The Road Ahead: Assessing RSAâs Long-Term Viability
The Road Ahead: Assessing RSAâs Long-Term Viability êŽë š
In 1994, Peter Shorâs algorithm[1], demonstrated that a quantum computer can factor large integers in polynomial time, thereby efficiently breaking RSAâs underlying hard problem - the difficulty of factoring .
Although experimental quantum computers have made progress, they remain far from having the number of stable qubits required to break RSA keys of practical sizes ( or bits).
In anticipation of large-scale quantum computers, the cryptographic community is actively developing and standardizing algorithms believed to be resistant to quantum attacks. These include lattice-based schemes (such as CRYSTALS-Kyber and NTRU), code-based cryptography (such as the McEliece cryptosystem), hash-based signatures (such as XMSS), and multivariate polynomial cryptosystems.
Itâs important to note that while OAEP and PSS improve the security of RSA against classical attacks, they do not protect RSA from quantum attacks. In a post-quantum world, even the most secure classical padding will not prevent a quantum computer from breaking RSA using Shorâs algorithm.
In the near term, RSA remains in widespread use and, when implemented with padding schemes such as OAEP and PSS, continues to provide strong security against classical adversaries. But looking ahead, itâs expected that organizations will gradually migrate to post-quantum algorithms as they mature and become standardized.
Algorithms for quantum computation: discrete logarithms and factoring â©ïž