[dan-robertson]

If you really think your paper destroys RSA, I think there are ethical questions the authors must decide before publishing it.

In particular, I think the right process would be:

1. Give some brief description of the result (eg factoring numbers in O(...)), and some proof (eg a factorisation of the next rsa semiprime, possibly more) that convinces people that your claims are true

2. Wait a while for people to have the chance to not be burned

3. Publish the paper

Instead, the authors seem to be going for:

1. Publish the paper with a provocative abstract.

2. Wait to see who implements the algorithm first.

It doesn’t seem the best idea to me, but what do I know?

[goalieca]

Unlike a zero day, there still remain a number of important factors (haha) to actually break a large number. But crypto systems are special because they rely on trust. The mere sign of weakness is sufficient to kill that trust. A sufficiently resourced state actor may even be ahead.. we don’t know

[vbezhenar]

You're going to be killed or kidnapped between steps 1 and 3.

[dcow]

The pursuit of knowledge should not be subject to any annoying effects said knowledge may have on people hedged against such knowledge becoming available. That’s an anti-liberal recipe for a rather dark society. I don't see the point in tone policing people generating knowledge just to remind them that sometimes knowledge is inconvenient.

[jrochkind1]

"tone policing"? What do you think that phrase means? Who was talking about "tone"?

Do you believe in "responsible disclosure" [1] of security vulnerabilities? How does your stated philosophy apply or not apply to ethics around disclosure of discovered software security vulnerabilities? Is that different?

[1] https://cheatsheetseries.owasp.org/cheatsheets/Vulnerability...

[salawat]

Technically, the poster the poster you replied to could be said to have been tone policing with the assertion of releasing a deliberately "provocative" abstract.

I mean, I get it, it's not the most straightforward mental leap, but I can understand the sentiment.

And as far as responsible disclosure goes, no, the responsible thing to do is to notify everyone at once. Keep in mind if it is right, this means that nation state actors have just been equipped with a roadmap to potentially cracking a lot of banked ciphertext, probably faster than anyone else.

You don't sit on that kind of thing, even if it does mean some corporate actors get burned.

If the only thing saving your rear was an RSA key... Take notice: the clock may have just been significantly advanced. Be you nation-state, corp, or someone who'd just prefer to remain in the shadows.

Suffer thee not information asymmetry to live lest you carry the blood of those you sacrifice on the altar of your limited disclosure. It also hedges against you getting disappeared and suppressing whatever other people you shared it with that remain to keep something so relied upon from being realistically entertained.

I mean, cmon, how long has everyone been joking they'd hate to be the person who discovered how to break RSA, because we all know it would lead t

<SIGNAL_LOST>

[sigzero]

Sorry that is such a bullshit statement.

[dcow]

Can you explain?

[klyrs]

Pursuit of knowledge can be noble, but it can also be horrific. Granted, this isn't horrific, but if RSA is literally "destroyed" then it has potential to do harm, even if we stop using it immediately (which is expensive by itself). Ethics governs good science, and math is no exception

[ChrisLomont]

>I don't see the point in tone policing people generating knowledge just to remind them that sometimes knowledge is inconvenient.

If you found a simple way to kill all of mankind, that could be mitigated by waiting a week to publish while safeguards were implemented, is it wiser to publish immediately and risk someone killing all of mankind or to notify proper groups and then publish later after it won't kill everyone?

Maybe there's some nuance in these things. Ignoring effects of knowledge is not wise.