer. A direct method means a new process that does not require an exponential amount if time, and has few iterations; i.e., not normal factoring , in the case of finding factors. Think of it like using pi to get area of a circle, as opposed to breaking it into endless rectangles to get answer. — Zekchelovek, Nov 28 '23 at 14:50
I should have been more clear; DL and factoring are separate processes, but i want to know the effect of breaking either or both. — Zekchelovek, Nov 28 '23 at 14:52

If it is proved that P=NP, what happens to crypto?

2 Answers2