Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Asymptotic Vanishing of the Success Probability in Shor's Algorithm

João P. da Cruz

TL;DR

This work analyzes Shor's quantum factoring algorithm through a measure-theoretic lens, showing that although the local success probability is bounded below by $1/2$ for each fixed modulus $N$, no global asymptotic measure exists as $N\to\infty$ because the uniform measures $\mu_N$ on $\Omega_N=(\mathbb{Z}/N\mathbb{Z})^\times$ are non-tight. The authors prove an asymptotic vanishing of the joint success weight, $p(\mathrm{good},a')=p(\mathrm{good}|a',N)p(a'|N)$, decaying like $1/\varphi(N)$, and corroborate this with Monte Carlo simulations for semiprimes up to $N\le 10^6$ showing the expected $N^{-2}$ scaling since $\varphi(N)\sim 3N^2/\pi^2$. The result implies that the notion of an "expected polynomial time" for order finding is inherently local and cannot extend to the asymptotic regime, revealing a structural limit to the scalability of quantum factoring beyond small instances. Consequently, large-scale implementations of Shor's algorithm are not merely hardware-limited but fundamentally constrained by the non-existence of a global ergodic measure on the arithmetic domain, explaining the lack of cryptanalytic progress at cryptographically relevant sizes.

Abstract

Shor's factoring algorithm guarantees a success probability of at least one half for any fixed modulus N = pq with distinct primes p and q. We show that this guarantee does not extend to the asymptotic regime. As N -> infinity, the multiplicative groups Omega_N = (Z/NZ)^x form a non-tight family of probability spaces, and the probability weight associated with successful bases, proportional to p(success | a', N) p(a' | N), decays as 1/phi(N). The ensemble of uniform measures {mu_N} therefore admits no weak limit, implying an asymptotic loss of ergodicity. Monte Carlo simulations up to N <= 10^6 confirm this decay and the absence of a stationary success probability. These results demonstrate that the "expected polynomial time" in order finding is only locally defined: no global expectation exists once the arithmetic domain expands. The asymptotic vanishing of success probability explains the empirical absence of large-N implementations of Shor's algorithm and sets a fundamental limit on the scalability of quantum factoring.

Asymptotic Vanishing of the Success Probability in Shor's Algorithm

TL;DR

This work analyzes Shor's quantum factoring algorithm through a measure-theoretic lens, showing that although the local success probability is bounded below by for each fixed modulus , no global asymptotic measure exists as because the uniform measures on are non-tight. The authors prove an asymptotic vanishing of the joint success weight, , decaying like , and corroborate this with Monte Carlo simulations for semiprimes up to showing the expected scaling since . The result implies that the notion of an "expected polynomial time" for order finding is inherently local and cannot extend to the asymptotic regime, revealing a structural limit to the scalability of quantum factoring beyond small instances. Consequently, large-scale implementations of Shor's algorithm are not merely hardware-limited but fundamentally constrained by the non-existence of a global ergodic measure on the arithmetic domain, explaining the lack of cryptanalytic progress at cryptographically relevant sizes.

Abstract

Shor's factoring algorithm guarantees a success probability of at least one half for any fixed modulus N = pq with distinct primes p and q. We show that this guarantee does not extend to the asymptotic regime. As N -> infinity, the multiplicative groups Omega_N = (Z/NZ)^x form a non-tight family of probability spaces, and the probability weight associated with successful bases, proportional to p(success | a', N) p(a' | N), decays as 1/phi(N). The ensemble of uniform measures {mu_N} therefore admits no weak limit, implying an asymptotic loss of ergodicity. Monte Carlo simulations up to N <= 10^6 confirm this decay and the absence of a stationary success probability. These results demonstrate that the "expected polynomial time" in order finding is only locally defined: no global expectation exists once the arithmetic domain expands. The asymptotic vanishing of success probability explains the empirical absence of large-N implementations of Shor's algorithm and sets a fundamental limit on the scalability of quantum factoring.

Paper Structure

This paper contains 6 sections, 1 theorem, 14 equations, 1 figure.

Table of Contents

  1. Introduction
  2. Model and Definitions
  3. Results
  4. Discussion
  5. Conclusions
  6. Acknowledgments

Key Result

Lemma 1

The uniform measures $\mu_N(A)=\#A/\varphi(N)$ on $(\mathbb{Z}/N\mathbb{Z})^\times$ have no compatible extension to a probability measure on $\Omega=\bigsqcup_N(\mathbb{Z}/N\mathbb{Z})^\times$. In particular, so that the global arithmetic density of successful bases vanishes asymptotically.

Figures (1)

  • Figure 1: (a) Log--log plot of the joint success probability $p(\mathrm{good},a')=p(\mathrm{good}|a',N)p(a'|N) =\tfrac{1}{2}\varphi(N)^{-1}$ for semiprimes $N=pq\le10^6$. The straight dashed line with slope $-2$ confirms the scaling $p(\mathrm{good},a')\propto N^{-2}$ implied by $\varphi(N)\!\sim\!3N^2/\pi^2$. (b) Upper and lower bounds $\tfrac{1}{2}\varphi(N)^{-1}\!\le\! p(\mathrm{good},a')\!\le\!\varphi(N)^{-1}$, shown as parallel lines with identical slope $-2$. The shaded region between them represents the asymptotic range of $p(\mathrm{good},a')$, illustrating that both limits vanish as $N^{-2}$ while the conditional probability $p(\mathrm{good}|a',N)\!\ge\!\tfrac{1}{2}$ remains finite.

Theorems & Definitions (1)

  • Lemma 1