We are talking to different things. There is linear engineering progress for getting from 32 bits to 256 bits being factored is my claim.

If we want to talk RSA the engineering journey from factoring 21 to 35 is big, because it requires creating logical qubits with error rates that we are only now seeing companies report. But the engineering journey from 32 bits that are tolerant enough to run a factoring algorithm to doing the same with 4096 appears linear in engineering cost is what I am claiming.

For RSA specifically the resource have come down. I am not yet up to date on this round of papers however the 2024 result https://eprint.iacr.org/2024/222 had it down to n/2 + O(N) logical qubits.

▲ newpavlov a day ago | parent [-]

>it requires creating logical qubits with error rates that we are only now seeing companies report

And yet 21 was not factored on a real hardware.

>There is linear engineering progress for getting from 32 bits to 256 bits being factored is my claim.

IMO it's a very bold claim until linear progress is demonstrated between 8, 16, and 32 bits. Not in theoretical papers. On a real hardware. With honest experiments using arbitrary integers.

It's easy to claim "QC will repeat Moore's law!" especially when your salary depends on it, but the practical evidence is quite lacking at the moment.

	▲	spr-alex a day ago \| parent \| next [-]
		So once again since I think I am not explaining it well, it might take a long time to go from factoring 21 to 35, and a long time from 35 to anything bigger, but from that point on the engineering has scaled up to the point that progress is very sudden. So if the canary in the coal mine is a 32-bit integer being factored, then the runway for deploying fixes is terminally short for defenders
	▲	pseudohadamard 9 hours ago \| parent \| prev [-]
		`And yet 21 was not factored on a real hardware.` Yes it was, they used a VIC-20. Also an abacus. Not to mention a barking dog. https://eprint.iacr.org/2025/1237