Shor's factoring algorithm and modern cryptography. An illustration of the capabilities inherent in quantum computers

American Journal of Physics

Volumn 73, Issue 6, 2005, Pages 521-540

  Gerjuoy, Edward ^a  

^a UNIVERSITY OF PITTSBURGH   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

EID: 21244493696     PISSN: 00029505     EISSN: None     Source Type: Journal    
DOI: 10.1119/1.1891170     Document Type: Article

References (79)

1. N. D. Mermin, "From cbits to qbits: Teaching computer scientists quantum mechanics," Am. J. Phys. 71, 23-30 (2003).
2. L. K. Grover, "From Schrodinger's equation to the quantum search algorithm," Am. J. Phys. 69, 769-777 (2001).
3. P. W. Shor, "Algorithms for quantum computation: Discrete logarithms and factoring," in Proceedings of the 35th Annual Symposium on the Foundations of Computer Science, edited by S. Goldwasser (IEEE Computer Society, Los Alamitos, CA, 1994), pp. 124-134.
4. P. W. Shor, SIAM J. Comput. 26, 1484-1509 (1997) provides an expanded version of Shor's original paper.
5. I. V. Volovich, "Quantum computing and Shor's factoring algorithm," quant-ph/0109004.
6. A. Ekert and R. Josza, "Quantum computation and Shor's factoring algorithm," Rev. Mod. Phys. 68, 733-753 (1996).
7. M. A. Nielsen and I. L. Chuang, Quantum Computation and Quantum Information (Cambridge U.P., Cambridge, 2000), pp. 232-247.
8. C. P. Williams and S. H. Clearwater, Explorations in Quantum Computing (Springer, New York, 1998), pp. 130-145.
9. G. Johnson, A Shortcut Through Time (Knopf, New York, 2003), pp. 66-82.
10. J. Brown, The Quest for the Quantum Computer (Simon and Schuster, New York, 2000), pp. 170-188.
11. See, for example, 〈arXiv.org/archive/quant-ph〉. See also 〈www.eg.bucknell.edu/~dcollins/research/qcliterature.html〉.
12. An exposition (suitable for the nonspecialist readers of this journal) of what is now termed the RSA public key system can be found in Ref. 7, pp. 122-127.
13. An important reference, probably useful to cryptography specialists only, is A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography (CRC, Boca Raton, FL, 1996), Chap. 8.
14. The RSA system was first proposed by R. Rivest, A. Shamir, and L. Adleman, "On digital signatures and public-key cryptosystems," MIT Laboratory for Computer Science Technical Report MIT/LCS/TR-212 (January 1979).
15. A. Ekert, "From quantum code-making to quantum code-breaking," quant-ph/9703035.
16. D. Kahn, The Codebreakers: The Story of Secret Writing (Scribner, New York, 1996). For the definitions adopted here, see pp. xv-xviii and 989.
17. S. Singh, The Code Book (Doubleday, New York, 1999), especially Chaps. 6 and 7.
18. N. Gisin, Grégoire Ribordy, Wolfgang Tittel, and Hugo Zbinden, "Quantum cryptography," Rev. Mod. Phys. 74, 145-195 (2002), pp. 147-148, and Ref. 16, pp. 268-273.
19. Reference 15, pp. 71-88.
20. Reference 15, pp. 93-105.
21. "The Gold-Bug," published in 1843. See, for example, Complete Stories and Poems of Edgar Allan Poe (Doubleday, New York, 1966), pp. 70 and 819.
22. "The Adventure of the Dancing Men." See, for example, The Complete Sherlock Holmes (Doubleday, New York, 1966), p. 593.
23. Reference 16, pp. 20-25, and Ref. 15, pp. 99-105, provide detailed illustrative cryptanalyses of such cryptograms.
24. Reference 16, Chap. 4, describes the Enigma machine and recounts the remarkable story of how its cryptograms were cryptanalyzed.
25. See also A. Hodges, Alan Turing: The Enigma (Simon and Schuster, New York, 1983), Chap. 4.
26. Actually it is possible, though intrinsically inconvenient, for Alice and Bob to establish a secure key via conventional communication channels without meeting, as was discovered in 1976; see Ref. 16, pp. 253-267. Secure key distribution also is possible (in theory at least) via "quantum channels," for example, channels that carry pairs of spin 1/2 particles whose spin orientations can be measured by Alice and Bob; see Ref. 14. These secure key distribution schemes are beyond the scope of this paper.
27. I do not pretend that this analogy between cryptographic keys and safes is original. See, for example, Ref. 17.
28. Reference 16, pp. 245-249 and 379.
29. ASCII is the acronym for the American Standard Code for Information Interchange. For more information on ASCII, see 〈www.jimprice.com/jimasc. htm〉, especially the link to a decimal-to-ASCII chart.
30. See any textbook on elementary number theory, for example, K. H. Rosen, Elementary Number Theory and its Applications (Addison-Wesley, Reading, MA, 1993), pp. 119-125.
31. Reference 12, especially p. 292.
32. "How large a key should be used in the RSA cryptosystem?" 〈www.rsasecurity.com/rsalabs/node.asp?id=2218〉.
33. See also "TWIRL and RSA key size," 〈www.rsasecurity.com/ rsalabs/node.asp?id=2004〉.
34. A. Ekert, "Quantum cryptoanalysis - Introduction" (as updated by Wim van Dam, June 1999), 〈www.qubit.org/library/intros/cryptana. html〉.
35. R. Roskies, Scientific Director Pittsburgh Supercomputing Center, private communication.
36. "How Old is the Universe?" (NASA 4/30/04) at 〈map.gsfc.nasa.gov/m_uni/uni_ 101age.html〉.
37. Reference 9, pp. 164-166.
38. R. Crandall and C. Pomerance, Prime Numbers. A Computational Perspective (Springer, New York, 2001), pp. 225-232.
39. "What is the RSA Factoring Challenge?" 〈www.rsasecurity. com/rsalabs/node.asp?id=2192〉.
40. Reference 35, pp. 242-258.
41. "What are the best factoring methods in use today?" 〈www.rsasecurity.com/rsalabs/node.asp?id=2190〉.
42. "RSA-160 is factored!" 〈www.rsasecurity.com/rsalabs/node. asp?id=2097〉.
43. "The RSA challenge numbers," 〈www.rsasecurity.com/rsalabs/ node.asp?id=2093〉.
44. Reference 35, p. 265.
45. N. Koblitz, A Course in Number Theory and Cryptography (Springer, New York, 1987), pp. 3-4.
46. Reference 7, p. 35.
47. P. Ribenboim, The New Book of Prime Number Records (Springer, New York, 1995), p. 156, writes: "It is fairly easy, in practice, to produce large primes. It is, however, very difficult to produce a theoretical justification for the success of the method."
48. 2N, whereas factoring N to find its prime factors p and q requires computing times subexponential in L (as we have discussed, assuming only classical computers are available).
49. A recent test run demonstrated that even with an RSA key number of 2048 binary bits (that is, an RSA-617) a message consisting of approximately 32 000 ASCII characters could be routinely enciphered and deciphered in times of the order of seconds and at most minutes, respectively, employing merely a 700 MHz desktop computer (hardly a supercomputer). For example, using block sizes of 52 ASCII characters (recall Sec. II C), the encryption and decryption times were 1.46 and 30.3 s, respectively. Sam Scheinman, software engineer consultant, private communication.
50. Reference 28, pp. 278-279.
51. Reference 35, p. 386.
52. Reference 42, p. 94.
53. A. Odlyzko, "Discrete logarithms: The past and the future," Designs, Codes, Cryptogr. 19, 129-145 (2000).
54. J. Eisen and M. Wolf, "Quantum computing," quant-ph/0401019, cf, especially, p. 16.
55. See, for example, Ref. 6, Chap. 7.
56. D. J. Griffiths, Introduction to Quantum Mechanics (Prentice Hall, Englewood Cliffs, NJ, 1994), pp. 154-159.
57. V. Scarani, "Quantum computing," Am. J. Phys. 66, 956-960 (1998).
58. Reference 52, p. 12.
59. Reference 1, especially Eq. (35).
60. See, for example, Ref. 6, Chap. 4.
61. Reference 35, p. 7.
62. Reference 7, especially pp. 136-137.
63. See, for example, Ref. 6, pp. 18-19.
64. Reference 6, pp. 194-198.
65. Reference 6, pp. 217-220.
66. Reference 28, pp. 394-403.
67. See, for example, Ref. 5. These authors refer to G. H. Hardy and E. M. Wright, An Introduction to the Theory of Numbers (Clarendon, Oxford, 1965), Sec. 10.15, for a proof of the theorem.
68. Reference 35, p. 11.
69. Reference 44, pp. 319-320.
70. D. E. Knuth, The Art of Computer Programming (Addison-Wesley, Reading, MA, 1981), 3rd ed., Vol. 2, pp. 290 and 300 (see Problem 8).
71. L. Vandersypen, Matthias Steffen, Gregory Breyta, Costantino S. Yannoni, Mark H. Sherwood, and Isaac L. Chuang, "Experimental realization of Shor's quantum factoring algorithm using nuclear magnetic resonance," Nature (London) 414, 883-887 (2001).
72. Reference 28, pp. 201-204.
73. Reference 28, p. 187;
74. L. E. Dickson, Modern Elementary Theory of Numbers (University of Chicago, Chicago, 1939), p. 12, quotes the date of Fermat's Little Theorem.
75. Reference 28, pp. 80-84.
76. Reference 42, pp. 6-7.
77. Reference 28, p. 61; Ref. 66, p. 295.
78. Reference 28, p. 210.
79. Reference 28, pp. 132-133.