Shor's factoring algorithm (SFA), by its ability to efficiently factor large
numbers, has the potential to undermine contemporary encryption. At its heart
is a process called order finding, which quantum mechanics lets us perform
efficiently. SFA thus consists of a \emph{quantum order finding algorithm}
(QOFA), bookended by classical routines which, given the order, return the
factors. But, with probability up to 1/2, these classical routines fail, and
QOFA must be rerun. We modify these routines using elementary results in number
theory, improving the likelihood that they return the factors.
The resulting quantum factoring algorithm is better than SFA at factoring
safe semiprimes, an important class of numbers used in cryptography. With just
one call to QOFA, our algorithm almost always factors safe semiprimes. As well
as a speed-up, improving efficiency gives our algorithm other, practical
advantages: unlike SFA, it does not need a randomly picked input, making it
simpler to construct in the lab; and in the (unlikely) case of failure, the
same circuit can be rerun, without modification.
We consider generalizing this result to other cases, although we do not find
a simple extension, and conclude that SFA is still the best algorithm for
general numbers (non safe semiprimes, in other words). Even so, we present some
simple number theoretic tricks for improving SFA in this case.Comment: v2 : Typo correction and rewriting for improved clarity v3 : Slight
expansion, for improved clarit