The security of messages encoded via the widely used RSA public key encryption system rests on the enormous computational effort required to find the prime factors of a large number *N* using classical (conventional) computers. In 1994 Peter Shor showed that for sufficiently large *N*, a quantum computer could perform the factoring with much less computational effort. This paper endeavors to explain, in a fashion comprehensible to the nonexpert, the RSA encryption protocol; the various quantum computer manipulations constituting the Shor algorithm; how the Shor algorithm performs the factoring; and the precise sense in which a quantum computer employing Shor’s algorithm can be said to accomplish the factoring of very large numbers with less computational effort than a classical computer. It is made apparent that factoring *N* generally requires many successive runs of the algorithm. Our analysis reveals that the probability of achieving a successful factorization on a single run is about twice as large as commonly quoted in the literature.

## REFERENCES

*Proceedings of the 35th Annual Symposium on the Foundations of Computer Science*, edited by S. Goldwasser (IEEE Computer Society, Los Alamitos, CA, 1994), pp. 124–134.

*Quantum Computation and Quantum Information*(Cambridge U.P., Cambridge, 2000), pp. 232–247.

*Explorations in Quantum Computing*(Springer, New York, 1998), pp. 130–145.

*A Shortcut Through Time*(Knopf, New York, 2003), pp. 66–82.

*The Quest for the Quantum Computer*(Simon and Schuster, New York, 2000), pp. 170–188.

*Handbook of Applied Cryptography*(CRC, Boca Raton, FL, 1996), Chap. 8.

*The Codebreakers: The Story of Secret Writing*(Scribner, New York, 1996). For the definitions adopted here, see pp. xv–xviii and 989.

*The Code Book*(Doubleday, New York, 1999), especially Chaps. 6 and 7.

*Complete Stories and Poems of Edgar Allan Poe*(Doubleday, New York, 1966), pp. 70 and 819.

*The Complete Sherlock Holmes*(Doubleday, New York, 1966), p. 593.

*Alan Turing: The Enigma*(Simon and Schuster, New York, 1983), Chap. 4.

*Elementary Number Theory and its Applications*(Addison-Wesley, Reading, MA, 1993), pp. 119–125.

*Prime Numbers. A Computational Perspective*(Springer, New York, 2001), pp. 225–232.

*A Course in Number Theory and Cryptography*(Springer, New York, 1987), pp. 3–4.

*The New Book of Prime Number Records*(Springer, New York, 1995), p. 156, writes: “It is fairly easy, in practice, to produce large primes. It is, however, very difficult to produce a theoretical justification for the success of the method.”

*p*and

*q*which will be multiplied to construct

*N*can be accomplished in computing times at most polynomial in $L=log2\u200aN,$ whereas factoring

*N*to find its prime factors

*p*and

*q*requires computing times subexponential in

*L*(as we have discussed, assuming only classical computers are available).

*Introduction to Quantum Mechanics*(Prentice Hall, Englewood Cliffs, NJ, 1994), pp. 154–159.

*An Introduction to the Theory of Numbers*(Clarendon, Oxford, 1965), Sec. 10.15, for a proof of the theorem.

*The Art of Computer Programming*(Addison-Wesley, Reading, MA, 1981), 3rd ed., Vol. 2, pp. 290 and 300 (see Problem 8).

*Modern Elementary Theory of Numbers*(University of Chicago, Chicago, 1939), p. 12, quotes the date of Fermat’s Little Theorem.

*American Journal of Physics*and

*The Physics Teacher*as a member benefit. To learn more about this member benefit and becoming an AAPT member, visit the Joining AAPT page.