BenS-3
commented
2 weeks ago For what it's worth, I'm still not a fan of the updated text ("10 seconds" -> "a much shorter time"). There's no a priori reason why it might the runtime should be shorter; the paper aims to minimise the number of qubits, which I could believe might actually increase the runtime.
(I lack the knowledge to infer anything from the paper, so I'm happy to be corrected.)
tireddy2
Section 7.2 claims that RSA-2048 can be broken with 4099 logical qubits in 10 seconds. It references an academic paper for the 2n+3 figure, but the 10 seconds figure is taken from a company blog, which itself doesn't cite where it got that figure from (the 2n+3 paper doesn't discuss runtimes AFAICT).
I haven't previously heard claims for figures approaching 10 seconds with such a low number of qubits, and my view is that an RFC should aim to cite a credible source that explains where those figures came from.
Otherwise, I'd be in favour of removing that claim. The referenced Gidney/Ekerå paper is already sufficient for proving RSA-2048 can be broken in a short time frame.