Factoring Algorithm

Extracted Attributes

• Name

  Shor's algorithm

• Type

  Quantum algorithm

• Impact

  Poses a threat to current cryptographic systems; foundational to quantum computing

• Developer

  Peter Shor

• Leverages

  Quantum parallelism, Quantum Fourier Transform, quantum superposition, interference

• Primary Purpose

  Integer factorization (finding prime factors of an integer)

• Broader Category

  Hidden subgroup problem

• Development Date

  1994

• Speedup over Classical Algorithms

  Superpolynomial speedup compared to best known classical algorithms (e.g., general number field sieve)

• Computational Complexity (Quantum)

  Polynomial time, O((log N)^2 (log log N)(log log log N))

• Required Qubits for Practical Scale

  Millions (due to quantum error correction)

Timeline

• Peter Shor developed Shor's algorithm for finding the prime factors of an integer. (Source: Summary, Wikipedia, Web Search)

  1994

• The number 15 was factored on quantum hardware using Shor's algorithm, demonstrating an early practical application. (Source: Web Search (IBM blog post, 'twenty years ago'))

  2003

Shor's algorithm

Shor's algorithm is a quantum algorithm for finding the prime factors of an integer. It was developed in 1994 by the American mathematician Peter Shor. It is one of the few known quantum algorithms with compelling potential applications and strong evidence of superpolynomial speedup compared to best known classical (non-quantum) algorithms. However, beating classical computers will require millions of qubits due to the overhead caused by quantum error correction. Shor proposed multiple similar algorithms for solving the factoring problem, the discrete logarithm problem, and the period-finding problem. "Shor's algorithm" usually refers to the factoring algorithm, but may refer to any of the three algorithms. The discrete logarithm algorithm and the factoring algorithm are instances of the period-finding algorithm, and all three are instances of the hidden subgroup problem. On a quantum computer, to factor an integer N {\displaystyle N} , Shor's algorithm runs in polynomial time, meaning the time taken is polynomial in log ⁡ N {\displaystyle \log N} . It takes quantum gates of order O ( ( log ⁡ N ) 2 ( log ⁡ log ⁡ N ) ( log ⁡ log ⁡ log ⁡ N ) ) {\displaystyle O\!\left((\log N)^{2}(\log \log N)(\log \log \log N)\right)} using fast multiplication, or even O ( ( log ⁡ N ) 2 ( log ⁡ log ⁡ N ) ) {\displaystyle O\!\left((\log N)^{2}(\log \log N)\right)} utilizing the asymptotically fastest multiplication algorithm currently known due to Harvey and van der Hoeven, thus demonstrating that the integer factorization problem can be efficiently solved on a quantum computer and is consequently in the complexity class BQP. This is significantly faster than the most efficient known classical factoring algorithm, the general number field sieve, which works in sub-exponential time: O ( e 1.9 ( log ⁡ N ) 1 / 3 ( log ⁡ log ⁡ N ) 2 / 3 ) {\displaystyle O\!\left(e^{1.9(\log N)^{1/3}(\log \log N)^{2/3}}\right)} .

Web Search Results

• 4.3 Shor's Factoring Algorithm - Quantum Machine Learning

  Shor's Factoring Algorithm is a quantum algorithm that can efficiently factor large numbers, posing a threat to current cryptographic systems. It leverages quantum parallelism and the Quantum Fourier Transform to achieve exponential speedup over classical factoring methods.

• Integer factorization

  Given an integer n that will be factored, where n is an odd positive integer greater than a certain constant. In this factoring algorithm the discriminant Δ is chosen as a multiple of n, Δ = −dn, where d is some positive multiplier. The algorithm expects that for one d there exist enough smooth forms in GΔ. Lenstra and Pomerance show that the choice of d can be restricted to a small set to guarantee the smoothness result. [...] A general-purpose factoring algorithm, also known as a Category 2, Second Category, or Kraitchik family algorithm, has a running time which depends solely on the size of the integer to be factored. This is the type of algorithm used to factor RSA numbers. Most general-purpose factoring algorithms are based on the congruence of squares method. [...] An important subclass of special-purpose factoring algorithms is the Category 1 or First Category algorithms, whose running time depends on the size of smallest prime factor. Given an integer of unknown form, these methods are usually applied before general-purpose methods to remove small factors. For example, naive trial division is a Category 1 algorithm.

• Quantum Cryptography - Shor's Algorithm Explained

  All together, Shor’s Factoring Algorithm begins with a few classical steps. The quantum component then finds the period of the number to be factored. This is done through quantum modular arithmetic, the result of which is converted from quantum information to classical information so that it is useable. And, finally, there are another couple of classical steps. If the answer is not found, and the number consequently cannot be factored, the algorithm in its entirety is adjusted and repeated. ‍ [...] All together, Shor’s Factoring Algorithm begins with a few classical steps. The quantum component then finds the period of the number to be factored. This is done through quantum modular arithmetic, the result of which is converted from quantum information to classical information so that it is useable. And, finally, there are another couple of classical steps. If the answer is not found, and the number consequently cannot be factored, the algorithm in its entirety is adjusted and repeated. ‍ [...] Despite the long timeframe involved and the work being done to mitigate the risk, Shor’s Factoring Algorithm remains as good a way to raise awareness about quantum computing today as it was when it was first discovered. Executives across all industries need to concern themselves with potential risks to sensitive communications and data, and this one is genuine. In the process, they’ll hopefully be introduced to the dozens of other potential use cases of quantum computing that might

• [PDF] History of integer factorization - Purdue Computer Science

  The general plan of several factoring algorithms is to generate (some) pairs of integers x, y with x2 ≡y2 (mod n), and hope that gcd(x −y, n) is a proper factor of n. Theorem 1.7 says that we will not be disappointed often. It says that each such pair gives at least a 50% chance to factor n. If n has more than two (different) prime factors, then at least one of the greatest common divisors will be composite and we will have more factoring to do. In the fastest modern factoring algorithms it may [...] x := ⌊√n⌋ t := 2x + 1 r := x2 −n while (r is not a square) { r := r + t t := t + 2 } x := (t −1)/2 y := √r Output: x −y and x + y are the factors of n. History of integer factorization 3 When the while loop terminates we have r = x2 −n, where x = (t −1)/2, and also r is a square: r = y2. Then n = x2 −y2 and n is factored. In most cases this algorithm will be much slower than Trial Division. How-ever, the algorithm works quite well when n has a divisor within O( 4 √n) of √n. [...] It is the reason why one must not choose the two primes for RSA too close together. 1.1.3 Pollard’s Methods In the 1970s, Pollard invented two factoring algorithms: the Rho Method and the p −1 method. Both methods are better than Trial Division at finding small factors of a large number.

• "15" was factored on quantum hardware twenty years ago

  For most classical factoring algorithms, the computational effort that goes into finding the factors of any given integer grows exponentially with the number of digits in the integer itself. This means classical factoring algorithms generally have exponential “time complexity,” which is the measure of how long it takes to run an algorithm relative to the length of its input. Exponential time is much slower than the algorithms used for common mathematical operations like addition, [...] Some classical algorithms can factor large integers in sub-exponential time, but theorists have yet to find a classical method that can get the job done in polynomial time. Shor’s factoring algorithm, however, does just that by leveraging the properties of quantum superposition and interference. First devised in 1994 by mathematician Peter Shor, the algorithm remains one of the most famous in all of quantum computing, and represents one of the starkest examples of theoretical quantum advantage. [...] Classical factoring algorithms are generally quite computationally expensive, especially when it comes to factoring large integers. This simple truth forms the basis of many modern encryption algorithms, which use large numbers and their prime factors to secure data. The inefficiency of classical factoring techniques also drives much of the excitement surrounding quantum computers, which might be able to factor large numbers much more efficiently using Peter Shor’s landmark algorithm. Not only