Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
newpavlov 2 days ago

Have they factored 21 yet? [0] IMO most of us can ignore such pieces until a practical factorization of arbitrary 32 bit integers is demonstrated on a QC. And even after this "easy" milestone is achieved, I think it will be at least a decade until QC will be a practical cryptographic threat. And it's generously assuming that a Moore-like scaling is possible for QC.

[0]: https://algassert.com/post/2500

spr-alex a day ago | parent [-]

My read of this post is that there's nuance here and that by the time we see 32-bit integers being factored then the roadmap to 256 bit integers can be counted in months on ten fingers rather than being a decade out. The underlying scaling needed to go to 32 bit requires only linear progress to get to 256

newpavlov a day ago | parent [-]

>The underlying scaling needed to go to 32 bit requires only linear progress to get to 256

Nope. Firstly, for RSA you need to scale from 32 to 4096. Secondly, Shor requires N^2*log(N) quantum gates where N is number of bits in the integer, so the scaling is superquadratic. And it's very much an open question whether QEC protocols will continue to work with the same efficiency on the required scales.

spr-alex a day ago | parent | next [-]

We are talking to different things. There is linear engineering progress for getting from 32 bits to 256 bits being factored is my claim.

If we want to talk RSA the engineering journey from factoring 21 to 35 is big, because it requires creating logical qubits with error rates that we are only now seeing companies report. But the engineering journey from 32 bits that are tolerant enough to run a factoring algorithm to doing the same with 4096 appears linear in engineering cost is what I am claiming.

For RSA specifically the resource have come down. I am not yet up to date on this round of papers however the 2024 result https://eprint.iacr.org/2024/222 had it down to n/2 + O(N) logical qubits.

newpavlov a day ago | parent [-]

>it requires creating logical qubits with error rates that we are only now seeing companies report

And yet 21 was not factored on a real hardware.

>There is linear engineering progress for getting from 32 bits to 256 bits being factored is my claim.

IMO it's a very bold claim until linear progress is demonstrated between 8, 16, and 32 bits. Not in theoretical papers. On a real hardware. With honest experiments using arbitrary integers.

It's easy to claim "QC will repeat Moore's law!" especially when your salary depends on it, but the practical evidence is quite lacking at the moment.

spr-alex a day ago | parent | next [-]

So once again since I think I am not explaining it well, it might take a long time to go from factoring 21 to 35, and a long time from 35 to anything bigger, but from that point on the engineering has scaled up to the point that progress is very sudden. So if the canary in the coal mine is a 32-bit integer being factored, then the runway for deploying fixes is terminally short for defenders

pseudohadamard 9 hours ago | parent | prev [-]

  And yet 21 was not factored on a real hardware.
Yes it was, they used a VIC-20. Also an abacus. Not to mention a barking dog. https://eprint.iacr.org/2025/1237
12 hours ago | parent | prev [-]
[deleted]