[upofadown]

State level factorization is probably somewhere in the 1024 bit RSA range with a Manhattan Project level of effort. The extra difficulty when going to 2048 bits is around a billion (1E9). So that would mean that the estimate assumes that we are going to be able to increase our computing capability by a factor of a billion in ten years. That seems very unlikely to me.

Mooore's law has the number of transistors doubling every 2 years (not for sure faster transistors, just transistors). So for 10 years we get 2^5=32. That seems well short of a billion and it is generally accepted that current technology is going to run into fundamental physical limits fairly soon.

Ignoring physical limits, if Moore's law holds it works out to 60 years for state level attacks on 2048 bit RSA.

[zinekeller]

> State level factorization is probably somewhere in the 1024 bit RSA range with a Manhattan Project level of effort. The extra difficulty when going to 2048 bits is around a billion (1E9). So that would mean that the estimate assumes that we are going to be able to increase our computing capability by a factor of a billion in ten years. That seems very unlikely to me.

I mean, Moore's law is hanging but that doesn't mean that they can just, you know, expand their computer footprint? To be precise, NSA (or is it NRO?) is preparing for a warehouse-size supercomputer and it is conceivable that other countries are bucking up with this.

Plus, after the "let's rely on Moore's law" tactic, chip design has another boost of investment, and it's paying off. IPCs, despite the clocks hovering around 5GHZ, is increasing and specialised chips and immersion and/or sub-zero cooling can boost this further. It's rather exciting after the relative stagnation last decade.

[upofadown]

>doesn't mean that they can just, you know, expand their computer footprint?

A billion times? Would there be enough money in the world to pay for it? Enough resources?