RSA

RSA is the first practical public-key cryptosystem, published in 1978 by Rivest, Shamir, and Adleman (original paper). Its security rests on the difficulty of factoring the product of two large primes: the public key includes a modulus n equal to p times q, and recovering the private key is equivalent to finding p and q. RSA provides both encryption and digital signatures, and for decades it secured most of the web through TLS certificates and key transport.

Quantum vulnerability

Shor's algorithm factors integers in polynomial time on a large quantum computer, recovering an RSA private key directly from the public modulus (Shor 1995). A quantum computer of sufficient scale would therefore break every RSA key at any size, including 2048-bit and 4096-bit keys, since larger keys only raise the classical cost. This is why standardization efforts replace RSA key establishment with ML-KEM and RSA signatures with lattice-based schemes. Data captured today under RSA remains exposed to harvest now, decrypt later collection.

Sources

  1. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems (MIT, 1978)
  2. FIPS 186-5, Digital Signature Standard (DSS) (NIST, 2023)
  3. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer (arXiv, 1995)
Cite this entry
"RSA." postquantum.wiki. Updated July 11, 2026. https://postquantum.wiki/rsa@misc{pqwiki-rsa, title = {RSA}, howpublished = {\url{https://postquantum.wiki/rsa}}, year = {2026}, note = {postquantum.wiki, updated 2026-07-11} }