Closed BenS-3 closed 4 days ago
For what it's worth, I'm still not a fan of the updated text ("10 seconds" -> "a much shorter time"). There's no a priori reason why it might the runtime should be shorter; the paper aims to minimise the number of qubits, which I could believe might actually increase the runtime.
(I lack the knowledge to infer anything from the paper, so I'm happy to be corrected.)
Thanks, fixed text in the latest version of the draft.
Section 7.2 claims that RSA-2048 can be broken with 4099 logical qubits in 10 seconds. It references an academic paper for the 2n+3 figure, but the 10 seconds figure is taken from a company blog, which itself doesn't cite where it got that figure from (the 2n+3 paper doesn't discuss runtimes AFAICT).
I haven't previously heard claims for figures approaching 10 seconds with such a low number of qubits, and my view is that an RFC should aim to cite a credible source that explains where those figures came from.
Otherwise, I'd be in favour of removing that claim. The referenced Gidney/Ekerå paper is already sufficient for proving RSA-2048 can be broken in a short time frame.