Most active commenters

    ←back to thread

    Why haven't quantum computers factored 21 yet?

    (algassert.com)
    335 points ingve | 14 comments | 31 Aug 25 12:14 UTC | HN request time: 0.729s | source | bottom
    Show context
    AceJohnny2 ◴[31 Aug 25 14:24 UTC] No.45083369[source]
    What does this mean about the size (and thus feasibility) of a circuit required to factor a cryptographically interesting number, say, to be generous, RSA1024?
    replies(3): >>45083384 #>>45083585 #>>45085971 #
    Davidzheng ◴[31 Aug 25 14:50 UTC] No.45083585[source]
    Off topic, but are cryptographers convinced that on the new gigawatt data centers RSA1024 is infeasible to factor? I gather that the fastest known algorithms are still too slow to factor it in reasonable time. But is consensus that there will not be improvements to these algorithms in near future?
    replies(5): >>45083630 #>>45083640 #>>45084065 #>>45084254 #>>45087766 #
    1. rwmj ◴[31 Aug 25 14:56 UTC] No.45083640[source]
    Number Field Sieves are still the best method, and the techniques are three or more decades old with only incremental improvements. (Of course there might be an incredible breakthrough tomorrow.)
    replies(1): >>45083688 #
    2. tiahura ◴[31 Aug 25 15:01 UTC] No.45083688[source]
    best published method
    replies(2): >>45084217 #>>45084376 #
    3. consp ◴[31 Aug 25 16:06 UTC] No.45084217[source]
    Are the bitcoins in the first wallets gone? No? I will assume it's still the best method without any irrefutable evidence.
    replies(2): >>45084251 #>>45084273 #
    4. capitainenemo ◴[31 Aug 25 16:09 UTC] No.45084251{3}[source]
    Well, this discussion is about prime number factorisation, and bitcoins use elliptic curve...
    5. tripplyons ◴[31 Aug 25 16:11 UTC] No.45084273{3}[source]
    Bitcoin uses ECDSA to sign transactions, not RSA.

    In addition, selling information to a government on how to break either system would be more valuable than the amount of bitcoin you would able to sell before exchanges stop accepting deposits or the price crashes.

    replies(3): >>45084418 #>>45084444 #>>45085452 #
    6. littlestymaar ◴[31 Aug 25 16:23 UTC] No.45084376[source]
    True, we can never know what state actors know that we don't, and my cryptography professor at university taught us that NSA likely had 20 years of mathematical advance over the academic crypto community.

    That being said, NFS is almost thirty years old so maybe the NSA doesn't have anything better still.

    7. close04 ◴[31 Aug 25 16:27 UTC] No.45084418{4}[source]
    If a government knows you have such information they’ll take it not buy it.

    So your best bet would probably be to try to sell as many BTC as possible then give away the solution for free to your/a government.

    replies(2): >>45085437 #>>45087449 #
    8. aleph_minus_one ◴[31 Aug 25 16:30 UTC] No.45084444{4}[source]
    > In addition, selling information to a government on how to break either system would be more valuable

    Honest question because one can find such claims very often on forums like HN:

    Does there really exist a "feasible" way how some "lone hacker" could sell such information to some government and become insanely rich?

    I know that people who apparently have some deep knowledge about how exploit markets work claimed on HN that "if you have to ask how/where to solve your exploit (i.e. you have the respective contacts), you are very likely not able to".

    This latter observation seems a lot more plausible to me than the claim often found on HN that some "lone individual" would be able to monetize on it if he found a way how to break ECDSA or RSA by selling it to some government.

    replies(1): >>45085411 #
    9. dfedbeef ◴[31 Aug 25 18:07 UTC] No.45085411{5}[source]
    Yes. Start what's known as "a company".
    10. ◴[31 Aug 25 18:09 UTC] No.45085437{5}[source]
    11. cyberax ◴[31 Aug 25 18:11 UTC] No.45085452{4}[source]
    A method to efficiently factor large numbers will also break the ECDSA.
    replies(1): >>45086256 #
    12. CamperBob2 ◴[31 Aug 25 19:26 UTC] No.45086256{5}[source]
    No, ECDSA relies on the hardness of the discrete logarithm problem. Nothing to do with factoring, at least not in the classical sense.

    On a quantum computer, my understanding is that Shor's algorithm could potentially target both problems, though.

    replies(1): >>45086695 #
    13. cyberax ◴[31 Aug 25 20:19 UTC] No.45086695{6}[source]
    Both systems are an example of a hidden Abelian subgroup problem. That is also why Shor's algorithm equally applies to both: https://en.m.wikipedia.org/wiki/Shor%27s_algorithm#Shor's_al...

    So a hypothetical classic algorithm that breaks the RSA is also highly likely to break the ECDSA.

    14. echelon ◴[31 Aug 25 21:54 UTC] No.45087449{5}[source]
    > If a government knows you have such information they’ll take it not buy it.

    They would probably kill you so you couldn't tell others.

    If a government can break crypto, that's worth more than money. Especially if it can remain peerless and undetected.