(algassert.com)

335 points ingve | 1 comments | 31 Aug 25 12:14 UTC | HN request time: 0s | source

Show context

AceJohnny2 ◴[31 Aug 25 14:24 UTC] No.45083369[source]▶

What does this mean about the size (and thus feasibility) of a circuit required to factor a cryptographically interesting number, say, to be generous, RSA1024?

replies(3): >>45083384 #>>45083585 #>>45085971 #

Davidzheng ◴[31 Aug 25 14:50 UTC] No.45083585[source]▶

>>45083369 #

Off topic, but are cryptographers convinced that on the new gigawatt data centers RSA1024 is infeasible to factor? I gather that the fastest known algorithms are still too slow to factor it in reasonable time. But is consensus that there will not be improvements to these algorithms in near future?

replies(5): >>45083630 #>>45083640 #>>45084065 #>>45084254 #>>45087766 #

rwmj ◴[31 Aug 25 14:56 UTC] No.45083640[source]▶

>>45083585 #

Number Field Sieves are still the best method, and the techniques are three or more decades old with only incremental improvements. (Of course there might be an incredible breakthrough tomorrow.)

replies(1): >>45083688 #

tiahura ◴[31 Aug 25 15:01 UTC] No.45083688[source]▶

>>45083640 #

best published method

replies(2): >>45084217 #>>45084376 #

1. littlestymaar ◴[31 Aug 25 16:23 UTC] No.45084376[source]▶

>>45083688 #

True, we can never know what state actors know that we don't, and my cryptography professor at university taught us that NSA likely had 20 years of mathematical advance over the academic crypto community.

That being said, NFS is almost thirty years old so maybe the NSA doesn't have anything better still.

↑

Why haven't quantum computers factored 21 yet?