RSA
RSA is the first practical public-key cryptosystem, published in 1978 by Rivest, Shamir, and Adleman (original paper). Its security rests on the difficulty of factoring the product of two large primes: the public key includes a modulus n equal to p times q, and recovering the private key is equivalent to finding p and q. RSA provides both encryption and digital signatures, and for decades it secured most of the web through TLS certificates and key transport.
Quantum vulnerability
Shor's algorithm factors integers in polynomial time on a large quantum computer, recovering an RSA private key directly from the public modulus (Shor 1995). A quantum computer of sufficient scale would therefore break every RSA key at any size, including 2048-bit and 4096-bit keys, since larger keys only raise the classical cost. This is why standardization efforts replace RSA key establishment with ML-KEM and RSA signatures with lattice-based schemes. Data captured today under RSA remains exposed to harvest now, decrypt later collection.
Sources
Cite this entry
"RSA." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/rsa@misc{pqwiki-rsa,
title = {RSA},
howpublished = {\url{https://postquantum.wiki/rsa}},
year = {2026},
note = {postquantum.wiki, updated 2026-07-11}
}