Quantum computers won’t just break some encryption; they’ll shatter the foundations of most public-key cryptography we rely on today. The core reason is Shor’s algorithm, a quantum marvel that can factor large numbers exponentially faster than any classical algorithm.
Imagine you have two huge prime numbers, p and q. Multiplying them to get N = p * q is easy. But given N, finding p and q (factoring N) is incredibly hard for classical computers. This difficulty is the bedrock of RSA, the most widely used public-key cryptosystem. Shor’s algorithm turns this "hard" problem into a "trivial" one for a quantum computer.
Here’s how Shor’s algorithm works, conceptually:
-
The Core Problem: Finding the Period of a Function. Shor’s algorithm doesn’t directly factor numbers. Instead, it cleverly transforms the factoring problem into finding the period of a specific mathematical function. This function,
f(x) = a^x mod N, whereais a random number less thanNandNis the number to be factored, has a repeating pattern (a period). For example, ifN=15anda=7, the sequence7^1 mod 15,7^2 mod 15,7^3 mod 15, … is7, 4, 13, 1, 7, 4, 13, 1, .... The period here is 4. -
Quantum Fourier Transform (QFT): The Secret Sauce. Finding this period classically is still hard. This is where quantum mechanics shines. The QFT is a quantum algorithm that, when applied to a superposition of states representing the function’s inputs, can efficiently reveal the period. A quantum computer can create a superposition of all possible
xvalues and then computef(x)for all of them simultaneously. The QFT then "collapses" this superposition into states that are highly likely to correspond to multiples of the period. -
From Period to Factors. Once the period,
r, is found, a few simple classical steps can reveal the prime factorspandq. Ifris even, thenpandqcan be found by calculatinggcd(a^(r/2) - 1, N)andgcd(a^(r/2) + 1, N). Thesegcd(greatest common divisor) calculations are easy for classical computers.
Let’s see a simplified example of the QFT’s power. Suppose we want to find the period of f(x) = 2^x mod 15.
The sequence is 2, 4, 8, 1, 2, 4, 8, 1, .... The period r is 4.
A classical computer would compute these values one by one:
2^1 mod 15 = 2
2^2 mod 15 = 4
2^3 mod 15 = 8
2^4 mod 15 = 1
2^5 mod 15 = 2 (We’ve seen 2 before, so the period is 4). This takes several steps.
A quantum computer, using Shor’s algorithm, would:
- Prepare two quantum registers. The first register holds a superposition of all possible
xvalues from 0 up to some large number. The second register holdsf(x) = a^x mod Nfor eachx. - Apply the QFT to the first register. This is the crucial step. The QFT transforms the superposition in a way that amplifies the states corresponding to the period.
- Measure the first register. The measurement will yield a value that is highly likely to be a multiple of
N/r(whereNis the modulus, andris the period).
For our a=2, N=15 example, the period r is 4. A quantum computer would, with high probability, output a value that, when used in the classical post-processing, reveals r=4. Then, gcd(2^(4/2) - 1, 15) = gcd(2^2 - 1, 15) = gcd(3, 15) = 3, and gcd(2^(4/2) + 1, 15) = gcd(2^2 + 1, 15) = gcd(5, 15) = 5. We’ve successfully factored 15 into 3 and 5.
The "exponential speedup" comes from the fact that the QFT can find the period in a number of steps that scales polynomially with the number of bits in N, whereas the best classical algorithms for factoring scale sub-exponentially (but still much, much slower). For a 2048-bit RSA key, factoring classically could take longer than the age of the universe, but a sufficiently large quantum computer could do it in hours or days.
This threat is why the cryptography community is actively developing and standardizing "post-quantum cryptography" (PQC) algorithms that are believed to be resistant to attacks from both classical and quantum computers. These new algorithms rely on different hard mathematical problems, like lattice-based cryptography or hash-based signatures.
The truly mind-bending aspect of Shor’s algorithm is how it leverages quantum superposition and entanglement to explore all possible inputs and their corresponding outputs simultaneously, then uses the QFT to efficiently extract periodic information that is the key to breaking the discrete logarithm and integer factorization problems. It’s not just a faster algorithm; it’s a fundamentally different way of computing.
Once you’ve grappled with Shor’s algorithm and its implications for RSA, the next frontier is understanding Grover’s algorithm, which offers a quadratic speedup for searching unstructured databases and can impact symmetric encryption.