Self‑Built QPU Stack Claims to Factor RSA‑1024: What the Analysis Shows

Breaking News

On a quiet day in April 2026, a tweet from renowned cryptographer Jean‑Philippe Aumasson announced that he had factored RSA‑1024‑1 using a self‑built QPU stack, linking to a GitHub Gist with the full source code and a video demonstration.

Who Is the Cryptographer

Aumasson is the author of the second edition of "Serious Cryptography" (No Starch Press, 2024), designer of the BLAKE3, BLAKE2, and SipHash hash functions, co‑designer of the NIST post‑quantum signature standard SLH‑DSA, and co‑founder and CISO of Taurus SA.

What Is the Code

The public Gist contains about 1,600 lines of Python. Although it declares a "quantum" function table, most of the heavy lifting uses classic factor‑finding methods such as Miller‑Rabin primality testing and Lenstra elliptic‑curve factorisation.

Key function quantum_theater(n) – the so‑called "quantum theater" – does not implement any quantum circuit or gate‑level logic; it merely prints coloured progress bars to simulate quantum activity.

The script includes a disclaimer in the control flow: it cannot handle RSA‑level semiprimes and suggests using specialised tools like msieve or cado‑nfs if it fails.

The video shows terminal animations, quantum‑register loading, and QFT derivations, but all of these are generated by the quantum_theater function and contain no evidence of real quantum hardware or verifiable qubit operations.

The Named Verifier

Aumasson explicitly mentioned Yuval Adam, a well‑known "ultimate verifier" in quantum‑cryptanalysis, who previously replaced a claimed quantum backend with /dev/urandom and observed no difference, demonstrating that the alleged quantum attack was in fact a classic algorithm dressed in quantum terminology.

Fact‑Check Comparison

Hardware evidence : none – no quantum device was presented.

Algorithm implementation : classic algorithms plus a visual "quantum" printing routine.

Target number : RSA‑1024‑1; the code explicitly states it cannot handle RSA‑level large integers.

Video authenticity : purely simulated terminal animation reproducible by anyone with the script.

Publication purpose : likely a thought‑experiment or a pre‑emptive warning about post‑quantum migration rather than a genuine breakthrough.

Blue Team Perspective: What We Fear

From an operational security viewpoint, the "breakthrough" does not hold up. Factoring a real RSA‑1024 semiprime would require far more qubits than any existing quantum computer possesses. The code merely shows that classic methods can produce a convincing quantum‑style demo.

The deeper concern is why a leading expert would stage such a claim. It appears tied to his upcoming Black Hat Asia 2026 talk titled "Preparing for 'Q‑Day': Why Quantum Risk Management Is a Must," using the claim as a catalyst to highlight lingering RSA‑1024 deployments.

RSA‑1024 has been discouraged by NIST since 2013, yet many legacy systems still rely on it.

The Real Value of the Experiment

The paradoxical design lets anyone reproduce the same "quantum cracking" animation, but no one can actually break RSA with it. This forces organizations to ask:

Is your organization still using RSA‑1024?

Do your vendors ship products that default to RSA‑1024?

Have you performed a quantum‑risk assessment?

If the answer is "I’m not sure" or "We haven’t started," the experiment has achieved its purpose.

Our Action Checklist

Asset inventory : Identify all assets, certificates, and systems using RSA‑1024 or weaker keys.

Migration planning : Draft a timeline to move to post‑quantum cryptography, prioritising internet‑exposed authentication services.

Standards monitoring : Track NIST PQC selections (CRYSTALS‑Kyber, CRYSTALS‑Dilithium, SPHINCS+), and validate implementations promptly.

Frontier monitoring : Continuously follow quantum‑computing progress and establish an early‑warning mechanism.

Conclusion

Aumasson released code that can never truly break RSA, tagged a top verifier, and left the challenge "Your move." Whether this is a textbook example of responsible disclosure or a crafted security‑awareness stunt, defenders must act now rather than waiting for an actual attack; the tombstone of RSA‑1024 may already bear the date of this "joke."