An Efficient Quantum Factoring Algorithm (2308.06572v3)

Abstract: We show that $n$-bit integers can be factorized by independently running a quantum circuit with $\tilde{O}(n^{3/2})$ gates for $\sqrt{n}+4$ times, and then using polynomial-time classical post-processing. The correctness of the algorithm relies on a number-theoretic heuristic assumption reminiscent of those used in subexponential classical factorization algorithms. It is currently not clear if the algorithm can lead to improved physical implementations in practice.

• The paper presents a quantum algorithm that reduces gate complexity from O(n^2) to O(n^(3/2)) compared to Shor's algorithm.
• The paper applies a lattice-based discrete Gaussian sampling technique combined with classical post-processing to efficiently extract factors.
• The paper highlights key theoretical insights and heuristic assumptions that advance quantum circuit optimization and cryptographic analysis.

An Efficient Quantum Factoring Algorithm

This paper presents a novel quantum algorithm aimed at improving the efficiency of integer factorization — a critical problem in computational number theory with substantial implications for cryptography. Building upon Shor's algorithm, which originally demonstrated efficient integer factorization on a quantum computer using a circuit of size $\tilde{O}(n^2)$, the proposed algorithm reduces this complexity to $\tilde{O}(n^{3/2})$. This reduction is achieved at the expense of increased quantum circuit iterations, specifically $\sqrt{n} + 4$ runs, each followed by polynomial-time classical post-processing.

Central to this development is a quantum circuit that performs a more efficient computation by reducing the number of gates, a critical factor in practical quantum computation where noise and decoherence pose significant challenges. The efficiency gain is partly attributed to a strategic lattice-based approach facilitated by a discrete Gaussian sampling technique. The algorithm post-processes quantum outputs using classical lattice reduction techniques to ensure factor extraction.

Key Contributions

1. Quantum Circuit Efficiency: The algorithm optimizes the gate complexity to $\tilde{O}(n^{3/2})$, significantly reducing the resources needed compared to Shor’s algorithm. This is achieved by leveraging small exponentiation operations that transform potentially large numbers, mitigating the complexity of the computation.
2. Lattice Reduction for Post-Processing: Post-processing harnesses a polynomial-time lattice reduction algorithm, which plays a pivotal role in the factorization process. The lattice approach here is reminiscent of strategies used in subexponential classical algorithms and relies on a theoretical understanding akin to heuristics used in these classical counterparts.
3. Theoretical Insights and Assumptions: The algorithm hinges on a number-theoretic heuristic assumption. A crucial assumption is the existence of certain lattice vectors of bounded norm, which directly influences the success probability of the factorization process.
4. Option for Reduced Quantum Depth: Further enhancements allow for circuits of even smaller sizes, provided super-polynomial classical computation time could be afforded, as discussed in the exploratory avenues of the paper.

Implications and Future Directions

The implications of this work are profound, particularly for cryptosystems reliant on the difficulty of factorizing large integers — such as RSA. A practical implementation of this algorithm could potentially disrupt these cryptosystems if quantum computing technology evolves to support such tasks at scale.

However, it remains essential to consider the impracticality of the algorithm for small $n$ due to asymptotic analysis limitations. Near-term implementation challenges include the feasibility of approximate quantum circuits, managing hidden constants, and practical limitations with current quantum hardware capabilities.

The paper hints at future developments, suggesting that further reductions in quantum circuit space could make the algorithm more practical. Follow-up work has suggested improvements in the number of qubits required, aligning more closely with real-world constraints.

In summary, this work represents a significant theoretical advancement in quantum algorithms for integer factorization. It lays groundwork for future exploration into quantum circuit optimization and its intersection with lattice-based cryptographic analysis. Further research in these directions could enable more practical applications, bridging the gap between theoretical feasibility and practical implementation in quantum computing.