[anonisko]

"Broken" generally isn't a binary event in cryptography.

It's a continuum from "impossible to do with all the time and energy of the universe and the most advanced computers we have" to "my commodity hardware can crack it in a few minutes".

The same goes for fears of quantum computing breaking current cryptography. It goes from effectively impossible to "yeah, we could break it with a few years of constant computation, which is plenty of time to switch to quantum resistant schemes".

[bawolff]

Well that's generally true, sometimes breakthroughs do happen overnight. Its not impossible.

[anonisko]

Yup. That's why I say generally.

Even if the paper is correct it seems to fall into the 'moving down the continuum' category.

[jMyles]

> "Broken" generally isn't a binary event in cryptography.

If there were, for example, a way to glean a private key without factoring the modulus, I think we'd all agree that this amounts to "breaking" the system insofar as that it changes the applicability of the hardness assumption.

On the other hand, simply achieving a faster way to factor the modulus is, at best, part of a continuum as you say.

[mekster]

> which is plenty of time to switch to quantum resistant schemes

That's not how you treat broken cryptography. If your data is already collected and stored encrypted by a third party which still holds value after several years, you're already in bad shape.