[tor-dev] Safe post-quantum RSA? So says DJB and others

Taylor R Campbell campbell+tor-dev at mumble.net
Thu Jun 1 15:43:08 UTC 2017

> Date: Thu, 1 Jun 2017 14:03:46 +0000
> From: Hugo Maxwell Connery <hmco at env.dtu.dk>
> Interesting (and surprising):
> https://eprint.iacr.org/2017/351.pdf

This joke paper is an elaborate exercise in burying the lede.

   Abstract: This paper proposes RSA parameters for which (1) key
   generation, encryption, decryption, signing, and verification are
   feasible on today's computers while (2) all known attacks are
   infeasible, even assuming highly scalable quantum computers.


   Concrete parameters and initial implementation (buried on p. 12):
   This section looks at performance in more detail, and in particular
   reports successful generation of a 1-terabyte post-quantum RSA key
   built from 4096-bit primes.

The authors don't actually report successful cryptography operations
with such a key -- only successful generation of the key, after four
days.  The largest key they report a successful public-key operation
with was 256 GB; the largest for a private-key operation, 32 GB.

More information about the tor-dev mailing list