Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

@article{Shor1995PolynomialTimeAF,
  title={Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer},
  author={Peter W. Shor},
  journal={SIAM J. Comput.},
  year={1995},
  volume={26},
  pages={1484-1509}
}
  • P. Shor
  • Published 30 August 1995
  • Computer Science
  • SIAM J. Comput.
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. [] Key Method Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
View PDF on arXiv
8,682 Citations
Highly Influential Citations
430
Background Citations
3,212
Methods Citations
1,889
Results Citations
28

Figures and Tables from this paper

8,682 Citations

A Note on Shor's Quantum Algorithm for Prime Factorization

  • Zhengjun Cao
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2005
It is shown that factoring RSA modulus (a product of two primes) only needs to find the order of 2, whether it is even or not.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.

Quantum algorithms for computing short discrete logarithms and factoring RSA integers

This paper generalizes the quantum algorithm for computing short discrete logarithms to allow for various tradeoffs between the number of times that the algorithm need be executed on the one hand, and the complexity of the algorithm and the requirements it imposes on the quantum computer on the other hand.

Implementation of Shor's Algorithm and Reliability of Quantum Computing Devices

Shor's Algorithm is presented and an implementation, a way to factor number 21 is described and some reliability issues of quantum devices were considered in order to explore the potentiality of Shor's algorithm.

On computing ordN(2) and its application

Discrete Logarithm (1994; Shor)

  • P. Sen
  • Computer Science, Mathematics
  • 2007
The discrete logarithm problem in Zp, p prime as well as in the group of points of an elliptic curve over a finite field, is believed to be intractable for randomised classical computers. That is

On computing ord N ( 2 ) and its application

This paper proposes a new quantum algorithm for factoring RSA modulus without the two drawbacks and shows that the cost of the algorithm mainly depends on the calculation of ordN (2).

A simplification of the Shor quantum factorization algorithm employing a quantum Hadamard transform

Some modifications of the Shor quantum factorization algorithm are proposed by employing some simplification to the stage employing the quantum Fourier transform to reduce the hardware complexity of implementation since phase rotation gates with only two states of 0 and π would be required.

Quantum Factoring Algorithm: Resource Estimation and Survey of Experiments

  • N. Kunihiro
  • Computer Science
    International Symposium on Mathematics, Quantum Theory, and Cryptography
  • 2020
This study investigates the details of quantum circuits used in several factoring experiments and indicates that some of the circuits have been constructed under the condition that the order of an element modulo a target composite is known in advance.

Shor’s factoring algorithm and modern cryptography. An illustration of the capabilities inherent in quantum computers

This paper endeavors to explain, in a fashion comprehensible to the nonexpert, the RSA encryption protocol; the various quantum computer manipulations constituting the Shor algorithm; how theShor algorithm performs the factoring; and the precise sense in which a quantum computer employing Shor’s algorithm can be said to accomplish the factored of very large numbers with less computational effort than a classical computer.
...

References

SHOWING 1-10 OF 119 REFERENCES

Algorithms for quantum computation: discrete logarithms and factoring

  • P. Shor
  • Computer Science
    Proceedings 35th Annual Symposium on Foundations of Computer Science
  • 1994
Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored are given.

Quantum Cryptanalysis of Hidden Linear Functions (Extended Abstract)

It is shown that any cryptosystem based on what is referred to as a ‘hidden linear form’ can be broken in quantum polynomial time and the notion of ‘junk bits’ is introduced which are helpful when performing classical computations that are not injective.

Quantum Computers, Factoring, and Decoherence

Here it is shown how the decoherence process degrades the interference pattern that emerges from the quantum factoring algorithm, a problem of practical significance for cryptographic applications.

Good quantum error-correcting codes exist.

  • CalderbankShor
  • Physics
    Physical review. A, Atomic, molecular, and optical physics
  • 1996
The techniques investigated in this paper can be extended so as to reduce the accuracy required for factorization of numbers large enough to be difficult on conventional computers appears to be closer to one part in billions.

Quantum Computation and Shor's Factoring Algorithm

The authors give an exposition of Shor's algorithm together with an introduction to quantum computation and complexity theory, and discuss experiments that may contribute to its practical implementation.

The quantum challenge to structural complexity theory

  • A. BerthiaumeG. Brassard
  • Physics, Computer Science
    [1992] Proceedings of the Seventh Annual Structure in Complexity Theory Conference
  • 1992
There are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive turning machines, yet they can be implemented even in practice by quantum mechanical apparatus.

Quantum Circuit Complexity

  • A. Yao
  • Computer Science
    FOCS
  • 1993
It is shown that any function computable in polynomial time by a quantum Turing machine has aPolynomial-size quantum circuit, and this result enables us to construct a universal quantum computer which can simulate a broader class of quantum machines than that considered by E. Bernstein and U. Vazirani (1993), thus answering an open question raised by them.

Quantum computation

This article gives an introduc tion to quantum computing and briefly looks at a few results in quantum computation, not the least of which is Shor's polynomial-time factoring algorithm.

On the power of quantum computation

  • Daniel R. Simon
  • Computer Science
    Proceedings 35th Annual Symposium on Foundations of Computer Science
  • 1994
This work presents here a problem of distinguishing between two fairly natural classes of function, which can provably be solved exponentially faster in the quantum model than in the classical probabilistic one, when the function is given as an oracle drawn equiprobably from the uniform distribution on either class.

Oracle Quantum Computing

Oracles are constructed relative to which there is a decision problem that can be solved with certainty in worst-case polynomial time on the quantum computer, yet it cannot be solved classically in probabilistic expected polynometric time if errors are not tolerated.
...