Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

@article{Shor1999PolynomialTimeAF,
  title={Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer},
  author={Peter W. Shor},
  journal={SIAM J. Comput.},
  year={1999},
  volume={26},
  pages={1484-1509}
}
  • P. Shor
  • Published 30 August 1995
  • Computer Science
  • SIAM J. Comput.
A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. [] Key Method Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.
View PDF on arXiv
7,377 Citations
Highly Influential Citations
361
Background Citations
2,541
Methods Citations
1,508
Results Citations
24

Figures and Tables from this paper

7,377 Citations

A Note on Shor's Quantum Algorithm for Prime Factorization
  • Zhengjun Cao
  • Computer Science, Mathematics
    IACR Cryptol. ePrint Arch.
  • 2005
TLDR
It is shown that factoring RSA modulus (a product of two primes) only needs to find the order of 2, whether it is even or not.
Quantum algorithms for computing short discrete logarithms and factoring RSA integers
TLDR
The quantum algorithm for computing short discrete logarithms is generalized to allow for various tradeoffs between the number of times that the algorithm need be executed, and the complexity of the algorithm and the requirements it imposes on the quantum computer.
Quantum algorithms for computing short discrete logarithms and factoring RSA integers
TLDR
This paper generalizes the quantum algorithm for computing short discrete logarithms to allow for various tradeoffs between the number of times that the algorithm need be executed on the one hand, and the complexity of the algorithm and the requirements it imposes on the quantum computer on the other hand.
Implementation of Shor's Algorithm and Reliability of Quantum Computing Devices
TLDR
Shor's Algorithm is presented and an implementation, a way to factor number 21 is described and some reliability issues of quantum devices were considered in order to explore the potentiality of Shor's algorithm.
On computing ordN(2) and its application
Discrete Logarithm (1994; Shor)
  • P. Sen
  • Computer Science, Mathematics
  • 2007
The discrete logarithm problem in Zp, p prime as well as in the group of points of an elliptic curve over a finite field, is believed to be intractable for randomised classical computers. That is
On computing ord N ( 2 ) and its application
TLDR
This paper proposes a new quantum algorithm for factoring RSA modulus without the two drawbacks and shows that the cost of the algorithm mainly depends on the calculation of ordN (2).
A simplification of the Shor quantum factorization algorithm employing a quantum Hadamard transform
TLDR
Some modifications of the Shor quantum factorization algorithm are proposed by employing some simplification to the stage employing the quantum Fourier transform to reduce the hardware complexity of implementation since phase rotation gates with only two states of 0 and π would be required.
Quantum Factoring Algorithm: Resource Estimation and Survey of Experiments
  • N. Kunihiro
  • Computer Science
    International Symposium on Mathematics, Quantum Theory, and Cryptography
  • 2020
TLDR
This study investigates the details of quantum circuits used in several factoring experiments and indicates that some of the circuits have been constructed under the condition that the order of an element modulo a target composite is known in advance.
Shor’s factoring algorithm and modern cryptography. An illustration of the capabilities inherent in quantum computers
TLDR
This paper endeavors to explain, in a fashion comprehensible to the nonexpert, the RSA encryption protocol; the various quantum computer manipulations constituting the Shor algorithm; how theShor algorithm performs the factoring; and the precise sense in which a quantum computer employing Shor’s algorithm can be said to accomplish the factored of very large numbers with less computational effort than a classical computer.
...
...

References

SHOWING 1-10 OF 228 REFERENCES
Algorithms for quantum computation: discrete logarithms and factoring
  • P. Shor
  • Computer Science
    Proceedings 35th Annual Symposium on Foundations of Computer Science
  • 1994
TLDR
Las Vegas algorithms for finding discrete logarithms and factoring integers on a quantum computer that take a number of steps which is polynomial in the input size, e.g., the number of digits of the integer to be factored are given.
Quantum Cryptanalysis of Hidden Linear Functions (Extended Abstract)
TLDR
It is shown that any cryptosystem based on what is referred to as a ‘hidden linear form’ can be broken in quantum polynomial time and the notion of ‘junk bits’ is introduced which are helpful when performing classical computations that are not injective.
Quantum Computers, Factoring, and Decoherence
TLDR
Here it is shown how the decoherence process degrades the interference pattern that emerges from the quantum factoring algorithm, a problem of practical significance for cryptographic applications.
Good quantum error-correcting codes exist.
  • Calderbank, Shor
  • Physics
    Physical review. A, Atomic, molecular, and optical physics
  • 1996
TLDR
The techniques investigated in this paper can be extended so as to reduce the accuracy required for factorization of numbers large enough to be difficult on conventional computers appears to be closer to one part in billions.
Quantum Computation and Shor's Factoring Algorithm
TLDR
The authors give an exposition of Shor's algorithm together with an introduction to quantum computation and complexity theory, and discuss experiments that may contribute to its practical implementation.
Efficient networks for quantum factoring.
TLDR
The number of memory quantum bits (qubits) and the number of operations required to perform factorization, using the algorithm suggested by Shor are estimated.
The quantum challenge to structural complexity theory
  • A. Berthiaume, G. Brassard
  • Physics, Computer Science
    [1992] Proceedings of the Seventh Annual Structure in Complexity Theory Conference
  • 1992
TLDR
There are cryptographic tasks that are demonstrably impossible to implement with unlimited computing power probabilistic interactive turning machines, yet they can be implemented even in practice by quantum mechanical apparatus.
Quantum Circuit Complexity
  • A. Yao
  • Computer Science
    FOCS
  • 1993
TLDR
It is shown that any function computable in polynomial time by a quantum Turing machine has aPolynomial-size quantum circuit, and this result enables us to construct a universal quantum computer which can simulate a broader class of quantum machines than that considered by E. Bernstein and U. Vazirani (1993), thus answering an open question raised by them.
On the power of quantum computation
  • Daniel R. Simon
  • Computer Science
    Proceedings 35th Annual Symposium on Foundations of Computer Science
  • 1994
TLDR
This work presents here a problem of distinguishing between two fairly natural classes of function, which can provably be solved exponentially faster in the quantum model than in the classical probabilistic one, when the function is given as an oracle drawn equiprobably from the uniform distribution on either class.
Oracle Quantum Computing
TLDR
Oracles are constructed relative to which there is a decision problem that can be solved with certainty in worst-case polynomial time on the quantum computer, yet it cannot be solved classically in probabilistic expected polynometric time if errors are not tolerated.
...
...