How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits

  title={How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits},
  author={Craig Gidney and Martin Eker{\aa}},
We significantly reduce the cost of factoring integers and computing discrete logarithms in finite fields on a quantum computer by combining techniques from Shor 1994, Griffiths-Niu 1996, Zalka 2006, Fowler 2012, Eker{\aa}-H{\aa}stad 2017, Eker{\aa} 2017, Eker{\aa} 2018, Gidney-Fowler 2019, Gidney 2019. We estimate the approximate cost of our construction using plausible physical assumptions for large-scale superconducting qubit platforms: a planar grid of qubits with nearest-neighbor… 

Factoring integers with sublinear resources on a superconducting quantum processor

This paper presents a probabilistic simulation of the response of the immune system to quantum fluctuations in a low-dimensional environment.

Demonstration of Shor Encoding on a Trapped-Ion Quantum Computer

Fault-tolerant quantum error correction (QEC) is crucial for unlocking the true power of quantum computers. QEC codes use multiple physical qubits to encode a logical qubit, which is protected

The Present and Future of Discrete Logarithm Problems on Noisy Quantum Computers

The experiments with the ibm_kawasaki device discovered that the simplest circuit from a 2-bit DLP instance achieves a sufficiently high success probability to proclaim the experiment successful, and a near-term prediction based on required noise levels to solve some selected small DLPs and integer factoring instances is given.

Practical Security of RSA Against NTC-Architecture Quantum Computing Attacks

  • Kai LiQ. Cai
  • Computer Science, Physics
    International Journal of Theoretical Physics
  • 2021
This work has shown the robustness of the updated RSA against practical quantum computing attacks, and the time complexity must be considered when the number of serial quantum operations is particularly large.

Quantum Period Finding against Symmetric Primitives in Practice

An optimized quantum circuit for boolean linear algebra as well as complete reversible implementations of PRINCE, Chaskey, spongent and Keccak which are of independent interest for quantum cryptanalysis are proposed.

Quantum estimation of classically intractable kernels for highly-entangled feature maps

This project is aimed at exploring proposals for machine learning on near-term quantum computers, and will focus on a quantum kernel estimation algorithm which utilizes a quantum computer to construct an estimator for a kernel that is intractable to compute classically.

Leveraging State Sparsity for More Efficient Quantum Simulations

This work is the first to fully simulate a quantum algorithm to compute elliptic curve discrete logarithms, and its prototype implementation includes optimizations such as gate (re)scheduling, which amortizes data structure accesses and reduces memory usage.

Design and Analysis of a Scalable and Efficient Quantum Circuit for LWE Matrix Arithmetic

This paper designs an optimized quantum circuit for LWE computation, which does not need any ancillary qubits and scales efficiently and easily if there are more qubits available on a higher qubit quantum computer.

Improved quantum circuits for elliptic curve discrete logarithms

A full implementation of point addition in the Q# quantum programming language that allows unit tests and automatic quantum resource estimation for all components and presents various trade-offs between different cost metrics including the number of qubits, circuit depth and $T$-gate count.

Forecasting timelines of quantum computing

It is estimated that that proof-of-concept fault-tolerant computation based onsuperconductor technology is unlikely to be exhibited before 2026, and that quantum devices capable of factoring RSA-2048 are unlikely to exist before 2039.



Quantum algorithms for computing short discrete logarithms and factoring RSA integers

The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.

Halving the cost of quantum addition

An n-bit controlled adder circuit with T-count of 8n+O(1), a temporary adder that can be computed for the same cost as the normal adder but whose result can be kept until it is later uncomputed without using T gates, and some other constructions whose T- Count is improved by the temporary logical-AND.

Improved reversible and quantum circuits for Karatsuba-based integer multiplication

A reversible circuit for integer multiplication that is inspired by Karatsuba's recursive method is presented, with the main improvement over circuits that have been previously reported in the literature is an asymptotic reduction of the amount of space required.

Quantum computation with realistic magic-state factories

It is found that the magic-state factory required for postclassical factoring can be as small as 6.3 million data qubits, ignoring ancilla qu bits, assuming 10^−4 error gates and the availability of long-range interactions.

Quantum algorithms for computing general discrete logarithms and orders with tradeoffs

The probability distributions induced by the algorithm, and by Shor's and Seifert's order-finding algorithms, are analyzed, and it is described how these algorithms may be simulated when the solution is known, and the number of runs required for a given minimum success probability when making different tradeoffs.

Factoring using $2n+2$ qubits with Toffoli based modular multiplication

An implementation of Shor's quantum algorithm to factor n-bit integers using only 2n+2 qubits using a purely Toffoli based modular multiplication circuit that evades most of the cost overheads originating from rotation synthesis and enables testing and localization of some faults in both, the logical level circuit and an actual quantum hardware implementation.

Quantum Resource Estimates for Computing Elliptic Curve Discrete Logarithms

The results indicate that, for current parameters at comparable classical security levels, the number of qubits required to tackle elliptic curves is less than for attacking RSA, suggesting that indeed ECC is an easier target than RSA.

Modifying Shor's algorithm to compute short discrete logarithms

It is shown that the complexity of computing discrete logarithms on a quantum computer can be made to depend not only on the choice of group, and on its order q, but also on theLogarithm d, and may hence be generalized to finite abelian groups.

Fast Quantum Modular Exponentiation Architecture for Shor's Factorization Algorithm

We present a novel and efficient in terms of circuit depth design for Shor's quantum factorization algorithm. The circuit effectively utilizes a diverse set of adders based on the quantum Fourier

Reduced space-time and time costs Ising dislocation codes and arbitrary ancillas

An amortized analysis is used to show that even in a parallel setting this leads to only a constant factor slowdown as opposed to the logarithmic slowdown that might be expected naively.