Get AI summaries of any video or article — Sign up free
How Quantum Computers Break Encryption | Shor's Algorithm Explained thumbnail

How Quantum Computers Break Encryption | Shor's Algorithm Explained

minutephysics·
5 min read

Based on minutephysics's video on YouTube. If you like this content, support the original creators by watching, liking and subscribing to their content.

TL;DR

Encryption based on large-number factoring depends on the asymmetry between fast multiplication and slow factoring on classical computers.

Briefing

Encryption for much of the internet depends on a stubborn math problem: multiplying two large primes is easy, but reversing the process—factoring the big number back into its primes—appears to take an impractically long time on ordinary computers. That asymmetry is the backbone of widely used public-key systems. If a sufficiently large quantum computer becomes available, that advantage could collapse quickly, because Shor’s algorithm turns factoring into a task quantum hardware can accelerate dramatically.

The core mechanism starts with how factoring can be reframed. Pick a random number g less than N, where N is the composite number used to lock data. If g shares a factor with N, Euclid’s algorithm can efficiently find that common factor and the encryption falls apart. The problem is that for the huge numbers used in real encryption, a random g almost never shares a factor directly. Shor’s algorithm therefore uses a number-theory trick: for many g that are coprime to N, some power g^p will equal a multiple of N plus 1. Once that p is known, the expression g^(p/2) ± 1 can be manipulated into two quantities whose factors are tied to the factors of N. Even when those two quantities aren’t themselves the primes, taking their greatest common divisors with N (again via Euclid’s algorithm) can reveal the hidden factors.

On a normal computer, finding the crucial exponent p is the bottleneck. Determining p requires effectively searching through many possible powers until the “multiple of N plus 1” condition appears, and for thousand-digit numbers this becomes more expensive than brute-force factoring itself. Shor’s algorithm’s quantum advantage is aimed squarely at this step: instead of checking powers one by one, quantum computation uses superposition and interference to extract the period p efficiently.

The quantum part begins by preparing a superposition over possible exponents x and computing g^x modulo N, tracking the remainder relative to multiples of N. Measuring too early would just yield a random remainder and waste the structure. The algorithm instead exploits a repeating property: if g^x is r more than a multiple of N, then g^(x+p) is also r more than a multiple of N. That periodicity means the remainders line up in a way that leaves behind a superposition of exponents spaced by p. The next move is to apply the quantum Fourier transform, which converts that periodic structure into a frequency—effectively producing information about 1/p. Measuring then yields an estimate of 1/p, which is inverted to recover p.

With p in hand (and with high probability that p is even and the derived candidates aren’t trivial multiples of N), the algorithm computes g^(p/2) ± 1, uses Euclid’s algorithm to extract nontrivial common factors of N, and finally enables decryption. The result is a pathway from “hard factoring” to “fast factoring” that could undermine RSA-style security at scale. Current quantum machines are far from the memory and error-correction demands needed to factor real-world key sizes, but the threat model changes once large, fault-tolerant quantum computers arrive. In the meantime, the transcript points to practical mitigations like using strong, modern key sizes and password managers that rely on large-number encryption (e.g., 2048-bit) to stay ahead of brute-force factoring progress.

Cornell Notes

Shor’s algorithm breaks encryption by turning the hard task of factoring N into finding a period p related to powers of a chosen number g modulo N. If g^p equals a multiple of N plus 1, then g^(p/2) ± 1 can be used to derive nontrivial factors of N via Euclid’s algorithm. The expensive part on classical computers is discovering p by searching through many powers, which becomes infeasible for large, encryption-sized numbers. Quantum computation accelerates this by using superposition, interference, and the quantum Fourier transform to extract the periodicity p efficiently. Once p is recovered, factoring—and therefore decryption—becomes practical for sufficiently capable quantum hardware.

Why does factoring large numbers matter for internet encryption?

Many public-key encryption schemes rely on the idea that multiplying primes is fast, but factoring the resulting large composite number N is extremely slow on classical computers. If an attacker can factor N, they can compute the secret structure needed to decrypt messages. The transcript emphasizes that while multiplication is quick, finding prime factors for large N is the expensive step that makes encryption work.

How does Shor’s algorithm use a random guess g to reach the factors of N?

Choose g < N. If g shares a factor with N, Euclid’s algorithm quickly finds that common factor, and the encryption breaks. Usually g is coprime to N for large cryptographic N, so Shor instead looks for an exponent p such that g^p is a multiple of N plus 1. Then g^(p/2) ± 1 is constructed so that its factors are linked to the factors of N; taking gcds with N yields nontrivial factors.

What makes the exponent p hard on classical computers?

Classically, determining p requires effectively searching through many powers of g until g^p hits the “multiple of N plus 1” condition. For encryption-sized numbers (hundreds to thousands of digits), p can be large and the search becomes astronomically time-consuming—so slow that it can rival or exceed brute-force factoring.

How does quantum computation make finding p fast?

Quantum hardware evaluates g^x modulo N for many x at once using superposition. Because the remainders repeat periodically with period p, the algorithm arranges the computation so that wrong periodic information cancels through destructive interference. The quantum Fourier transform then converts the periodicity into a measurable frequency related to 1/p, allowing p to be inferred.

Why does the quantum Fourier transform matter here?

The periodic structure in the remainders means the exponents are spaced by p. The quantum Fourier transform is designed to detect such periodicity: when applied to a superposition with period p, it produces a state whose measurement yields information about 1/p. Inverting that measurement gives p, which is the key ingredient for constructing g^(p/2) ± 1 and extracting factors.

What practical limitations keep quantum factoring from breaking real encryption today?

The transcript notes that current quantum implementations of Shor’s algorithm lack enough memory and fault tolerance to factor numbers comparable to modern key sizes. Early demonstrations factor small numbers (like 15, 21, and 35), and other quantum factoring methods have reached larger composites, but scaling to real-world RSA-sized integers would require vastly more quantum memory and error-corrected operations.

Review Questions

  1. What condition on g^p (in terms of N) allows Shor’s algorithm to derive candidates for factors of N?
  2. Why is finding the period p the central computational bottleneck on classical computers?
  3. How does the quantum Fourier transform turn periodicity in remainders into measurable information about 1/p?

Key Points

  1. 1

    Encryption based on large-number factoring depends on the asymmetry between fast multiplication and slow factoring on classical computers.

  2. 2

    Shor’s algorithm reduces factoring to finding a period p such that g^p is a multiple of N plus 1 for a chosen g.

  3. 3

    Once p is known, computing g^(p/2) ± 1 and taking gcds with N can reveal nontrivial factors of N.

  4. 4

    Classical computation struggles because determining p requires searching through many powers, which becomes infeasible for encryption-sized integers.

  5. 5

    Quantum speedup comes from superposition and interference that preserve the periodic structure while canceling incorrect outcomes.

  6. 6

    The quantum Fourier transform is the mechanism that extracts the period by converting periodicity into a frequency related to 1/p.

  7. 7

    Real-world decryption requires quantum hardware with enough qubits and error correction to run Shor’s algorithm at cryptographic scales, which remains beyond today’s machines.

Highlights

Shor’s algorithm hinges on finding an exponent p where g^p ≡ 1 (mod N); that single period unlocks the factorization route.
The expensive classical step is searching for p among many possible powers, but quantum computation targets exactly that step.
Periodic remainders with period p become detectable via the quantum Fourier transform, turning structure into a measurable frequency.
With p recovered (and under conditions like p even), gcd computations on g^(p/2) ± 1 can expose the primes inside N.
Current quantum systems can factor small toy examples, but scaling to modern key sizes would require far more quantum memory and fault tolerance.

Topics

  • Shor's Algorithm
  • Quantum Factoring
  • Modular Arithmetic
  • Quantum Fourier Transform
  • Encryption Security

Mentioned

Get summaries like this for any content

Videos, articles, research papers — all summarized by AI and searchable in one place.

Start building your library