What would happen to the world within one year after someone published an algorithm that could break the RSA encryption instantly?
It is not so hypothetical question as ROCA attack gave as a taste of that in Autumn 2017. A lot of stuff was happening behind the scenes and I believe there are many enterprises are yet to realise some important vulnerabilities (e.g., encrypted documents without proper protection).
What happened then was that affected parties were notified some 9 months before the attack publication. Interestingly, the publication date was fixed mainly because it was to be presented at a conference so companies like HP, Microsoft, Google couldn’t make authors push the date of the publication. Although they did it successfully for pre-release notification, which made life harder for companies “further down the food chain”.
Anything on that scale, assuming it was discovered by law-abiding persons/companies, the “management” of the knowledge would likely be taken over by security agencies or a wide consortium of enterprises or both.
Now, let’s assume the inventors are not happy with keeping it secret and simply publish it - everything is a pure speculation :)
- day 1 - authors will try to find publishing outlets and start getting visibility
- day 2 - first injunctions and gagging orders are issued, news spreads via social networks
- day 7–14 - it will be taken seriously enough for people start verifying the discovery
- day 14 - security patches for web browsers and applications that will extend RSA signatures with timestamps, peer-to-peer verifications, etc
- day 21 - corporations start realising that that the biggest problem are document stores (not transactions)
- day 30 - there are tools out there - closed and open-source
- day 90 - many applications replace RSA with peer-to-peer symmetric encryption
- 1–2 years on - RSA replaced with a new algorithm