Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Space-Optimized and Experimental Implementations of Regev's Quantum Factoring Algorithm

Wentao Yang, Bao Yan, Muxi Zheng, Quanfeng Lu, Shijie Wei, Gui-Lu Long

TL;DR

RSA security rests on factorization hardness, with Shor's quantum factoring algorithm offering a polynomial-time route but demanding substantial quantum resources. This work introduces space-optimized Regev-style factoring (SORA) by intermediate uncomputation to reuse qubits, achieving space lower than Regev's original design—down to $O(n^{5/4})$ with a simple strategy and $O(n \log n)$ with refined strategies—while preserving a competitive time footprint. Through simulations and a proof-of-principle hardware demonstration on a superconducting device for $N=35$, the authors validate lattice-based post-processing via LLL and show practical qubit reductions and resilience to noise. The study provides concrete resource-scaling guidance, outlining clear paths to larger instances and suggesting that Regev-style factoring can be extended to other quantum algorithms on near-term hardware.

Abstract

The integer factorization problem (IFP) underpins the security of RSA, yet becomes efficiently solvable on a quantum computer through Shor's algorithm. Regev's recent high-dimensional variant reduces the circuit size through lattice-based post-processing, but introduces substantial space overhead and lacks practical implementations. Here, we propose a qubit reuse method by intermediate-uncomputation that significantly reduces the space complexity of Regev's algorithm, inspired by reversible computing. Our basic strategy lowers the cost from \( O(n^{3/2}) \) to \( O(n^{5/4}) \), and refined strategies achieve \( O(n \log n) \)which is a space lower bound within this model. Simulations demonstrate the resulting time-space trade-offs and resource scaling. Moreover, we construct and compile quantum circuits that factor \( N = 35 \), verifying the effectiveness of our method through noisy simulations. A more simplified experimental circuit for Regev's algorithm is executed on a superconducting quantum computer, with lattice-based post-processing successfully retrieving the factors. These results advance the practical feasibility of Regev-style quantum factoring and provide guidance for future theoretical and experimental developments.

Space-Optimized and Experimental Implementations of Regev's Quantum Factoring Algorithm

TL;DR

RSA security rests on factorization hardness, with Shor's quantum factoring algorithm offering a polynomial-time route but demanding substantial quantum resources. This work introduces space-optimized Regev-style factoring (SORA) by intermediate uncomputation to reuse qubits, achieving space lower than Regev's original design—down to with a simple strategy and with refined strategies—while preserving a competitive time footprint. Through simulations and a proof-of-principle hardware demonstration on a superconducting device for , the authors validate lattice-based post-processing via LLL and show practical qubit reductions and resilience to noise. The study provides concrete resource-scaling guidance, outlining clear paths to larger instances and suggesting that Regev-style factoring can be extended to other quantum algorithms on near-term hardware.

Abstract

The integer factorization problem (IFP) underpins the security of RSA, yet becomes efficiently solvable on a quantum computer through Shor's algorithm. Regev's recent high-dimensional variant reduces the circuit size through lattice-based post-processing, but introduces substantial space overhead and lacks practical implementations. Here, we propose a qubit reuse method by intermediate-uncomputation that significantly reduces the space complexity of Regev's algorithm, inspired by reversible computing. Our basic strategy lowers the cost from \( O(n^{3/2}) \) to \( O(n^{5/4}) \), and refined strategies achieve \( O(n \log n) \)which is a space lower bound within this model. Simulations demonstrate the resulting time-space trade-offs and resource scaling. Moreover, we construct and compile quantum circuits that factor , verifying the effectiveness of our method through noisy simulations. A more simplified experimental circuit for Regev's algorithm is executed on a superconducting quantum computer, with lattice-based post-processing successfully retrieving the factors. These results advance the practical feasibility of Regev-style quantum factoring and provide guidance for future theoretical and experimental developments.

Paper Structure

This paper contains 23 sections, 15 theorems, 36 equations, 22 figures, 5 tables.

Table of Contents

  1. Introduction
  2. Framework of a space-optimized quantum factoring algorithm
  3. Review of Regev's algorithm
  4. Space-optimized Regev's algorithm
  5. A method for qubit reuse: intermediate uncomputation
  6. Computational complexity
  7. Resource usage and scaling of our theoretical method
  8. Time-space trade-offs
  9. Explicit examples for the intermediate uncomputation method
  10. Performance of space-optimized Regev's algorithm
  11. Construction of quantum circuit blocks for factoring $N = 35$
  12. Simulation and experimental results
  13. The simulation result for intermediate-uncomputation method
  14. The simulation and experimental result for the Regev's precompute demonstration
  15. Post-processing
  16. ...and 8 more sections

Key Result

Corollary II.1

The number of registers required to compute $m$ squarings can be reduced to $O(\sqrt{m})$, while the time complexity remains $O(m)$, increasing by at most a constant factor not exceeding 2 compared to direct computation.

Figures (22)

  • Figure 1: Quantum circuit for the Regev's algorithm.
  • Figure 2: Scaling of the space and time costs of the squaring subroutine in our optimized Regev's algorithm. (a) Number of computational registers $S(m)$ as a function of the number of squarings $m = \log D - 1$ for the direct strategy (original Regev construction), the simple intermediate-uncomputation strategy, and $k$-ary recursive strategies with $k \in \{2,4,6\}$. (b) Corresponding time cost $T(m)$ measured in large-integer squarings or multiplications. Here $m$ denotes the number of squarings in Regev's algorithm, with $m = \log D - 1 = C\sqrt{n} - 1$. In both panels, solid dots and solid lines represent the exact analytical results given by Eqs. (7)--(10); dashed lines are analytic fits for the $k$-ary cases.
  • Figure 3: Comparison of our optimized Regev’s algorithm with the original Regev’s algorithm and Shor’s algorithm. (a) Time--space trade-off at a fixed number of squarings $m=255$, showing the Direct strategy (Regev's original method), the simple strategy, and $k$-recursive strategies.(b) Scaling of the time cost (large-integer multiplications) with problem size, comparing Regev’s original algorithm, Shor’s algorithm Haner17, and our space-optimized Regev’s algorithm (denoted as “SO Regev’s” in the legend). Here TE stands for the time-efficient simple strategy, and RF,$k$ stands for refined $k$-recursive strategy. The Shor curve is based on the modular exponentiation using approximately $2n$ modular multiplications for an $n$-bit modulus. For Regev-type algorithms we choose a constant $C=2.2$ as a representative choice following Ekera's analysis Ekera25. In practice, a lower value is often used.
  • Figure 4: Circuit for the modular exponentiation part of our simple intermediate-uncomputation method for $d=2$, $\log D = 4$ and $m=3$ with 3 computational registers.
  • Figure 5: Circuit for the modular exponentiation part of direct strategy for $d=2$, $\log D = 4$ and $m=3$ with 4 computational registers.
  • ...and 17 more figures

Theorems & Definitions (22)

  • Definition II.1: Direct Computation
  • Corollary II.1: Simple Strategy (Space-Reduced, Time-Efficient)
  • Theorem II.1: Space Lower Bound
  • Corollary II.2: Binary Recursion (Achieving the Space Lower Bound)
  • Corollary II.3: k-ary Recursion (Log-Space, Near-Linear Time)
  • Corollary II.4: Variable-Arity Recursion (Linear Time, Sublinear Space)
  • Theorem III.1: Simple Strategy
  • proof
  • Corollary III.1: Simple Strategy (Space-Reduced, Linear-Time)
  • Lemma III.2
  • ...and 12 more