Claus P. Schnorr is a big name in cryptography, no doubts, but I'd not take this work of him as a serious one for many reasons:
1- It falls on its own because of an irrational conclusion it has made about 800 bits RSA keys being breakable by just 4.8*1010 arithmetic operations. It is literally nothing, like few seconds for a modern cpu, and there are many 800 bits challenges out there waiting for a champ with a brilliant algorithm to overcome in real time.
2- SVP and lattice based methods in general terms, are not new technologies, they have been around for quite a while, and it is very unlikely to disrupt the integer factorization problem by applying improved versions of such methods.
3- In this paper, Schnorr, again uses his suggested pruning technique from the 1990s, which is not established as being rigorous enough.
4- Even in its first stages of getting peer reviewed, the paper has received strong backlash from cryptanalysts.
Conclusion
No, RSA, the way it is used in the industry with very long keys, is not close to a break point, even for 800 bits long keys which are obsolete anyway, state-of-the-art algorithms can not do the job by utilizing less than two thousands CPU-core*years.
No need to remind that the whole story has nothing to do with bitcoin as RSA is not employed here.
EDIT:
In spite of the last point I made above being absolutely valid, it is also true that such a hypothetical breakthrough in the integer factorization would be somehow unpleasant news for Bitcoin because it suggests the feasibility of similar developments in the discrete logarithm problem field which ECDSA is based on it.
Topic: Claus P. Schnorr, claims .. “destroys the RSA cryptosystem” (Read 244 times)
I meant to answer this but life happened and I somehow forgot this thread. Even though it doesn't really affect Bitcoin I'll give this a shot anyway.
Yes.
I think he only found a fast method for special cases. Just from the abstract you can see that he had to use a certain number n to make the factorization work, and even then it only works for particular numbers. I mean come on, he literally used 2400 and 2800 as examples [OK, numbers *close* to, but the point still stands - they are handpicked examples].
I could not fully digest the algorithms but as the Medium article said, for this discovery to be significant, it has to work on RSA numbers, which have exactly two factors. You'd have to find an n that factors it correctly so it's not very useful, given that there is no formula that can guess the right n if it even exists.
I assume this is the same “Schnorr” as in “Schnorr signatures”?
Yes.
I think he only found a fast method for special cases. Just from the abstract you can see that he had to use a certain number n to make the factorization work, and even then it only works for particular numbers. I mean come on, he literally used 2400 and 2800 as examples [OK, numbers *close* to, but the point still stands - they are handpicked examples].
I could not fully digest the algorithms but as the Medium article said, for this discovery to be significant, it has to work on RSA numbers, which have exactly two factors. You'd have to find an n that factors it correctly so it's not very useful, given that there is no formula that can guess the right n if it even exists.
As far as I know, nothing in Bitcoin depends on RSA or is susceptible to integer factoring.
I saw some FUD saying it was going to kill Bitcoin..
I’m not very learned on cryptography but I did some reading, and I thought it was interesting that cloudfare specifically cited Bitcoin a couple times..
https://blog.cloudflare.com/a-relatively-easy-to-understand-primer-on-elliptic-curve-cryptography/
From what I understand Bitcoin uses ECC instead of RSA because it takes up a lot less space/data to achieve the same or more security.. And also uses SHA which is not based on factoring either..
But I do read...
“ cryptocurrencies have shunned RSA in favor of signatures based on elliptic curves, initially ECDSA and later moving towards pairing-based cryptography. Ethereum is the lone exception, having added native RSA support with EIP-198. “
https://www.google.com/amp/s/randomoracle.wordpress.com/2019/07/14/ethereum-mixing-with-rsa-getting-by-without-zero-knowledge-proofs/amp/
So maybe it will kill ETH..
Maybe I’ll throw a topic in altcoins and ask about that.. https://bitcointalksearch.org/topic/eth-vulnerable-schnorr-claims-new-exploit-destroys-the-rsa-cryptosystem-5321945
As far as I know, nothing in Bitcoin depends on RSA or is susceptible to integer factoring.
“ A recent paper, “Fast Factoring Integers by SVP Algorithms” by Claus P. Schnorr, claims significant improvements in factoring that “destroys the RSA cryptosystem”.”
https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0
“ Claus Peter Schnorr recently posted a 12-page factoring method by SVP algorithms. Is it correct?”
https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur
From what I am seeing this could be big if true/correct.. I’m not seeing any mention of it here yet..
I assume this is the same “Schnorr” as in “Schnorr signatures”?
Does this mean anything to Bitcoin or other coins that use different algorithms?
A laymen’s explanation could also be very helpful to many here (including me)..
https://sweis.medium.com/did-schnorr-destroy-rsa-show-me-the-factors-dcb1bb980ab0
“ Claus Peter Schnorr recently posted a 12-page factoring method by SVP algorithms. Is it correct?”
https://crypto.stackexchange.com/questions/88582/does-schnorrs-2021-factoring-method-show-that-the-rsa-cryptosystem-is-not-secur
From what I am seeing this could be big if true/correct.. I’m not seeing any mention of it here yet..
I assume this is the same “Schnorr” as in “Schnorr signatures”?
Does this mean anything to Bitcoin or other coins that use different algorithms?
A laymen’s explanation could also be very helpful to many here (including me)..
Jump to: