Algorithms for quantum computation: discrete logarithms and factoring

  title={Algorithms for quantum computation: discrete logarithms and factoring},
  author={Peter W. Shor},
  journal={Proceedings 35th Annual Symposium on Foundations of Computer Science},
  • P. Shor
  • Published 20 November 1994
  • Computer Science
  • Proceedings 35th Annual Symposium on Foundations of Computer Science
A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a cost in computation time of at most a polynomial factor: It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas… 

Figures from this paper

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

  • P. Shor
  • Computer Science
    SIAM Rev.
  • 1999
Efficient randomized algorithms are given for factoring integers and finding discrete logarithms, two problems that are generally thought to be hard on classical computers and that have been used as the basis of several proposed cryptosystems.

Quantum Resistant Cryptography

Algorithms proposed by Peter Shor solve the integer factoring problem and the discrete logarithm problem quite efficiently, and thereby crack RSA-based cryptosystems and Diffie-Hellman key exchange.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.

Quantum Computers, Factoring, and Decoherence

Here it is shown how the decoherence process degrades the interference pattern that emerges from the quantum factoring algorithm, a problem of practical significance for cryptographic applications.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

This paper generalizes the quantum algorithm for computing short discrete logarithms to allow for various tradeoffs between the number of times that the algorithm need be executed on the one hand, and the complexity of the algorithm and the requirements it imposes on the quantum computer on the other hand.

Shor's discrete logarithm quantum algorithm for elliptic curves

We show in some detail how to implement Shor's efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller

Proposing a Quantum simulator for integer factorization1

The key idea, following the pioneering suggestions of Feynman[4], is to translate factoring arithmetics into the physics of a device whose superposition of states mimics the problem i.e.: a factoring (analog) computer.

Quadratic Sieve Factorization Quantum Algorithm and its Simulation

This paper has designed a quantum variant of the second fastest classical factorization algorithm named "Quadratic Sieve", and constructed the simulation framework of quantized quadratic sieve algorithm using high-level programming language Mathematica.

An initial step toward a quantum annealing approach to the discrete logarithm problem

This work converts the discrete logarithm problem over a multiplicative group into the problem of minimizing a binary quadratic form, a standard problem format acceptable to a quantum annealer, and presents a first step made in this direction.

A Compare between Shor's quantum factoring algorithm and General Number Field Sieve

This paper compared Shor's algorithm and GNFS in factoring integer in a standalone system to find the most efficient classical factoring algorithm.



The quantum challenge to structural complexity theory

  • A. BerthiaumeG. Brassard
  • Physics, Computer Science
    [1992] Proceedings of the Seventh Annual Structure in Complexity Theory Conference
  • 1992
There are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive turning machines, yet they can be implemented even in practice by quantum mechanical apparatus.

Quantum complexity theory

This paper gives the first formal evidence that quantum Turing machines violate the modern (complexity theoretic) formulation of the Church--Turing thesis, and proves that bits of precision suffice to support a step computation.

Two-bit gates are universal for quantum computation.

  • DiVincenzo
  • Physics
    Physical review. A, Atomic, molecular, and optical physics
  • 1995
A proof is given, which relies on the commutator algebra of the unitary Lie groups, that quantum gates operating on just two bits at a time are sufficient to construct a general quantum circuit. The

On the power of quantum computation

  • Daniel R. Simon
  • Computer Science
    Proceedings 35th Annual Symposium on Foundations of Computer Science
  • 1994
This work presents here a problem of distinguishing between two fairly natural classes of function, which can provably be solved exponentially faster in the quantum model than in the classical probabilistic one, when the function is given as an oracle drawn equiprobably from the uniform distribution on either class.

Quantum Circuit Complexity

  • A. Yao
  • Computer Science
  • 1993
It is shown that any function computable in polynomial time by a quantum Turing machine has aPolynomial-size quantum circuit, and this result enables us to construct a universal quantum computer which can simulate a broader class of quantum machines than that considered by E. Bernstein and U. Vazirani (1993), thus answering an open question raised by them.

An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance

An improved algorithm is derived which requires O(log2 p) complexity if p 1 has only small prime factors and such values of p must be avoided in the cryptosystem.

Oracle Quantum Computing

Oracles are constructed relative to which there is a decision problem that can be solved with certainty in worst-case polynomial time on the quantum computer, yet it cannot be solved classically in probabilistic expected polynometric time if errors are not tolerated.

A rigorous time bound for factoring integers

In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l

Quantum theory, the Church–Turing principle and the universal quantum computer

  • D. Deutsch
  • Physics, Philosophy
    Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences
  • 1985
It is argued that underlying the Church–Turing hypothesis there is an implicit physical assertion. Here, this assertion is presented explicitly as a physical principle: ‘every finitely realizible

An approximate Fourier transform useful in quantum factoring", IBM Research Report RC19642 ,; R. Cle

We define an approximate version of the Fourier transform on $2^L$ elements, which is computationally attractive in a certain setting, and which may find application to the problem of factoring