# Algorithms for quantum computation: discrete logarithms and factoring

@article{Shor1994AlgorithmsFQ, title={Algorithms for quantum computation: discrete logarithms and factoring}, author={Peter W. Shor}, journal={Proceedings 35th Annual Symposium on Foundations of Computer Science}, year={1994}, pages={124-134} }

A computer is generally considered to be a universal computational device; i.e., it is believed able to simulate any physical computational device with a cost in computation time of at most a polynomial factor: It is not clear whether this is still true when quantum mechanics is taken into consideration. Several researchers, starting with David Deutsch, have developed models for quantum mechanical computers and have investigated their computational properties. This paper gives Las Vegas…

## Figures and Topics from this paper

## 5,433 Citations

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

- Computer Science, MathematicsSIAM Rev.
- 1999

Efficient randomized algorithms are given for factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and have been used as the basis of several proposed cryptosystems.

Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

- Computer Science, Mathematics
- 1999

Efficient randomized algorithms are given for factoring integers and finding discrete logarithms, two problems that are generally thought to be hard on classical computers and that have been used as the basis of several proposed cryptosystems.

Quantum Resistant Cryptography

- Computer Science
- 2012

Algorithms proposed by Peter Shor solve the integer factoring problem and the discrete logarithm problem quite efficiently, and thereby crack RSA-based cryptosystems and Diffie-Hellman key exchange.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2017

The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.

Quantum Computers, Factoring, and Decoherence

- Computer Science, PhysicsScience
- 1995

Here it is shown how the decoherence process degrades the interference pattern that emerges from the quantum factoring algorithm, a problem of practical significance for cryptographic applications.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

- Computer Science, Physics
- 2017

This paper generalizes the quantum algorithm for computing short discrete logarithms to allow for various tradeoffs between the number of times that the algorithm need be executed on the one hand, and the complexity of the algorithm and the requirements it imposes on the quantum computer on the other hand.

Shor's discrete logarithm quantum algorithm for elliptic curves

- Mathematics, PhysicsQuantum Inf. Comput.
- 2003

We show in some detail how to implement Shor's efficient quantum algorithm for discrete logarithms for the particular case of elliptic curve groups. It turns out that for this problem a smaller…

Proposing a Quantum simulator for integer factorization1

- 2016

— Many cryptographic algorithms depend on computational complexity assumptions. Notorious cases are the RSA algorithm for public key criptography or the DiffieHellman key exchange protocol, to…

Quadratic Sieve Factorization Quantum Algorithm and its Simulation

- Computer Science, PhysicsArXiv
- 2020

This paper has designed a quantum variant of the second fastest classical factorization algorithm named "Quadratic Sieve", and constructed the simulation framework of quantized quadratic sieve algorithm using high-level programming language Mathematica.

A Compare between Shor's quantum factoring algorithm and General Number Field Sieve

- Mathematics2014 International Conference on Electrical Engineering and Information & Communication Technology
- 2014

Factoring large integers has been one of the most difficult problems in the history of mathematics and computer science. There was no efficient solution of this problem until Shor's algorithm…

## References

SHOWING 1-10 OF 39 REFERENCES

Oracle Quantum Computing

- MathematicsWorkshop on Physics and Computation
- 1992

This paper continues the study of the power of oracles to separate quantum com.plexity classes from classical (including probabilistic and nondeterministic) complexity classes, which we initiated in…

The quantum challenge to structural complexity theory

- Computer Science[1992] Proceedings of the Seventh Annual Structure in Complexity Theory Conference
- 1992

There are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive turning machines, yet they can be implemented even in practice by quantum mechanical apparatus.

Two-bit gates are universal for quantum computation.

- Physics, MedicinePhysical review. A, Atomic, molecular, and optical physics
- 1995

A proof is given, which relies on the commutator algebra of the unitary Lie groups, that quantum gates operating on just two bits at a time are sufficient to construct a general quantum circuit. The…

Quantum Circuit Complexity

- Mathematics, Computer ScienceFOCS
- 1993

It is shown that any function computable in polynomial time by a quantum Turing machine has aPolynomial-size quantum circuit, and this result enables us to construct a universal quantum computer which can simulate a broader class of quantum machines than that considered by E. Bernstein and U. Vazirani (1993), thus answering an open question raised by them.

An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.)

- Mathematics, Computer ScienceIEEE Trans. Inf. Theory
- 1978

An improved algorithm is derived which requires O =(\log^{2} p) complexity if p - 1 has only small prime factors and such values of p must be avoided in the cryptosystem.

Quantum complexity theory

- Computer ScienceSTOC '93
- 1993

This dissertation proves that relative to an oracle chosen uniformly at random, the class NP cannot be solved on a quantum Turing machine in time $o(2\sp{n/2}).$ and gives evidence suggesting that quantum Turing Machines cannot efficiently solve all of NP.

A rigorous time bound for factoring integers

- Mathematics
- 1992

In this paper a probabilistic algorithm is exhibited that factors any positive integer n into prime factors in expected time at most Ln[2, 1 + o()] for n oo, where L,[a, b] = exp(b(logx)a(loglogx)l…

Quantum theory, the Church–Turing principle and the universal quantum computer

- MathematicsProceedings of the Royal Society of London. A. Mathematical and Physical Sciences
- 1985

It is argued that underlying the Church–Turing hypothesis there is an implicit physical assertion. Here, this assertion is presented explicitly as a physical principle: ‘every finitely realizible…

An approximate Fourier transform useful in quantum factoring", IBM Research Report RC19642 ,; R. Cle

- Mathematics, Physics
- 1994

We define an approximate version of the Fourier transform on $2^L$ elements, which is computationally attractive in a certain setting, and which may find application to the problem of factoring…

Discrete Logarithms in GF(P) Using the Number Field Sieve

- Mathematics, Computer ScienceSIAM J. Discret. Math.
- 1993

This paper presents an algorithm to solve the discrete logarithm problem forGF ( p) with heuristic expected running time L_p [ 1/3; 3^{2/3}] and for umbers of a special form, there is an asymptotically slower but more practical version of the algorithm.