There's an extremely interesting rebuttal that appears as a comment in the original article. I'm going to quote it below for the benefit of HN readers.
/QUOTE
Bob, February 28, 2020 at 12:15
KEEP USING RSA!
This article is misleading to make it appear that RSA is not secure, but only the only evidence presented is improper implementation.
Properly implemented RSA has been proven secure and unbreakable by the NSA with case studies such as Snowden, Lavabit, dark markets, and ECC is much harder to properly implement than RSA.
The NSA has been pushing ECC because their quantum chips can break it easily. D-Wave, Google, Alibaba, and others already have quantum chips. The disinformation agents claim that “quantum computers don’t exist” which is true because nobody uses a computer to break crypto, they use specialized custom chips.
All ECC (X25519-P521) will be broken by private sector quantum chips before RSA-2048 due to the physical limitations of stabilizing qubits.
The people making false claims against RSA are either being paid or they are useful idiots.
The campaign against RSA is pretty evident for my pattern recognizer, for it comes in distinct waves and employs templated articles, which indicate an organized backing behind it; And it has some markers of psychological manipulation - first and foremost, when you honestly have an Y better than X, you don't yell at everyone imperatively to stop using X, instead you plausibly and intelligibly highlight all the advantages of Y and let the readers draw their own conclusions.
Clearly this is not the tactic used in the article in question and many more alike. One just doesn't promote better things by declaring all prior art inferior unfoundedly without any vested interest.
I'm not sure how Snowden or Lavabit represent a "case study" in favor of RSA over ECC. My recollection is that the federal government never cracked Lavabit's encryption, and that all interactions with the government came in the form of (sometimes gagged) court orders.
I don't think any of those "case studies" prove anything about whether or not the NSA can break RSA. But if they alone could break ECC and not RSA, they would certainly push for ECC.
Because if they were just worried that other groups could break RSA, then presumably they would be happy to provide a demonstration or show evidence for such attacks.
> Afaict RSA is simpler to crack with quantum computers than ECC.
RSA requires 2n qubits to crack, ECC requires 6n. Since the normal RSA key is 2048 bits, and the normal ECC key is 256 bits, RSA requires a 4096 qubit quantum computer, and ECC requires a 1536 qubit quantum computer. If you use 4096 bit RSA and 512 bit ECC keys, this becomes 8192 qubits and 3072 qubits respectively. I'm not aware of any ECC curves larger than 512 bits.
Ultimately, both are broken in a post-quantum world. However, in the interim-quantum world, where quantum computers exist but are noisy and unreliable, RSA is safer.
No, the discrete logarithm problem and the prime factoring problem are very similar and are both solved by Shor's algorithm. I suspect they might actually be equivalent, in a weird way.
/QUOTE
Bob, February 28, 2020 at 12:15
KEEP USING RSA!
This article is misleading to make it appear that RSA is not secure, but only the only evidence presented is improper implementation.
Properly implemented RSA has been proven secure and unbreakable by the NSA with case studies such as Snowden, Lavabit, dark markets, and ECC is much harder to properly implement than RSA.
The NSA has been pushing ECC because their quantum chips can break it easily. D-Wave, Google, Alibaba, and others already have quantum chips. The disinformation agents claim that “quantum computers don’t exist” which is true because nobody uses a computer to break crypto, they use specialized custom chips.
All ECC (X25519-P521) will be broken by private sector quantum chips before RSA-2048 due to the physical limitations of stabilizing qubits.
The people making false claims against RSA are either being paid or they are useful idiots.
/END-QUOTE