Partial matches on a secure hash don't break anything. They don't get you any closer to a full match. And it's trivial to match the first few bits of a hash; just try a hundred random values. Or for 20 bits, do about a million, etc.

Right, so my point is that there isn't a way to incentive partial matches in a way to break these. Partial matches don't get you any closer to the complete solution.

The payouts for partial matches aren't because partial matches are useful. They're incentive to keep guessing.

If you have an 70 bit hash to break and offer a pile of money to whoever cracks it, you won't get a whole lot of attention. Instead you can offer a steady stream of rewards to anyone that matches at least the first 50 bits, building up a swarm of miners. Eventually someone will match all 70.

The question is whether you can set up a scheme like this for factorization. We already know it's a viable mining method for hashes.

I think it's RSA 2048, in which case even if you ran all the computers until the the sun supernovas, you wouldn't be able to factor it probably.

In this case the keys are secure, since the calculators moved from 512 bit keys to 2048 bit keys. But the proposal was more about general RSA cracking, and there are a whole lot of 1024 bit keys out there that could be cracked by a cryptocurrency-scale network.

But even with current tech and current methods, 2048 is doable long before the sun burns out. Bitcoin's approaching 2^80 hashes per day, on par with 1024 bit RSA. Rope in 10x as many computers and you could crack 2048 bit RSA in a mere billion days, give or take some constant factors.

The sun's way too small to supernova anyway. It will become a red giant that blows off the outer layers and leaves behind a white dwarf.