This preview shows pages 1–2. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: CSE 599d - Quantum Computing Shor’s Algorithm Dave Bacon Department of Computer Science & Engineering, University of Washington I. FACTORING The problem of distinguishing prime numbers from composites, and of resolving composite numbers into their prime factors, is one of the most important and useful in all of arithmetic... The dignity of science seems to demand that every aid to the solution of such an elegant and celebrated problem be zealously cultivated — Carl Gauss The efficient factoring of numbers is a problem that has attracted the attention of humankind for probably as long as we have contemplated numbers. Indeed, today the most widely used system used to communicate securely over the internet has its security based on the difficulty of factoring numbers efficiently. A great deal of effort has been spent trying to find classical algorithms to factor numbers. Indeed, probably more than we will ever know has been spent on this problem: the National Security Agency is supposedly the largest employer of mathematicians in the world and it would be reasonable to assume that they have spent a considerable amount of attention attempting to break the cryptosystems whose hardness is related to the hardness of factoring. Thus it was quite remarkable when, in 1994, Peter Shor showed that quantum computers could efficiently factor numbers. A warning that these notes are not as easy as our previous notes. The factoring algorithm has a lot of technical details which we will go through, and these details are easy for those who have had a good founding in discrete math and algorithms in number theory, but they aren’t so easy for the rest of us mortals. II. REDUCING FACTORING TO ORDER FINDING The first step in Shor’s factoring algorithm is to reduce the problem of factoring an integer N to the problem of order finding. Let’s try to understand this reduction. We will assume, without loss of generality, that N is not even. Suppose that we find a solution to the equation x 2 = 1 mod N which is not one of the trivial solutions x = 1 or x = N- 1. This equation can be written as ( x + 1)( x- 1) = 0 mod N . This implies that N must have a common factor with ( x + 1) or with ( x- 1). This common factor cannot be N because x + 1 and x- 1 are not equal to N (those were the trivial solutions.) Thus we find that a factor of N is either gcd ( x + 1 , N ) or gcd ( x- 1 , N ), where gcd is the greatest common divisor. 1. An Aside on Euclid’s Algorithm But how do we compute the gcd ? An efficient method for computing the greatest common divisor goes all the way back to Euclid! It is based on the following observation: if a > b are integers and r is the remainder when a is divided by b , then assuming r 6 = 0, gcd ( a, b ) = gcd ( b, r ). Why is this so? Well a = qb + r , which we can rewrite as r = a- qb ....
View Full Document
This note was uploaded on 11/06/2011 for the course CSE 599 taught by Professor Staff during the Fall '08 term at University of Washington.
- Fall '08
- Computer Science