6

1

As discussed in this question, the expected security of 1024-bit RSA is 80-bits:

NIST SP 800-57 §5.6.1 p.62–64 specifies a correspondence between RSA modulus size $n$ and expected security strength $s$ in bits:

`Strength RSA modulus size 80 1024 112 2048 128 3072 192 7680 256 15360`

According to Wikipedia, we now have a 20-qubit quantum computer:

IBM Q System One is a 20-qubit computer.

**Question:** If we tried to use a 20-qubit computer, e.g. IBM Q System One, to calculate the $\sim {2}^{80}$ keys in the 1024-bit RSA keyspace, how long would it take?

Can you clarify what the quantum computer is supposed to do? That is, what does it mean to "calculate a key"? – Sam Jaques – 2020-12-11T23:55:11.310

That means brute force, calculate all possible combinations of 1024 bit encryption key, it is related to one of my questions in the crypto.StackExchange [https://crypto.stackexchange.com/questions/70829/how-long-does-it-take-to-crack-rsa-1024-with-a-pc] – R1- – 2020-12-12T00:10:25.720

Related:

– Rajiv Krishnakumar – 2021-02-11T20:19:02.363"How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits"by Gidney & Ekerå.2

Related: "

– Nat – 2019-06-17T19:14:22.363What does a “real” quantum computer need for cryptanalysis and/or cryptographic attack purposes?" from SE.Cryptography.2

Related: "

– Nat – 2019-06-17T19:16:03.487Applicability of IBM's projected 50-qubit quantum computer Q to cryptanalysis?" from SE.Cryptography.