Whence comes your confidence that the government has either a publicly unknown factoring algorithm on classical computers, or a quantum computer with enough q-bits (and well enough shielded from thermal background that the state doesn’t decohere) to implement Schor’s algorithm?
Short of that RSA, used as a key exchange method for a strong private key method, provides quite adequate security against NSA attack. (I like sending RSA encrypted keys better than Diffie-Hellman, but that’s just me.)
I teach RSA, El Gamal and Diffie-Hellman about once every three years in a short-course on cryptology. I beg to differ, but the algorithms are all trivial
to implement. The only impediment to their use might be finding a enough
100 to 200 digit primes, but again, a competent programmer with a good knowledge of number theory should have no problem.
ok, I trust you. I’m more a patent expert than security expert.