Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer
SIAM Journal on Computing
Quantum computing
Algorithms for quantum computation: discrete logarithms and factoring
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
Quantum Computation and Quantum Information: 10th Anniversary Edition
Quantum Computation and Quantum Information: 10th Anniversary Edition
Closed-form formula on quantum factorization effectiveness
Quantum Information Processing
| Hi-index | 0.00 |
Let N be a (large) positive integer, let b be an integer satisfying 1 b N that is relatively prime to N, and let r be the order of b modulo N. Finally, let QC be a quantum computer whose input register has the size specified in Shor's original description of his order-finding algorithm. In this paper, we analyze the probability that a single run of the quantum component of the algorithm yields useful information--a nontrivial divisor of the order sought. We prove that when Shor's algorithm is implemented on QC, then the probability P of obtaining a (nontrivial) divisor of r exceeds.7 whenever N ≥ 211 and r ≥ 40, and we establish that.7736 is an asymptotic lower bound for P. When N is not a power of an odd prime, Gerjuoy has shown that P exceeds 90 percent for N and r sufficiently large. We give easily checked conditions on N and r for this 90 percent threshold to hold, and we establish an asymptotic lower bound for P of 2Si(4π)/π ≈.9499 in this situation. More generally, for any nonnegative integer q, we show that when QC(q) is a quantum computer whose input register has q more qubits than does QC, and Shor's algorithm is run on QC(q), then an asymptotic lower bound on P is 2Si(2q+2π)/π (if N is not a power of an odd prime). Our arguments are elementary and our lower bounds on P are carefully justified.