2

An efficient algorithm for factoring would be a major mathematical achievement giving the person who discovered it anstant fame. About two years ago, C. P. Schnorr claimed such a breakthrough but it turned out the approach did not work as well as he thought. The technical details of his approach were extensively discussed with good answers in this question here.

I want to ask about responsible disclosure of such catastrophic breakthroughs. The answers may to an extend be opinion based but I think there are real issues to discuss.

A question here discusses what responsible disclosure should look like, with factors such as who to inform, how much time to allow before public disclosure, etc.

Schnorr's method of disclosure (stemming from I presume a belief in a major breakthrough) was to put up a preprint claiming the result. If he was right, this would have pretty much instantly rendered all RSA based cryptograpy insecure.

The question then becomes, is it even possible to have responsible disclosure of such a major breakthrough?

One sketch of a possible response is that places like CERT, government authorities, Root CAs, etc. need to be notified so that the standards are "rolled over". Staying in the alternate universe where Schnorr was successful, how much time is needed to expunge RSA from the ecosystem? The fact that it is being expunged will surely leak and cause panic. If the person who achieved the breakthrough is discovered before the system is replaced her life will surely be in danger. So will this approach even work?

I hope to see an interesting discussion, and I think this question is not off-topic.

kodlu
  • 25,146
  • 2
  • 30
  • 63

1 Answers1

1

Or, you don't.

This question is predicated on the notion that such a break though is made by an academic (as was Schnorr). And also that it would be "catastrophic". To whom?

Since we're dealing with alternative realities, can I suggest an alternative to your alternative? The brightest and best cryptographers work for the NSA, so imagine if the NSA achieves the breakthrough. Would that not then be an "advantageous" break through for the entire world? It would only be catastrophic for terrorists, paedophiles and those countries we don't like. And disclosing such would only benefit them. This is the main principle of the NOBUS doctrine.

So instead of naive disclosure, the discoverer might try being a patriot, think of the children and keep it within/offer it their government.

Or, or, you could try to sell it as discussed here. If cryptography is your profession and rice bowl, then why not?

Paul Uszak
  • 15,905
  • 2
  • 32
  • 83