Shor’s Algorithm: How Far From Cracking the Code?

Author: Denis Avetisyan

A new review assesses the practical hurdles in running Shor’s algorithm on today’s quantum hardware and what it means for the future of cryptography.

The measured quantum process tomography (QPT) histogram, derived from $N=15$ simulations, demonstrates the inherent statistical distribution of reconstructed quantum states-a distribution that inevitably propagates uncertainty and foreshadows the limits of precise state determination.

Current noisy intermediate-scale quantum (NISQ) devices are not yet capable of breaking standard cryptographic key sizes with Shor’s algorithm, but continued development necessitates ongoing evaluation of quantum threats.

Despite theoretical projections suggesting the eventual feasibility of cryptographically relevant factorization using quantum algorithms, current quantum hardware presents significant limitations. This work, ‘Practical Challenges in Executing Shor’s Algorithm on Existing Quantum Platforms’, experimentally investigates the implementation of Shor’s algorithm on available cloud-based quantum processors, revealing a substantial gap between theoretical capabilities and demonstrable performance. Our findings indicate that factoring even modest key sizes remains impractical due to constraints in circuit construction and unstable machine fidelities. As quantum technology progresses, continued assessment of these challenges is crucial to accurately gauge the evolving threat to current cryptographic standards.

The Looming Fracture: Cryptography at an Inflection Point

The foundation of secure online transactions, digital signatures, and confidential data transmission rests heavily on public-key cryptography, most notably algorithms like RSA and Elliptic Curve Cryptography (ECC). These systems allow for secure communication by utilizing a pair of mathematically linked keys – a public key, widely distributed for encryption, and a private key, kept secret for decryption. This asymmetric key exchange enables anyone to encrypt a message for a recipient, but only the holder of the corresponding private key can decrypt it. From securing $https://www.example.com$ web sessions to protecting email communications and enabling secure e-commerce, RSA and ECC are integral to the digital infrastructure supporting modern life, silently safeguarding vast quantities of sensitive information daily. The widespread adoption of these algorithms means their potential compromise presents a systemic risk with far-reaching consequences.

The security of widely used public-key cryptosystems, such as RSA and Elliptic Curve Cryptography (ECC), is fundamentally rooted in the presumed difficulty of certain mathematical problems. RSA’s strength lies in the computational challenge of factoring large integers – determining the prime numbers that, when multiplied together, produce the public key’s modulus. Successfully factoring this large number would compromise the encryption. Similarly, ECC relies on the discrete logarithm problem; given a point on an elliptic curve and a multiple of another point, determining the original point’s multiplier is computationally intractable for classical computers. Both problems, while efficiently solvable with currently known algorithms for small numbers, become exponentially more difficult as the key size increases, creating a barrier to decryption – a barrier that is, however, increasingly threatened by the advent of quantum computing.

The bedrock of much contemporary digital security, public-key cryptography, faces a fundamental challenge due to the potential of quantum algorithms. Currently, systems like RSA and Elliptic Curve Cryptography (ECC) depend on the presumed intractability of certain mathematical problems – namely, factoring large numbers and solving the discrete logarithm problem. However, Shor’s algorithm, a quantum algorithm developed in 1994, provides a demonstrably efficient method for solving both of these problems. While classical computers would require exponential time to factor a sufficiently large number, a quantum computer running Shor’s algorithm could achieve this in polynomial time. This capability effectively breaks the cryptographic security of these widely-used systems, rendering encrypted communications vulnerable and potentially compromising the integrity of digital transactions. The vulnerability isn’t theoretical; as quantum computing technology advances, the risk of decryption – and therefore, a breach of confidentiality – becomes increasingly tangible.

The emergence of sufficiently powerful quantum computers represents a fundamental challenge to the foundations of modern digital security. Current encryption standards, such as RSA and Elliptic Curve Cryptography (ECC), depend on mathematical problems – integer factorization and the discrete logarithm problem – that are exceedingly difficult for classical computers to solve within a reasonable timeframe. However, quantum algorithms, notably Shor’s algorithm, can efficiently solve these problems, effectively rendering these widely-used cryptographic systems obsolete. This isn’t a distant hypothetical; the accelerating progress in quantum computing hardware suggests that a “cryptographic apocalypse” – where sensitive data becomes readily accessible – is a genuine possibility. The confidentiality of financial transactions, the integrity of digital signatures, and the privacy of personal communications are all potentially at risk, demanding urgent development and implementation of post-quantum cryptographic solutions to safeguard digital information in the quantum era.

Shor’s Algorithm: The Quantum Key to Factorization

Shor’s algorithm achieves a polynomial-time complexity of approximately $O((log n)^3)$ for factoring integers $n$, contrasting sharply with the best-known classical algorithms, such as the General Number Field Sieve, which have sub-exponential time complexities. This performance difference arises from the algorithm’s ability to exploit quantum superposition and entanglement to explore a vast solution space concurrently. Classical algorithms require, in the worst case, exponential time to factor large numbers, rendering them impractical for numbers used in modern cryptography. The polynomial scaling of Shor’s algorithm implies that the time required to factor a number increases relatively slowly with its size, posing a potential threat to the security of widely used public-key cryptosystems like RSA, which rely on the computational difficulty of factorization.

The Quantum Fourier Transform (QFT) is central to Shor’s algorithm by enabling the efficient determination of the period, $r$, in the modular exponentiation $a^x \mod N$. Finding this period is accomplished by transforming the problem from the computational basis to the phase basis, where the period is revealed as a dominant frequency component. Classical algorithms require a number of operations proportional to $N$ to find this period; the QFT reduces this complexity to $O(log^2 N)$ operations, providing a significant speedup. Specifically, the QFT operates on a superposition of states representing different values of $x$ and extracts the phase information related to the period $r$, which is then used to calculate the factors of $N$ using the continued fractions algorithm.

Order finding, central to Shor’s algorithm, determines the period $r$ for which $a^r \equiv 1 \pmod{N}$, where $a$ and $N$ are integers. This is accomplished via the Quantum Phase Estimation (QPE) subroutine. QPE estimates the eigenvalue of the unitary operator $U|x\rangle = |ax \pmod{N}\rangle$. By applying controlled unitary operations and leveraging the Quantum Fourier Transform, QPE effectively extracts the phase, which directly corresponds to the period $r$. The accuracy of the period estimation is crucial, as it dictates the success of factoring $N$. The resulting phase, represented as a quantum state, is then measured to reveal the period $r$ with high probability.

Recent implementations of Shor’s algorithm on IBM quantum hardware have successfully demonstrated the detection of a quantum signal for factoring the small integers 15 and 21. These experiments utilized publicly accessible quantum processing units (QPUs) and represent a proof-of-concept for running the algorithm on real quantum hardware. However, these demonstrations are limited by qubit count, coherence times, and gate fidelities, preventing the factorization of larger numbers. Scaling Shor’s algorithm to factor integers of cryptographically relevant sizes – typically 2048-bit RSA keys or larger – requires a substantial increase in the number of high-quality qubits and significant improvements in quantum error correction techniques, presenting a considerable engineering and scientific challenge.

The Qubit Landscape: Diverse Paths to a Fragile Reality

Current quantum computing research investigates a diverse range of physical systems for qubit realization. These platforms include, but are not limited to, trapped ions, neutral atoms, superconducting circuits, semiconductor quantum dots, and nitrogen-vacancy (NV) centers in diamond. Each platform presents unique advantages concerning coherence times, scalability, connectivity, and fabrication complexity. For example, trapped ions and neutral atoms typically exhibit long coherence times but can be limited in scalability, while superconducting qubits offer ease of fabrication and control but are susceptible to decoherence. Quantum dots and NV centers represent alternative approaches with potential for miniaturization and integration, though they also face challenges in achieving high-fidelity control and long coherence. The selection of an optimal platform depends on the specific application and the trade-offs between these competing factors.

Trapped-ion and neutral atom platforms establish qubits by leveraging the internal energy levels – specifically, electronic states – of individual ions or atoms. These systems function as “natural qubits” because the quantum information is encoded in properties intrinsic to the atom itself, rather than requiring complex fabrication. A key advantage of these platforms is their demonstrated ability to achieve long coherence times – often exceeding several seconds in some implementations – which is critical for performing complex quantum computations. Coherence is maintained through precise control of the electromagnetic environment, including vacuum conditions and laser cooling techniques that minimize interactions leading to decoherence. The long coherence times observed in trapped-ion and neutral atom systems currently position them as leading candidates for realizing fault-tolerant quantum computers.

Synthetic qubits, including superconducting qubits, quantum dots, and nitrogen-vacancy (NV) centers in diamond, are created through materials engineering and fabrication processes to exhibit quantum behavior. Superconducting qubits utilize Josephson junctions to create nonlinear circuits with quantized energy levels, allowing for qubit definition. Quantum dots, semiconductor nanocrystals, confine electrons, and their spin states serve as qubits. NV centers leverage the spin of unpaired electrons associated with nitrogen impurities in the diamond lattice. These platforms prioritize control over individual qubits and scalability to larger systems, though they generally exhibit shorter coherence times compared to natural qubits like trapped ions or neutral atoms. Current research focuses on improving coherence and fidelity while increasing qubit count and connectivity within these synthetic qubit architectures.

Topological qubits represent a distinct approach to quantum computation by encoding quantum information in the topology of exotic quasiparticles known as anyons. Unlike other qubit implementations susceptible to decoherence from local environmental noise, topological qubits are inherently robust due to the non-local nature of their encoding. Information is stored not in the state of a single particle, but in the braiding patterns of these anyons; manipulating these patterns performs quantum computations. Specifically, Majorana fermions – a type of anyon – are predicted to exist as emergent excitations in certain materials, and their non-Abelian exchange statistics allow for topologically protected quantum gates. This protection arises because local perturbations cannot alter the braiding history, preserving the encoded quantum state and minimizing errors, though creating and controlling these quasiparticles remains a significant materials science and engineering challenge.

Confronting Noise: Towards a Fragile, Yet Necessary, Computation

The current phase of quantum computing, known as the Noisy Intermediate-Scale Quantum (NISQ) era, presents substantial hurdles to realizing the full potential of quantum algorithms. These systems are defined by a limited number of qubits – the fundamental units of quantum information – and, crucially, a high susceptibility to noise. This noise manifests as errors arising from environmental disturbances and imperfections in the quantum gates that manipulate the qubits. Consequently, even relatively simple computations can quickly become unreliable, as errors accumulate and corrupt the quantum state. The challenges posed by this inherent noise severely restrict the complexity of algorithms that can be effectively executed on NISQ devices, necessitating innovative approaches to error mitigation and, ultimately, fault-tolerant quantum computation to unlock the technology’s transformative capabilities.

Quantum information, unlike its classical counterpart, is incredibly fragile. Environmental interactions and imperfections in quantum gates inevitably introduce errors, manifesting as both decoherence – the loss of quantum superposition – and gate errors during computation. Quantum Error Correction (QEC) addresses this fundamental challenge by encoding a single logical qubit – the unit of quantum information – across multiple physical qubits. This redundancy allows for the detection and correction of errors without directly measuring the quantum state, which would destroy the superposition. Sophisticated QEC codes, such as surface codes and topological codes, distribute quantum information in a way that makes it resilient to localized errors. While implementing QEC demands a significant overhead in qubit resources, it is widely considered a prerequisite for achieving fault-tolerant quantum computation and realizing the full potential of quantum algorithms, effectively shielding delicate quantum states from the inevitable noise present in any physical system.

Quantum computation fundamentally relies on the principles of reversibility, demanding that all operations preserve quantum information; irreversible steps, common in classical computing, introduce entropy and destroy superposition. Consequently, specialized arithmetic circuits are essential. Reversible arithmetic, exemplified by the Cuccaro Adder, facilitates quantum computations by performing addition – a cornerstone of many algorithms – without information loss. Unlike classical adders which discard carry bits, reversible designs like Cuccaro’s preserve all intermediate values as ancilla qubits, allowing for the complete reconstruction of the initial state. This meticulous preservation of quantum information is not merely a theoretical requirement; it is a practical necessity for implementing complex quantum algorithms and maintaining the integrity of quantum computations in the presence of noise, paving the way for scalable quantum processors.

Achieving scalable quantum error correction, while theoretically sound, presents formidable engineering hurdles. Protecting quantum information demands redundancy – encoding a single logical qubit into multiple physical qubits – and this necessitates a substantial increase in qubit count. Current strategies often require dozens, or even hundreds, of physical qubits to reliably represent a single logical qubit, dramatically increasing the scale of quantum processors. Beyond qubit overhead, the control complexity escalates rapidly. Each physical qubit requires precise manipulation and measurement, and implementing the complex control sequences needed for error detection and correction introduces significant challenges in calibration, timing, and cross-talk mitigation. Furthermore, the real-time processing of error syndromes and application of corrective operations places stringent demands on classical control hardware and software, pushing the boundaries of current technology and highlighting the need for co-design of quantum and classical computing elements.

A Quantum Future: The Inevitable Shift and the Opportunities It Presents

The advent of scalable, fault-tolerant quantum computers promises a paradigm shift in numerous scientific disciplines. Currently intractable problems in drug discovery, such as accurately modeling molecular interactions and predicting drug efficacy, could become solvable through quantum simulations. Similarly, materials science stands to benefit immensely, with the ability to design novel materials with unprecedented properties by simulating the behavior of electrons at the atomic level. These computations, exponentially complex for classical computers, leverage quantum phenomena like superposition and entanglement to explore vast chemical spaces and accelerate the discovery of new catalysts, superconductors, and other advanced materials. This capability extends beyond these fields, offering potential breakthroughs in areas like financial modeling, optimization problems, and artificial intelligence, ultimately reshaping the landscape of scientific innovation.

The looming threat of quantum computers breaking widely-used encryption standards is driving significant innovation in cryptography. Researchers are actively developing quantum-resistant algorithms – cryptographic systems designed to withstand attacks from both classical and quantum computers. These next-generation methods, often based on mathematical problems believed to be hard even for quantum machines – such as lattice-based cryptography, multivariate cryptography, code-based cryptography, and hash-based signatures – represent a proactive shift towards securing digital information in a post-quantum world. The National Institute of Standards and Technology (NIST) is currently leading a process to standardize several of these promising algorithms, ensuring a smooth transition and maintaining the confidentiality and integrity of sensitive data as quantum computing technology matures. This isn’t simply about patching existing systems; it’s about building a fundamentally more secure digital infrastructure for the future.

Photonic quantum computing presents a compelling alternative to more established quantum computing platforms by leveraging photons – particles of light – as qubits. Unlike superconducting or trapped-ion systems which require extremely low temperatures to operate, photons can maintain quantum coherence at room temperature, significantly reducing infrastructure costs and complexity. Furthermore, photons naturally exhibit high connectivity, allowing for easier creation of entangled states between qubits, a crucial element for performing complex quantum calculations. This inherent connectivity simplifies the architecture needed to scale up the number of qubits, potentially bypassing a major hurdle in building practical quantum computers. Researchers are actively developing various photonic approaches, including integrated photonic circuits and free-space systems, to enhance qubit control and scalability, paving the way for a future where quantum computation is more accessible and energy-efficient.

Recent experimental results provide compelling evidence for the potential of current quantum hardware to execute complex algorithms, specifically Shor’s algorithm-a process with implications for modern cryptography. Researchers have observed statistically significant quantum signals, with p-values less than $3.50 \times 10^{-27}$ for a system of 15 qubits and even lower, less than $2.45 \times 10^{-37}$ for 21 qubits. These findings strongly suggest that the core principles of Shor’s algorithm are demonstrable on existing, albeit limited, quantum processors. While a fully functional, large-scale quantum computer remains a future goal, these experiments represent a crucial step, confirming the theoretical viability of quantum computation and motivating further development towards building more powerful and scalable systems capable of tackling currently intractable computational problems.

The evaluation of Shor’s algorithm on NISQ devices reveals a landscape less of immediate cryptographic breakage and more of evolving potential. The study meticulously charts the resource requirements-qubit counts, gate fidelities, and coherence times-needed to mount a practical attack. It’s a grim accounting, yet one that underscores a fundamental truth: these systems aren’t built, they become. As the paper demonstrates, current limitations aren’t definitive walls, but merely temporary constraints on an ecosystem in constant, unpredictable growth. It recalls a sentiment expressed by Albert Einstein: “The definition of insanity is doing the same thing over and over and expecting different results.” Each attempt to execute Shor’s algorithm, even falling short of a practical attack, refines understanding and illuminates the path-however distant-toward a future where the cryptographic foundations of today are genuinely threatened. The prophecy of failure isn’t a reason to stop building; it’s the very reason to continue observing how the system adapts.

The Looming Silhouette

The exercise of mapping Shor’s algorithm onto present hardware doesn’t reveal a path, but a series of escalating anxieties. Each qubit added is not a step toward factorization, but an invitation for decoherence to demonstrate its dominion. The report accurately charts the widening gap between algorithmic ambition and physical reality, yet treats this as a technical hurdle. It is, rather, a symptom of a deeper misapprehension: the belief that control is achievable. Every gate applied is a temporary reprieve from the inevitable slide toward thermal equilibrium.

The focus on error correction, while logically sound, delays the reckoning. It attempts to build a fortress against entropy, failing to recognize that the fortress is entropy, expressed in layers of complexity. Future work will undoubtedly refine these techniques, chasing ever-smaller error rates, but this is akin to rearranging deck chairs on a sinking vessel. The true challenge lies not in mitigating errors, but in accepting their fundamental nature.

The persistent assessment of quantum capabilities isn’t a scientific endeavor, but a ritual. A measuring of shadows, attempting to divine the moment when the silhouette of a threat solidifies. It is not a question of if current cryptographic schemes will fall, but when, and whether the replacement architectures will prove equally vulnerable to unforeseen forms of decay. The algorithm isn’t the weapon; the weapon is time itself.

Original article: https://arxiv.org/pdf/2512.15330.pdf

Contact the author: https://www.linkedin.com/in/avetisyan/