We can crack RSA if we have a fast way of finding the period of a known periodic function f(x) = m^x (mod N)

Five Steps of Shor

So how does Shor’s algorithm work? In the five steps of Shor’s algorithm, only ONE requires the use of a quantum computer. The other steps can be solved classically.

Step 1: use the classical greatest common divisor (gcd) algorithm on N and m, where N is the number you are trying to factor, and m is a random positive integer less than N.

If the gcd(m, N) = 1, continue. If you find a factor using gcd, you’ve found a non-trivial factor and are done.

Step 2: find the period P of:

m mod N, m^2 mod N, m^3 mod N

This is the quantum step

Step 3: if the period P is odd, go back to step 1 and choose another random integer. Otherwise, continue

Step 4: check that

If that is true, go to Step 5

Otherwise, go back to Step 1

Step 5: Solve

The answer is a non-trivial prime factor of N, and you now have the key to break RSA.

How does Step 2 work?

But how does a quantum computer find the period of the function, as in step 2? And why is this important?

We are looking for the phase (period P) of

m mod N, m^2 mod N, m^3 mod N

(While this is an exponential function, we can transform a complex exponential into hyperbolic sin and cos and get a periodicity)

This period finding step relies on the quantum superposition. With a quantum computer and its ability to be in a superposition of states, we can find the period of the function. To do so, we:

1. Apply the Hadamard gate to create a quantum superposition

2. Implement the function into a quantum transform

3. Perform the quantum Fourier transform.

Like its classical analogue, after these transformations, a measurement will yield an approximation to the period of the function (you can read the ‘peak’, like in the classical Fourier transform, with a high probability). Using the quantum Fourier transform, we can solve the order-finding problem and factoring problem, which are equivalent. The quantum Fourier transform allows a quantum computer to perform phase estimation (the approximation of eigenvalues of a unitary operator).

As you exit the quantum portion (step 2), you check the period for validity and use another classical greatest common divisor algorithm to get the prime factor of the key.

Interestingly enough, since the technique is not about trying all the potential prime factors, just the potential periods, you do not have to try many random numbers to successfully find a prime factor of N. The probability that P is odd, and you have to return to step one, is

where k is the number of distinct prime factors of N. So even if you double the key length (N), there will not be a slowdown in finding the factors. RSA is not secure and doubling key size will not help in achieving a level of safety against a quantum adversary.

“The RSA-2048 Challenge Problem would take 1 billion years with a classical computer. A quantum computer could do it in 100 seconds” -Dr. Krysta Svore, Microsoft Research

The quantum Fourier transform is applied to a quantum circuit built just out of 1-Qbit and 2-Qbit gates, making the physical implementation of Shor’s algorithm one of the easiest tasks for a quantum computer.

Beyond Shor

At the core of Shor’s factoring algorithm is order finding, which can be reduced to the Abelian hidden subgroup problem, which is solved using the quantum Fourier transform. — NIST Quantum Zoo

The quantum Fourier transform is the key to many of these quantum algorithms. It doesn’t speed up finding classical Fourier transforms, but can perform a Fourier transform on a quantum amplitude. It is exponentially faster to solve the quantum Fourier transfer on a quantum computer. Though there are subtleties beyond directly mapping classical Fourier transform problems, a quantum computer can also, for example, solve the hidden subgroup problem, which solves the discrete logarithm problem, or counting solutions, which crack other forms of modern cryptography. More importantly, the quantum Fourier transform can be applied to machine learning, chemistry, materials science, and, obviously, simulating quantum systems.