# Algorithms for quantum computation: discrete logarithms and factoring

@article{Shor1994AlgorithmsFQ, title={Algorithms for quantum computation: discrete logarithms and factoring}, author={Peter W. Shor}, journal={Proceedings 35th Annual Symposium on Foundations of Computer Science}, year={1994}, pages={124-134} }

A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a cost in computation time of at most a polynomial factor: It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas…

## 6,086 Citations

### Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

- Computer ScienceSIAM Rev.
- 1999

Efficient randomized algorithms are given for factoring integers and finding discrete logarithms, two problems that are generally thought to be hard on classical computers and that have been used as the basis of several proposed cryptosystems.

### Quantum Resistant Cryptography

- Computer Science
- 2012

Algorithms proposed by Peter Shor solve the integer factoring problem and the discrete logarithm problem quite efficiently, and thereby crack RSA-based cryptosystems and Diffie-Hellman key exchange.

### Quantum algorithms for computing short discrete logarithms and factoring RSA integers

- Computer ScienceIACR Cryptol. ePrint Arch.
- 2017

The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.

### Quantum Computers, Factoring, and Decoherence

- PhysicsScience
- 1995

Here it is shown how the decoherence process degrades the interference pattern that emerges from the quantum factoring algorithm, a problem of practical significance for cryptographic applications.

### Quantum algorithms for computing short discrete logarithms and factoring RSA integers

- Computer Science
- 2017

This paper generalizes the quantum algorithm for computing short discrete logarithms to allow for various tradeoffs between the number of times that the algorithm need be executed on the one hand, and the complexity of the algorithm and the requirements it imposes on the quantum computer on the other hand.

### Shor's discrete logarithm quantum algorithm for elliptic curves

- Computer Science, MathematicsQuantum Inf. Comput.
- 2003

We show in some detail how to implement Shor's efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller…

### Proposing a Quantum simulator for integer factorization1

- Computer Science
- 2016

The key idea, following the pioneering suggestions of Feynman[4], is to translate factoring arithmetics into the physics of a device whose superposition of states mimics the problem i.e.: a factoring (analog) computer.

### Quadratic Sieve Factorization Quantum Algorithm and its Simulation

- Computer ScienceArXiv
- 2020

This paper has designed a quantum variant of the second fastest classical factorization algorithm named "Quadratic Sieve", and constructed the simulation framework of quantized quadratic sieve algorithm using high-level programming language Mathematica.

### An initial step toward a quantum annealing approach to the discrete logarithm problem

- Computer ScienceSECURITY AND PRIVACY
- 2022

This work converts the discrete logarithm problem over a multiplicative group into the problem of minimizing a binary quadratic form, a standard problem format acceptable to a quantum annealer, and presents a first step made in this direction.

### A Compare between Shor's quantum factoring algorithm and General Number Field Sieve

- Computer Science2014 International Conference on Electrical Engineering and Information & Communication Technology
- 2014

This paper compared Shor's algorithm and GNFS in factoring integer in a standalone system to find the most efficient classical factoring algorithm.

## References

SHOWING 1-10 OF 33 REFERENCES

### The quantum challenge to structural complexity theory

- Physics, Computer Science[1992] Proceedings of the Seventh Annual Structure in Complexity Theory Conference
- 1992

There are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive turning machines, yet they can be implemented even in practice by quantum mechanical apparatus.

### Quantum complexity theory

- Computer ScienceSTOC
- 1993

This paper gives the first formal evidence that quantum Turing machines violate the modern (complexity theoretic) formulation of the Church--Turing thesis, and proves that bits of precision suffice to support a step computation.

### Two-bit gates are universal for quantum computation.

- PhysicsPhysical review. A, Atomic, molecular, and optical physics
- 1995

A proof is given, which relies on the commutator algebra of the unitary Lie groups, that quantum gates operating on just two bits at a time are sufficient to construct a general quantum circuit. The…

### On the power of quantum computation

- Computer ScienceProceedings 35th Annual Symposium on Foundations of Computer Science
- 1994

This work presents here a problem of distinguishing between two fairly natural classes of function, which can provably be solved exponentially faster in the quantum model than in the classical probabilistic one, when the function is given as an oracle drawn equiprobably from the uniform distribution on either class.

### Quantum Circuit Complexity

- Computer ScienceFOCS
- 1993

It is shown that any function computable in polynomial time by a quantum Turing machine has aPolynomial-size quantum circuit, and this result enables us to construct a universal quantum computer which can simulate a broader class of quantum machines than that considered by E. Bernstein and U. Vazirani (1993), thus answering an open question raised by them.

### An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance

- Computer Science, MathematicsIEEE Trans. Inf. Theory
- 1978

An improved algorithm is derived which requires O(log2 p) complexity if p 1 has only small prime factors and such values of p must be avoided in the cryptosystem.

### Oracle Quantum Computing

- Computer ScienceWorkshop on Physics and Computation
- 1992

Oracles are constructed relative to which there is a decision problem that can be solved with certainty in worst-case polynomial time on the quantum computer, yet it cannot be solved classically in probabilistic expected polynometric time if errors are not tolerated.

### A rigorous time bound for factoring integers

- Mathematics
- 1992

In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l…

### Quantum theory, the Church–Turing principle and the universal quantum computer

- Physics, PhilosophyProceedings of the Royal Society of London. A. Mathematical and Physical Sciences
- 1985

It is argued that underlying the Church–Turing hypothesis there is an implicit physical assertion. Here, this assertion is presented explicitly as a physical principle: ‘every finitely realizible…

### An approximate Fourier transform useful in quantum factoring", IBM Research Report RC19642 ,; R. Cle

- Computer Science
- 1994

We define an approximate version of the Fourier transform on $2^L$ elements, which is computationally attractive in a certain setting, and which may find application to the problem of factoring…