It also bugged me that different classes of attacks were grouped together to build a "case" against RSA.

Looking at the slides again:

"There is a small but real chance that both RSA and non-ECC DH will soon become unusable"

"key sizes may have to up to 16kbit" - "wildly impractical" (WHY???)

L(1/4) isn't quite enough to make RSA unusable with large enough keys. I ran the numbers for 64k but you don't need to go as large.

It's not clear that this sort of linear progression presented is real. Some math problems don't see any progress in a long time and some see big progress rapidly. Seems to me like it's trying to find a pattern where there isn't one necessarily.

To conclude. RSA may fall tomorrow. ECC may fall tomorrow. AES may fall tomorrow. I agree with the principle we need to have some agility built in to cryptosystems (though if it falls we're kind of screwed). Maybe we need to combine cryptosystems such that one breaking won't take us down. Added complexity and changes create attack opportunities (at least current implementations are battle hardened).

Are you asking why a 16384 bit RSA key is considered wildly impractical? I assume you understand that using RSA-16384 is silly given the alternatives.

I was just stating the fact that factoring 768 bit keys is still difficult (though doable given enough time/compute power). I'm not implying you should use 768 bit keys.

I saw the slides and read various articles that followed and none of them seemed to be specifically concerned about 1024 bit RSA keys. Can you point me to where in the presentation slides that is emphasized as the main concern?

It's quite one thing to say we should be concerned that 1024 bit keys can be compromised and or to say DH/RSA is dead. I wasn't at the presentation so I don't know what was presented.

Title of thread is "Math Advances Suggest RSA Encryption Could Fall Within 5 Years (technologyreview.com) "

Not: "Math Advances Suggest 1024 bit RSA keys may be factorable within 5 years"