Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint

Abstract. We address the problem of polynomial time factoring RSA moduli N1 = p1q1 with the help of an oracle. As opposed to other ap-proaches that require an oracle that explicitly outputs bits of p1, we use an oracle that gives only implicit information about p1. Namely, our or-acle outputs a different N2 = p2q2 such that p1 and p2 share the t least significant bits. Surprisingly, this implicit information is already suffi-cient to efficiently factor N1, N2 provided that t is large enough. We then generalize this approach to more than one oracle query. Key words: Factoring with an oracle, lattices

Strengths and Weaknesses of Quantum Computing

Recently a great deal of attention has focused on quantum computation following a sequence of results suggesting that quantum computers are more powerful than classical probabilistic computers. Following Shor's result that factoring and the extraction of discrete logarithms are both solvable in quantum polynomial time, it is natural to ask whether all of NP can be efficiently solved in quantum polynomial time. In this paper, we address this question by proving that relative to an oracle chosen uniformly at random, with probability 1, the class NP cannot be solved on a quantum Turing machine in time $o(2^{n/2})$. We also show that relative to a permutation oracle chosen uniformly at random, with probability 1, the class $NP \cap coNP$ cannot be solved on a quantum Turing machine in time $o(2^{n/3})$. The former bound is tight since recent work of Grover shows how to accept the class NP relative to any oracle on a quantum computer in time $O(2^{n/2})$.Comment: 18 pages, latex, no figures, to appear in SIAM Journal on Computing (special issue on quantum computing

A deterministic version of Pollard's p-1 algorithm

In this article we present applications of smooth numbers to the unconditional derandomization of some well-known integer factoring algorithms. We begin with Pollard's $p-1$ algorithm, which finds in random polynomial time the prime divisors $p$ of an integer $n$ such that $p-1$ is smooth. We show that these prime factors can be recovered in deterministic polynomial time. We further generalize this result to give a partial derandomization of the $k$-th cyclotomic method of factoring ($k\ge 2$) devised by Bach and Shallit. We also investigate reductions of factoring to computing Euler's totient function $\phi$. We point out some explicit sets of integers $n$ that are completely factorable in deterministic polynomial time given $\phi(n)$. These sets consist, roughly speaking, of products of primes $p$ satisfying, with the exception of at most two, certain conditions somewhat weaker than the smoothness of $p-1$. Finally, we prove that $O(\ln n)$ oracle queries for values of $\phi$ are sufficient to completely factor any integer $n$ in less than $\exp\Bigl((1+o(1))(\ln n)^{{1/3}} (\ln\ln n)^{{2/3}}\Bigr)$ deterministic time.Comment: Expanded and heavily revised version, to appear in Mathematics of Computation, 21 page

Five Quantum Algorithms Using Quipper

Quipper is a recently released quantum programming language. In this report, we explore Quipper's programming framework by implementing the Deutsch's, Deutsch-Jozsa's, Simon's, Grover's, and Shor's factoring algorithms. It will help new quantum programmers in an instructive manner. We choose Quipper especially for its usability and scalability though it's an ongoing development project. We have also provided introductory concepts of Quipper and prerequisite backgrounds of the algorithms for readers' convenience. We also have written codes for oracles (black boxes or functions) for individual algorithms and tested some of them using the Quipper simulator to prove correctness and introduce the readers with the functionality. As Quipper 0.5 does not include more than \ensuremath{4 \times 4} matrix constructors for Unitary operators, we have also implemented \ensuremath{8 \times 8} and \ensuremath{16 \times 16} matrix constructors.Comment: 27 page