Your submission is now in Draft mode.

Once it's ready, please submit your draft for review by our team of Community Moderators. Thank you!

Your essay is now in Draft mode

Once you submit your essay, it will be available to judges for review and you can no longer edit it. Please make sure to review eligibility criteria before submitting. Thank you!

Submit Essay

Once you submit your essay, you can no longer edit it.

Pending

This content now needs to be approved by community moderators.

Submitted

This essay was submitted and is waiting for review by judges.

Will 2048-bit RSA be broken before 256-bit ECC?

Question

Elliptic Curve Cryptography (ECC) is gaining widespread adoption in the IT industry and is seen as a replacement for RSA, which has been the standard for public key cryptography for decades.

5 years ago, industry experts suggested that the Discrete Logarithm Problem that RSA relies upon, may be solved within "4-5 years". This may mean that RSA will be broken imminently, or it may remain secure well into the future.

Neither ECC nor RSA are particularly quantum resistant. However, 2048-bit RSA requires a larger number of qubits than 256-bit ECC, 4098 qubits and 2330 qubits respectively, to break using currently known algorithms (Shor's Algorithm). So it stands to reason that if RSA is not broken by conventional computers before a 2330 qubit quantum computer can be made practical, which some estimate to be ~10 years from now, ECC will be broken and RSA may be able to remain secure, at least temporarily.

The question contemplates two possible eventualities:

A) The CA/Browser Forum announces the end of trust of digital certificates using 2048-bit RSA.

B) NIST/FIPS, ANSI, or other comparable standards organization recommends discontinuance of 256-bit ECC due to credible reports of the algorithm being rendered insecure.

Question resolves positively if (A) occurs before both (B) and the resolution date (4/29/30); resolves negative if (B) occurs before both (A) and the resolution date; resolves ambiguous otherwise.

Note: Discontinuance of specific ECC curves such as P-256 or secp256r1, as an example, will not necessarily cause negative resolution because a problem might be found in the specific curve parameters and not the ECC algorithm itself. This is also the reason the CA/Browser Forum is not used for negative resolution as only a few specific curves are widely supported in digital certificates.

Make a Prediction

Prediction

Note: this question resolved before its original close time. All of your predictions came after the resolution, so you did not gain (or lose) any points for it.

Note: this question resolved before its original close time. You earned points up until the question resolution, but not afterwards.

This question is not yet open for predictions.

Current points depend on your prediction, the community's prediction, and the result. Your total earned points are averaged over the lifetime of the question, so predict early to get as many points as possible! See the FAQ.

Metaculus help: Predicting

Predictions are the heart of Metaculus. Predicting is how you contribute to the wisdom of the crowd, and how you earn points and build up your personal Metaculus track record.

The basics of predicting are very simple: move the slider to best match the likelihood of the outcome, and click predict. You can predict as often as you want, and you're encouraged to change your mind when new information becomes available.

The displayed score is split into current points and total points. Current points show how much your prediction is worth now, whereas total points show the combined worth of all of your predictions over the lifetime of the question. The scoring details are available on the FAQ.

Thanks for predicting!

Your prediction has been recorded anonymously.

Want to track your predictions, earn points, and hone your forecasting skills? Create an account today!

Track your predictions
Continue exploring the site