Shor Algorithm

1
Dr. Peter Shor, a Researcher with ATT
2

• Conjecture Integer factoring is
  computationally much harder than integer
  multiplication
• There are many polynomial time algorithms for
  integer multiplication
• There are no polynomial time algorithms for
  integer factoring, until now

3

• The most efficient classical factoring algorithm
  is the number theoretic sieve
• This is a super-polynomial time algorithm which
  factors an integer N in time
• O (exp c (log N)1/3(log log N)2/3)
• Shors quantum factoring algorithm can do it in
  polynomial time
• O ((log N)2 (log log N) (log log log N))

4
Prime Factorization Problem

• Given a composite odd positive integer N, find
  its prime factors
• Factoring N can be reduced to the task of
  choosing at random an integer x relatively prime
  to N, and determining its modulo N multiplicative
  order r
• Find the smallest positive integer r such
  that xr 1 mod N

5
Shors Algorithm Example for N15
Stage 1 The first stage of the algorithm is to
place a memory register into a coherent
superposition of all its possible states. The
letter 'Q' will be used denote a qubit that is in
the coherent state.
6
A Three-Qubit Register
7

• Stage 2
• The second stage of the algorithm performs a
  calculation using the register. The details of
  which are as follows
• The number N is the number we wish to factorize,
  N 15
• A random number X is chosen, where 1 lt X lt N-1
• X is raised to the power contained in the
  register (register A) and then divided by N
• The remainder from this operation is placed in a
  second 4 bit register (register B).

8
Stage 2 Operations
9
N 15 X 2
The contents of register B follows a repeating
sequence (1,2,4,8,1,2,4,8...), the frequency at
which this repeats can be named f. In this
case, the repeating sequence (1, 2, 4, 8) has
four values so f
4
10
Stage 3 The final stage is perhaps the most
difficult to follow. The frequency of repetition,
f, can be found using a quantum computer. This
is done by performing a complex operation on
register B and then looking at its contents which
causes the results from every universe to
interfere with each other. The resulting value
for f is then used in the following equation to
calculate a (possible) factor.
Equation used to calculate factor
11
Steps to find factoring solution for N15

• Step 1.
• Choose n 4 so that 15 24 16
• Choose x so that gcd (x, 15) 1, let x 13
• Use Euclidean algorithm to compute
• gcd (x, N)
• If gcd (x, N) ? 1, we found a non-trivial factor
  of N and we are done
• If gcd (x, N) 1, we proceed to step 2

12
More Steps

• Step 2
• Initialize two four-qubit registers to state
  0 ? ?0 ? 0 ? 0
• Step 3
• Randomize the first register
• ? ?0 ? ? ?1 ? ak ? k ? 0 k 0 to
  15, and ak 1/v16

13
More Steps

• Step 4
• Unitarily compute the function
• f(k) 13k mod (15)
• ? ?1 ? ? ?2 ? ak ? k ? f(k)
• K 0,1,2,3,15

14
More Steps

• Step 5
• Operate on the first four qubits by the finite
  Fourier transform F F16 . That gives
• ? k ? (1/v16) ? exp(2piuk/16) ? u
• u 0, 1, 2, .15
• ? ?2 ? ? ?3 (1/16) ? ? u ? exp(2piuk/16)
  ? f(k)

15
More Steps

• Step 6
• Write f(k) as f(m)
• where k m jr
• and 0 m lt r and 0 j lt 16/r
• ? ?3 (1/16) ? ? u ? ? f(m) exp(2pium/16)
  ? exp(2piurj/16)
• ? ?3 ? ? u bu ? ? f(m) exp(2pium/16)
• Where u 0, 1, 2, 15,
• j 0, 1, , (16/r) 1
• m 0, 1, 2, r 1
• b 1/r if 16/ur and zero otherwise.

16
More Steps

• Step 7
• Measure the state of the first register
• The probability of observing is
• ?3 ? Pu ? ?3 r bu 2 1/r if 16/ur
• ?3 ? Pu ? ?3 0 otherwise
• Where Pu denotes the projection mapping onto the
  state denoting the value u

17
More Steps

• Step 8
• Use the known value of u and the known value of
  16 to deduce a putative value of r
• If no inference can be made or if r is odd,
  return to step 2 and repeat
• If r 2s is even, and ys -1 mod(15), return to
  step 2 and repeat
• If (15, ys 1) gt 1, quit otherwise return to
  step 2 and repeat

18
What Occurs?

• In this case, r 4, r divides 16 and the only
  us with a positive probability of being observed
  are multiples of 4 u 0, 4, 8, and 12, each
  occurring at step 7 with probability 0.25
• Since ur 16k, for some integer k, we can infer
  nothing about r if u 0
• The remaining cases give equations for r in the
  form r 4k, r 2k, and 3r 4k

19
What Occurs? (Cont.)

• In two of the previous cases, the presumption
  that r and k are relatively prime is correct,
  leading to the putative value of r 4 for the
  period
• We know that value to be correct and that 15 has
  to divide the product of 132 -1 and 132 1,
  enabling us to find both of its factors

20
Finished

• In the remaining case the presumption would lead
  to r 2, giving values of 12 and 14 for ys 1
• Because the numbers are so small, we happened to
  discover a factor of fifteen in this case
• However, r 2 is not the period and we are not
  guaranteed to obtain a factor of N if we get the
  wrong value of r
• We succeeded in factoring N 15 after only one
  run with a probability of 0.25

21
Comments

• The resulting number cannot be guaranteed to be
  a prime factor, but there is a good chance that
  it is one
• The interference that produces the value for f
  tends to favor the correct answer as incorrect
  answers cancel each other out
• In our example the value f 4 does give a
  correct answer of 3
• The fact that the answer cannot be guaranteed to
  be correct is of little consequence as it can be
  easily checked with multiplication
• If the answer is incorrect, there is a very
  strong chance that repeating the calculation a
  few times with different values of X will produce
  the right answer