0

Nowadays, private key systems like AES have replaced RSA. Even for digital signatures, people mostly use ECC, so even if an efficient integer factorization algorithm is made, would it be a threat to digital security anymore? Or is this danger just an idea in the past?

Patriot
  • 3,162
  • 3
  • 20
  • 66
Muhammad Usman Qureshi
  • 19
  • 2

2 Answers2

3

AES is a secret-key cryptosystem, and as such can't replace a public-key cryptosystem like RSA, or an ECC-based one.

Examine how the certificate of a web server is signed and you'll see RSA is far from dead, and actually remains king when it comes to static signature of certificates, for excellent reasons. If you look at the present server, not only the certificate is RSA-signed, but the key signed is actually RSA.

Thus yes, an integer factorization algorithm faster than GNFS for balanced biprimes would be a big deal. If it makes factoring a 1984-bit (or even 1536-bit) RSA modulus borderline feasible for well-funded adversaries, or factoring a 1024-bit RSA modulus feasible for more casual hackers, it could be a threat to the current IT infrastructure. 2048-bit RSA is extensively used, or 1984-bit when 255 bytes is a sound barrier, 1536-bit on occasions, and 1024-bit in legacy systems including some door locks (but it's easy to kick these open or sneak in).

I'm far from ruling out we'll see the RSA-1024 (former) challenge openly factored in the next 5 years, or that this size is already factored covertly. I'm ready to bet we'll get there unless a global disaster strikes, and that it won't first be with a quantum computer.

Addition: when RSA is used for encryption, factorization of the public key remains a threat as long as the encrypted data remains of interest and did not leak. Thus even if Post-Quantum Crypto had a fast adoption rate (contrary to human nature of not changing what works unless that's indispensable within a defined time frame), factoring RSA moduli will remain of practical interest decades after.

fgrieu
  • 149,326
  • 13
  • 324
  • 622
2

Efficient factorization algorithm will not matter in the future not because of AES or ECC - AES is data encryption, RSA and ECC both can be used for key encapsulation and digital signature. Factorization will cease to matter in the future when "post-quantum" schemes are deployed, because they rely on completely different hard problems to achieve security.

DannyNiu
  • 10,640
  • 2
  • 27
  • 64