Post-quantum RSA with gargantuan keys
If and when practical scalable quantum computers become available, RSA encryption would be broken, at least for key sizes currently in use. A quantum computer could use Shor's algorithm factor n-bit numbers in time on the order of n^2. The phrase quantum leap" is misused and overused, but this would legitimately be a quantum leap.
That said, Shor's method isn't instantaneous, even on a hypothetical machine that does not yet exist and may never exist. Daniel Bernstein estimates that RSA encryption withterabyte public keys would be secure even in a post-quantum world.
Bernstein said on a recent podcast that he isn't seriously suggesting using RSA with terabyte keys. Computing the necessary key size is an indirect way of illustrating how impractical post-quantum RSA would be.
Related posts- Between now and quantum
- El Salvador's Bitcoin and quantum computing
- Mixing error-correcting codes and cryptography