Revisiting Shor's quantum algorithm for computing general discrete logarithms

We heuristically demonstrate that Shor's algorithm for computing general discrete logarithms, modified to allow the semi-classical Fourier transform to be used with control qubit recycling, achieves a success probability of approximately 60% to 82% in a single run. By slightly increasing the number of group operations that are evaluated quantumly, and by performing a limited search in the classical post-processing, we furthermore show how the algorithm can be modified to achieve a success probability exceeding 99% in a single run. We provide concrete heuristic estimates of the success probability of the modified algorithm, as a function of the group order, the size of the search space in the classical post-processing, and the additional number of group operations evaluated quantumly. In analogy with our earlier works, we show how the modified quantum algorithm may be simulated classically when the logarithm and group order are both known. Furthermore, we show how slightly better tradeoffs may be achieved, compared to our earlier works, if the group order is known when computing the logarithm.Comment: The pre-print has been extended to show how slightly better tradeoffs may be achieved, compared to our earlier works, if the group order is known. A minor issue with an integration limit, that lead us to give a rough success probability estimate of 60% to 70%, as opposed to 60% to 82%, has been corrected. The heuristic and results reported in the original pre-print are otherwise unaffecte

Gradual sub-lattice reduction and a new complexity for factoring polynomials

We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well

A deterministic version of Pollard's p-1 algorithm

In this article we present applications of smooth numbers to the unconditional derandomization of some well-known integer factoring algorithms. We begin with Pollard's $p-1$ algorithm, which finds in random polynomial time the prime divisors $p$ of an integer $n$ such that $p-1$ is smooth. We show that these prime factors can be recovered in deterministic polynomial time. We further generalize this result to give a partial derandomization of the $k$-th cyclotomic method of factoring ($k\ge 2$) devised by Bach and Shallit. We also investigate reductions of factoring to computing Euler's totient function $\phi$. We point out some explicit sets of integers $n$ that are completely factorable in deterministic polynomial time given $\phi(n)$. These sets consist, roughly speaking, of products of primes $p$ satisfying, with the exception of at most two, certain conditions somewhat weaker than the smoothness of $p-1$. Finally, we prove that $O(\ln n)$ oracle queries for values of $\phi$ are sufficient to completely factor any integer $n$ in less than $\exp\Bigl((1+o(1))(\ln n)^{{1/3}} (\ln\ln n)^{{2/3}}\Bigr)$ deterministic time.Comment: Expanded and heavily revised version, to appear in Mathematics of Computation, 21 page

Factoring bivariate sparse (lacunary) polynomials

We present a deterministic algorithm for computing all irreducible factors of degree $\le d$ of a given bivariate polynomial $f\in K[x,y]$ over an algebraic number field $K$ and their multiplicities, whose running time is polynomial in the bit length of the sparse encoding of the input and in $d$. Moreover, we show that the factors over \Qbarra of degree $\le d$ which are not binomials can also be computed in time polynomial in the sparse length of the input and in $d$.Comment: 20 pp, Latex 2e. We learned on January 23th, 2006, that a multivariate version of Theorem 1 had independently been achieved by Erich Kaltofen and Pascal Koira

Splitting full matrix algebras over algebraic number fields

Let K be an algebraic number field of degree d and discriminant D over Q. Let A be an associative algebra over K given by structure constants such that A is isomorphic to the algebra M_n(K) of n by n matrices over K for some positive integer n. Suppose that d, n and D are bounded. Then an isomorphism of A with M_n(K) can be constructed by a polynomial time ff-algorithm. (An ff-algorithm is a deterministic procedure which is allowed to call oracles for factoring integers and factoring univariate polynomials over finite fields.) As a consequence, we obtain a polynomial time ff-algorithm to compute isomorphisms of central simple algebras of bounded degree over K.Comment: 15 pages; Theorem 2 and Lemma 8 correcte

Algebraic Problems Equivalent to Beating Exponent 3/2 for Polynomial Factorization over Finite Fields

The fastest known algorithm for factoring univariate polynomials over finite fields is the Kedlaya-Umans (fast modular composition) implementation of the Kaltofen-Shoup algorithm. It is randomized and takes $\widetilde{O}(n^{3/2}\log q + n \log^2 q)$ time to factor polynomials of degree $n$ over the finite field $\mathbb{F}_q$ with $q$ elements. A significant open problem is if the $3/2$ exponent can be improved. We study a collection of algebraic problems and establish a web of reductions between them. A consequence is that an algorithm for any one of these problems with exponent better than $3/2$ would yield an algorithm for polynomial factorization with exponent better than $3/2$