## No, RSA Is Not Broken

I have been seeing this paper by cryptographer Peter Schnorr making the rounds: “Fast Factoring Integers by SVP Algorithms.” It describes a new factoring method, and its abstract ends with the provocative sentence: “This destroys the RSA cryptosystem.”

It does not. At best, it’s an improvement in factoring—and I’m not sure it’s even that. The paper is a preprint: it hasn’t been peer reviewed. Be careful taking its claims at face value.

Some discussion here.

I’ll append more analysis links to this post when I find them.

EDITED TO ADD (3/12): The latest version of the paper does not have the words “This destroys the RSA cryptosystem” in the abstract. Some more discussion.

Anonymous • March 5, 2021 11:48 AM

Be careful. There are indicators that the author did not upload the preprint and the latest version does not contain the mentioned sentence. It has also been part in this blog: https://blog.fefe.de/?ts=9ec00c82

In https://www.math.uni-frankfurt.de/~dmst/teaching/WS2019/SVP9.pdf it says “This proves polynomial time bound.”. The paper may still be wrong.