## Calculating power of a quantum computer --- RSA

6

1

As discussed in this question, the expected security of 1024-bit RSA is 80-bits:

NIST SP 800-57 §5.6.1 p.62–64 specifies a correspondence between RSA modulus size $$n$$ and expected security strength $$s$$ in bits:

Strength  RSA modulus size
80        1024
112        2048
128        3072
192        7680
256       15360


According to Wikipedia, we now have a 20-qubit quantum computer:

IBM Q System One is a 20-qubit computer.

Question: If we tried to use a 20-qubit computer, e.g. IBM Q System One, to calculate the $$\sim {2}^{80}$$ keys in the 1024-bit RSA keyspace, how long would it take?

Can you clarify what the quantum computer is supposed to do? That is, what does it mean to "calculate a key"? – Sam Jaques – 2020-12-11T23:55:11.310

That means brute force, calculate all possible combinations of 1024 bit encryption key, it is related to one of my questions in the crypto.StackExchange [https://crypto.stackexchange.com/questions/70829/how-long-does-it-take-to-crack-rsa-1024-with-a-pc] – R1- – 2020-12-12T00:10:25.720

Related: "How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits" by Gidney & Ekerå.

– Rajiv Krishnakumar – 2021-02-11T20:19:02.363

2

Related: "What does a “real” quantum computer need for cryptanalysis and/or cryptographic attack purposes?" from SE.Cryptography.

– Nat – 2019-06-17T19:14:22.363

2

Related: "Applicability of IBM's projected 50-qubit quantum computer Q to cryptanalysis?" from SE.Cryptography.

– Nat – 2019-06-17T19:16:03.487