Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer

A digital computer is generally believed to be an efficient universal computing device; that is, it is believed able to simulate any physical computing device with an increase in computation time by at most a polynomial factor. This may not be true when quantum mechanics is taken into consideration. This paper considers factoring integers and finding discrete logarithms, two problems which are generally thought to be hard on a classical computer and which have been used as the basis of several proposed cryptosystems. Efficient randomized algorithms are given for these two problems on a hypothetical quantum computer. These algorithms take a number of steps polynomial in the input size, e.g., the number of digits of the integer to be factored.

  • [1]  Leonard Adleman, Algorithmic number theory—the complexity contribution, IEEE Comput. Soc. Press, Los Alamitos, CA, 1994, 88–113 1489240 Google Scholar

  • [2]  Leonard Adleman and , Kevin McCurley, Open problems in number‐theoretic complexity. II, Lecture Notes in Comput. Sci., Vol. 877, Springer, Berlin, 1994, 291–322 95m:11142 Google Scholar

  • [3]  A. Barenco, C. H. Bennett, R. Cleve, D. P. DiVincenzo, N. Margolus, P. Shor, T. Sleator, J. A. Smolin and , and H. Weinfurter (1995a), Elementary gates for quantum computation, Phys. Rev. A, 52, pp. 3457–3467. pra PLRAAN 1050-2947 Phys. Rev. A CrossrefISIGoogle Scholar

  • [4]  A. Barenco, D. Deutsch, A. Ekert and , and R. Jozsa (1995b), Conditional quantum dynamics and logic gates, Phys. Rev. Lett., 74, pp. 4083–4086. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [5]  David Beckman, Amalavoyal Chari, Srikrishna Devabhaktuni and , John Preskill, Efficient networks for quantum factoring, Phys. Rev. A (3), 54 (1996), 1034–1063 10.1103/PhysRevA.54.1034 98b:81026 CrossrefISIGoogle Scholar

  • [6]  Paul Benioff, The computer as a physical system: a microscopic quantum mechanical Hamiltonian model of computers as represented by Turing machines, J. Statist. Phys., 22 (1980), 563–591 81m:68040 CrossrefISIGoogle Scholar

  • [7]  Paul Benioff, Quantum mechanical Hamiltonian models of Turing machines, J. Statist. Phys., 29 (1982), 515–546 84k:81010 CrossrefISIGoogle Scholar

  • [8]  P. Benioff (1982b), Quantum mechanical Hamiltonian models of Turing machines that dissipate no energy, Phys. Rev. Lett., 48, pp. 1581–1585. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [9]  C. H. Bennett (1973), Logical reversibility of computation, IBM J. Res. Develop., 17, pp. 525–532. ibm IBMJAE 0018-8646 IBM J. Res. Dev. CrossrefISIGoogle Scholar

  • [10]  Charles Bennett, Time/space trade‐offs for reversible computation, SIAM J. Comput., 18 (1989), 766–776 91g:68037 LinkISIGoogle Scholar

  • [11]  Charles Bennett, Ethan Bernstein, Gilles Brassard and , Umesh Vazirani, Strengths and weaknesses of quantum computing, SIAM J. Comput., 26 (1997), 1510–1523 99e:68034 LinkISIGoogle Scholar

  • [12]  C. H. Bennett, G. Brassard, S. Popescu, B. Schumacher, J. A. Smolin and , and W. K. Wooters (1996), Purification of noisy entanglement and faithful teleportation via noisy channels, Phys. Rev. Lett., 76, pp. 722–725. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [13]  Ethan Bernstein and , Umesh Vazirani, Quantum complexity theory, SIAM J. Comput., 26 (1997), 1411–1473 99a:68053 LinkISIGoogle Scholar

  • [14]  André Berthiaume and , Gilles Brassard, The quantum challenge to structural complexity theory, IEEE Comput. Soc. Press, Los Alamitos, CA, 1992, 132–137 94h:03074 Google Scholar

  • [15]  André Berthiaume and , Gilles Brassard, Oracle quantum computing, J. Modern Opt., 41 (1994), 2521–2535 95j:81017 CrossrefISIGoogle Scholar

  • [16]  Google Scholar

  • [17]  Google Scholar

  • [18]  Dan Boneh and , Richard Lipton, Quantum cryptanalysis of hidden linear functions (extended abstract), Lecture Notes in Comput. Sci., Vol. 963, Springer, Berlin, 1995, 424–437 98a:94019 Google Scholar

  • [19]  Google Scholar

  • [20]  Google Scholar

  • [21]  I. Chuang, R. Laflamme, P. Shor and , W. Zurek, Quantum computers, factoring, and decoherence, Science, 270 (1995), 1633–1635 96h:68056 CrossrefISIGoogle Scholar

  • [22]  I. L. Chuang and  and Y. Yamamoto (1995), A simple quantum computer, Phys. Rev. A, 52, pp. 3489–3496. pra PLRAAN 1050-2947 Phys. Rev. A CrossrefISIGoogle Scholar

  • [23]  A. Church (1936), An unsolvable problem of elementary number theory, Amer. J. Math., 58, pp. 345–363. ajm AJMAAN 0002-9327 Am. J. Math. CrossrefGoogle Scholar

  • [24]  J. I. Cirac and  and P. Zoller (1995), Quantum computations with cold trapped ions, Phys. Rev. Lett., 74, pp. 4091–4094. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [25]  Google Scholar

  • [26]  Google Scholar

  • [27]  D. Deutsch, Quantum theory, the Church‐Turing principle and the universal quantum computer, Proc. Roy. Soc. London Ser. A, 400 (1985), 97–117 87a:81017 CrossrefISIGoogle Scholar

  • [28]  D. Deutsch, Quantum computational networks, Proc. Roy. Soc. London Ser. A, 425 (1989), 73–90 90k:81023 CrossrefISIGoogle Scholar

  • [29]  David Deutsch, Adriano Barenco and , Artur Ekert, Universality in quantum computation, Proc. Roy. Soc. London Ser. A, 449 (1995), 669–677 96j:81029 CrossrefISIGoogle Scholar

  • [30]  David Deutsch and , Richard Jozsa, Rapid solution of problems by quantum computation, Proc. Roy. Soc. London Ser. A, 439 (1992), 553–558 94d:81011 CrossrefISIGoogle Scholar

  • [31]  D. P. DiVincenzo (1995), Two‐bit gates are universal for quantum computation, Phys. Rev. A, 51, pp. 1015–1022. pra PLRAAN 1050-2947 Phys. Rev. A CrossrefISIGoogle Scholar

  • [32]  A. Ekert and  and R. Jozsa (1996), Shor’s quantum algorithm for factorising numbers, Rev. Mod. Phys., 68, pp. 733–753. rmp RMPHAT 0034-6861 Rev. Mod. Phys. CrossrefISIGoogle Scholar

  • [33]  Richard Feynman, Simulating physics with computers, Internat. J. Theoret. Phys., 21 (1981/82), 467–488, Physics of computation, Part II (Dedham, Mass., 1981) 658311 CrossrefISIGoogle Scholar

  • [34]  Richard Feynman, Quantum mechanical computers, Found. Phys., 16 (1986), 507–531 88i:81022 CrossrefISIGoogle Scholar

  • [35]  E. Fredkin and  and T. Toffoli (1982), Conservative logic, Internat. J. Theoret. Phys., 21, pp. 219–253. ijt IJTPBM 0020-7748 Int. J. Theor. Phys. CrossrefISIGoogle Scholar

  • [36]  Daniel Gordon, Discrete logarithms in GF(p) using the number field sieve, SIAM J. Discrete Math., 6 (1993), 124–138 94d:11104 LinkISIGoogle Scholar

  • [37]  R. B. Griffiths and  and C.‐S. Niu (1996), Semiclassical Fourier tranform for quantum computation, Phys. Rev. Lett., 76, pp. 3228–3231. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [38]  Ivan Niven, Herbert Zuckerman and , Hugh Montgomery, An introduction to the theory of numbers, John Wiley & Sons Inc., 1991xiv+529 91i:11001 Google Scholar

  • [39]  Google Scholar

  • [40]  A. Karatsuba and  and Yu. Ofman (1962) , Multiplication of multidigit numbers on automata, Dokl. Akad. Nauk SSSR, 145, pp. 293–294 dan DANKAS 0002-3264 Dokl. Akad. Nauk SSSR Google Scholar

  • [41]  Google Scholar

  • [42]  Google Scholar

  • [43]  Rolf Landauer, Is quantum mechanics useful?, Philos. Trans. Roy. Soc. London Ser. A, 353 (1995), 367–376 96j:81006 CrossrefISIGoogle Scholar

  • [44]  Rolf Landauer, Is quantum mechanically coherent computation useful?, Internat. Press, Cambridge, MA, 1997, 37–55 1610259 Google Scholar

  • [45]  Yves Lecerf, Machines de Turing réversibles. Récursive insolubilitéenn∈N de l’équation u=θnu, où θest un “isomorphisme de codes], C. R. Acad. Sci. Paris, 257 (1963), 2597–2600 31:66 Google Scholar

  • [46]  A. Lenstra and , H. Lenstra, The development of the number field sieve, Lecture Notes in Mathematics, Vol. 1554, Springer‐Verlag, 1993viii+131 96m:11116 CrossrefGoogle Scholar

  • [47]  Google Scholar

  • [48]  Robert Levine and , Alan Sherman, A note on Bennett’s time‐space tradeoff for reversible computation, SIAM J. Comput., 19 (1990), 673–677 91j:68053 LinkISIGoogle Scholar

  • [49]  S. Lloyd (1993), A potentially realizable quantum computer, Science, 261, pp. 1569–1571. c9t ZZZZZZ 1095-9203 Science CrossrefISIGoogle Scholar

  • [50]  Google Scholar

  • [51]  S. Lloyd (1995), Almost any quantum logic gate is universal, Phys. Rev. Lett., 75, pp. 346–349. prl PRLTAO 0031-9007 Phys. Rev. Lett. CrossrefISIGoogle Scholar

  • [52]  N. Margolus (1986), Quantum computation, Ann. New York Acad. Sci., 480, pp. 487–497. aas ANYAA9 0077-8923 Ann. N.Y. Acad. Sci. CrossrefGoogle Scholar

  • [53]  Google Scholar

  • [54]  G. L. Miller (1976), Riemann’s hypothesis and tests for primality, J. Comput. System Sci., 13, pp. 300–317. 8na JCSSBM 0022-0000 J. Comput. Syst. Sci. CrossrefISIGoogle Scholar

  • [55]  Google Scholar

  • [56]  G. Palma, Kalle‐Antti Suominen and , Artur Ekert, Quantum computers and dissipation, Proc. Roy. Soc. London Ser. A, 452 (1996), 567–584 96j:81030 CrossrefISIGoogle Scholar

  • [57]  Google Scholar

  • [58]  Carl Pomerance, Fast, rigorous factorization and discrete logarithm algorithms, Perspect. Comput., Vol. 15, Academic Press, Boston, MA, 1987, 119–143 88m:11109 Google Scholar

  • [59]  E. Post (1936), Finite combinatory processes. Formulation I, J. Symbolic Logic, 1, pp. 103–105. avk JSYLA6 0022-4812 J. Symb. Log. CrossrefGoogle Scholar

  • [60]  R. L. Rivest, A. Shamir and , and L. Adleman (1978), A method of obtaining digital signatures and public‐key cryptosystems, Comm. Assoc. Comput. Mach., 21, pp. 120–126. CrossrefISIGoogle Scholar

  • [61]  Lee Rubel, Digital simulation of analog computation and Church’s thesis, J. Symbolic Logic, 54 (1989), 1011–1017 90j:03087 CrossrefISIGoogle Scholar

  • [62]  Arnold Schönhage, Asymptotically fast algorithms for the numerical multiplication and division of polynomials with complex coefficients, Lecture Notes in Comput. Sci., Vol. 144, Springer, Berlin, 1982, 3–15 83m:68064 Google Scholar

  • [63]  Google Scholar

  • [64]  A. Schönhage and  and V. Strassen (1971), Schnelle Multiplikation grosser Zahlen, Computing, 7, pp. 281–292. b38 CMPTA2 0010-485X Computing CrossrefISIGoogle Scholar

  • [65]  Google Scholar

  • [66]  P. W. Shor (1995), Scheme for reducing decoherence in quantum computer memory, Phys. Rev. A, 52, pp. 2493–2496. pra PLRAAN 1050-2947 Phys. Rev. A CrossrefISIGoogle Scholar

  • [67]  D. Simon (1994), On the power of quantum computation, in Proc. 35th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, pp. 116–123;SIAM J. Comput., 26 (1997), pp. 1340–1349. sim SMJCAT 0097-5397 SIAM J. Comput. ISIGoogle Scholar

  • [68]  Tycho Sleator and , Harald Weinfurter, Realizable universal quantum logic gates, Phys. Rev. Lett., 74 (1995), 4087–4090 10.1103/PhysRevLett.74.4087 96c:81032 CrossrefISIGoogle Scholar

  • [69]  Google Scholar

  • [70]  Google Scholar

  • [71]  W. G. Teich, K. Obermayer and , and G. Mahler (1988), Structural basis of multistationary quantum systems II: Effective few‐particle dynamics, Phys. Rev. B, 37, pp. 8111–8121. prb PRBMDO 0163-1829 Phys. Rev. B CrossrefISIGoogle Scholar

  • [72]  Tommaso Toffoli, Reversible computing, Lecture Notes in Comput. Sci., Vol. 85, Springer, Berlin, 1980, 632–644 81j:68059 Google Scholar

  • [73]  A. M. Turing (1936), On computable numbers, with an application to the Entscheidungsproblem, inProc. London Math. Soc. (2), 42, pp. 230–265; plm PLMTAL Proc. London Math. Soc. CrossrefGoogle Scholar

  • [74]  W. G. Unruh (1995), Maintaining coherence in quantum computers, Phys. Rev. A, 51, pp. 992–997. pra PLRAAN 1050-2947 Phys. Rev. A CrossrefISIGoogle Scholar

  • [75]  Google Scholar

  • [76]  A. Vergis, K. Steiglitz and , and B. Dickinson (1986), The complexity of analog computation, Math. Comput. Simulation, 28, pp. 91–113. mcu MCSIDR 0378-4754 Math. Comput. Simul. CrossrefISIGoogle Scholar

  • [77]  Andrew Yao, Quantum circuit complexity, IEEE Comput. Soc. Press, Los Alamitos, CA, 1993, 352–361 1328432 Google Scholar