View Single Post
Old 2021-04-01, 14:12   #2
CRGreathouse
 
CRGreathouse's Avatar
 
Aug 2006

3×1,993 Posts
Default

If large enough quantum computers come to pass, then all numbers of a certain size will be easy to factor. This size will depend on various factors of the quantum computer, but in the worst case (for you -- best case for the person factoring) an n-qubit computer can factor a number up to 2^(n-1) or so.

There's a huge speedup to be gained if a person is factoring many numbers at once, so your security margin has to be wide enough to account for this.

Integer factorization is an area of active research, so you should be prepared for major advances that could reduce your security margin at any time.

I would not base a cryptocurrency on integer factorization, there are just too many risks. (Selfishly, I hope you do -- it would increase the incentive to do research in this area!)
CRGreathouse is offline   Reply With Quote