1. 9

  2. 19

    There appears to be some doubt about the authenticity of this submission: https://mobile.twitter.com/real_or_random/status/1366909368105598976

    1. 4


      I think it’s safe to say we’re reaching the middle of the confusion.

    2. 5

      The pdf says nothing about breaking RSA and is dated

      work in progress 31.10.2019

      Probably someone else submitted a real preprint by Schnorr and added dubious claims.

      1. 4

        It’s much easier to convince people with a PoC than with a paper.

        1. 7

          Some would even say PoC||GTFO

          1. 1

            That’s really not how it works for most real-world vulnerabilities today.

          2. 2

            A method of computing a factorisation more efficiently than current state of the art methods doesn’t imply that actually computing such a factorisation is cheap.

            1. 2

              Could be dangerous to submit a PoC for this kind of thing

              1. 2

                Probably a couple of days less dangerous than submitting the paper, at best. There’s been revisions of this paper around for a while as far as I can tell. If it posed any real threat to RSA, we’d have seen something by now.

                That said, I hope I’m wrong. A world with broken RSA is a more interesting world to live in.

              2. 1

                There is some pseudocode in the paper. I don’t know if that counts.

                1. 2


                  Proof of concept isn’t some pseudocode for me. Proof would be an example with code you can execute to verify it along with some measured times in this case. Should be easy enough to publish some python code that can do this.

              3. 3

                The wikipedia page about the author says:

                On 1 March 2021, a paper by Schnorr on the fast factoring of integers was submitted to the Cryptology ePrint Archive. The abstract included in the submission, but not in the paper, claims that it “destroyes the RSA cryptosystem”[1]. A later version of the paper[2] existed at the time of the submission. These are continuation of earlier work published 2013”[3]. None of these papers considers factorization of integers larger than 800-bit, when the public experimental record is 829-bit[4], and 1024-bit RSA is widely considered obsolete.

                1. 5

                  That edit was added because the submission was on HN: https://news.ycombinator.com/item?id=26323870

                  If there was ever a good reason for stuff on the internet to be cryptographically signed, it would be this.

                2. 2

                  More reactions and analysis on crypto.SE (some overlap with twitter). Everyone so far agrees that the paper is off in its estimates and doesn’t actually provide a new state-of-the-art for factoring, so nothing is broken.

                  1. 2

                    My current feeling is we’re getting a glimpse of a brilliant person who may be having a mental health crises. There are prominent cryptographers who also believe that https://twitter.com/kennyog/status/1367132559117848583.

                    1. 2

                      Prediction: RSA wasn’t destroyed.