RSA and ECC are vulnerable to quantum attacks

The Claim

“RSA and elliptic curve cryptography (ECC) will be broken by quantum computers.”

The Verdict: FACT

This is one of the most well-established results in quantum computing. Shor’s algorithm, published by Peter Shor in 1994, provides a polynomial-time quantum algorithm for:

• Integer factorization - breaks RSA
• Discrete logarithm problem - breaks Diffie-Hellman and DSA
• Elliptic curve discrete logarithm - breaks ECDSA and ECDH

The Evidence

Mathematical Proof

Shor’s algorithm is not speculative - it’s a mathematically proven algorithm. Given a sufficiently large, fault-tolerant quantum computer, RSA and ECC will be broken. The only questions are:

1. When will such quantum computers exist?
2. What key sizes will be vulnerable first?

NIST Recognition

NIST has explicitly acknowledged this threat and has completed a multi-year process to standardize post-quantum cryptographic algorithms. In August 2024, NIST published:

• ML-KEM (FIPS 203) - Key encapsulation mechanism
• ML-DSA (FIPS 204) - Digital signature algorithm
• SLH-DSA (FIPS 205) - Stateless hash-based signatures

Timeline Uncertainty

While the threat is fact, the timeline remains uncertain. Current quantum computers have hundreds to thousands of noisy qubits. Breaking RSA-2048 would require millions of error-corrected logical qubits. Estimates range from 10 to 30+ years.

What This Means

Key Takeaways

• RSA and ECC will be broken - this is mathematical fact
• The timeline is uncertain but measured in years to decades, not months
• Post-quantum alternatives are already standardized and available
• Organizations should begin planning their migration now
• Data encrypted today may be vulnerable to “harvest now, decrypt later” attacks

References

• Shor, P. (1994). “Algorithms for quantum computation: discrete logarithms and factoring”
• NIST Post-Quantum Cryptography Standardization
• NIST FIPS 203, 204, 205 (August 2024)