[devel] RSA-2048 всё

[Vitaly Chikunov]

On Wed, Jan 04, 2023 at 07:44:49AM +0300, Andrey Savchenko wrote:
> https://arxiv.org/pdf/2212.12372.pdf
> 
> TL;DR 372 кубит достаточно для взлома RSA-2048 с комбинацией
> алгоритмов Шора и Шнорра.
> 
> Уже существует машина на 443 кубита:
> https://newsroom.ibm.com/2022-11-09-IBM-Unveils-400-Qubit-Plus-Quantum-Processor-and-Next-Generation-IBM-Quantum-System-Two

"But I would hope that IBM would demonstrate at least a small handful of
 perfect logical qubits in Osprey. Maybe six or seven."

"In my personal view, IBM will need to demonstrate five to eight logical
 qubits with quantum error correction and six nines of qubit fidelity for
 logical qubits later this year to maintain any sense of technical
 credibility.

Based on reading some IBM papers, the possibilities would be:

 6 logical qubits. If 65 physical qubits are needed for each logical qubit.
 7 logical qubits. If 57 physical qubits are needed for each logical qubit."

"No documented attempt to implement quantum error correction (QEC) or
 logical qubits."

> 
> Эллиптические алгоримы пока что не подвержены, но и для них есть
> модификация алгоритма Шора, так что подобная оптимизация — лишь
> вопрос времени. Действующие ассиметричные ГОСТы все на них.

"Estimates for the number of physical qubits required to break 256-bit
 ECC in one hour (and these physical qubits would still be to a high
 engineering specification, perhaps beyond that of Condor) is 317*10^6 per
 work by Webber et al. Similarly, they quote 13*10^6 physical qubits of
 this high quality to solve this problem inside a day."

> 
> Самое неожиданное, что решёточные постквантовые алгоритмы тоже
> закопали, т.к. научились использовать шумящие кубиты.
> 
> Best regards,
> Andrew Savchenko



> _______________________________________________
> Devel mailing list
> Devel на lists.altlinux.org
> https://lists.altlinux.org/mailman/listinfo/devel