- Intro
- Classical Pre-Processing
- Quantum Period Finding
- Classical Post-Processing
- Simulation Modes
- Example
- References
A semiprime
f(x) = a^x mod N
is periodic. Its period
a^r == 1 (mod N)
If
a^r - 1 == 0 (mod N)
(a^(r/2) - 1)(a^(r/2) + 1) == 0 (mod N)
This means non-trivial factors of
gcd(a^(r/2) - 1, N)
gcd(a^(r/2) + 1, N)
The quantum part of Shor's algorithm is a period-finding routine. The classical post-processing then turns a useful period into factors.
Before simulating the quantum period-finding step, the code checks for easy classical cases:
-
$N$ is even -
$N$ is a perfect power $\gcd(a, N) > 1$
If any of these checks finds factors, no quantum simulation is needed. Otherwise, the code proceeds with a coprime base
Let:
n = ceil(log2(N))
Q = 2^(2n)
M = 2^n
The simulator uses:
- a first register with
Qstates, corresponding to2nqubits - a second register with
Mstates, corresponding tonqubits
Using Q ~= N^2 gives enough resolution for continued-fraction period recovery.
The first register starts in state
|ψ1⟩ = (1/sqrt(Q)) sum_x |x⟩|0⟩
In mode="matrix", this is represented by an explicit Hadamard matrix on the first register tensor an identity matrix on the second register.
The oracle encodes the periodic function in the second register:
|x⟩|0⟩ -> |x⟩|a^x mod N⟩
The explicit matrix implementation uses a reversible XOR oracle:
|x⟩|y⟩ -> |x⟩|y xor (a^x mod N)⟩
This makes the oracle a permutation matrix and therefore unitary. Starting from
After the oracle, the state has the form:
|ψ2⟩ = (1/sqrt(Q)) sum_x |x⟩|a^x mod N⟩
The inverse quantum Fourier transform is applied to the first register. It concentrates probability near values c satisfying:
c / Q ~= s / r
where:
ris the periodsis an integerQis the first-register dimension
The resulting first-register probabilities are plotted by probability_plot.py.
find_period.py sorts measurement outcomes by probability. For each high-probability measured value c, it forms:
c / Q
and uses continued fractions to recover denominator candidates. Candidate denominators and their multiples are accepted only if they pass validation:
pow(a, r, N) == 1
gcd(a^(r/2) - 1, N) and gcd(a^(r/2) + 1, N) are non-trivial factors
This replaces the earlier peak-spacing heuristic. It also correctly rejects cases where a period exists but cannot factor
Once a useful period r is found, the code computes:
gcd(a^(r/2) - 1, N)
gcd(a^(r/2) + 1, N)
If both are non-trivial and multiply to
The repository supports two period-finding modes:
mode="distribution"computes the ideal first-register probability distribution directly. This is the default and is appropriate for the documented examples.mode="matrix"explicitly builds and applies the simulated Hadamard, oracle, and IQFT matrices. This is useful for tiny cases and for comparing against distribution mode.
For N=15, a=2, both modes produce matching first-register probabilities up to floating-point error.
For
2^0 == 1 (mod 15)
2^1 == 2 (mod 15)
2^2 == 4 (mod 15)
2^3 == 8 (mod 15)
2^4 == 1 (mod 15)
The period is
2^(r/2) = 2^2 = 4
gcd(4 - 1, 15) = gcd(3, 15) = 3
gcd(4 + 1, 15) = gcd(5, 15) = 5
So the factors of
The visualization helpers can show:
- the repeated oracle pattern
a^x mod N - first-register probability peaks after IQFT
- continued-fraction candidates
- why a chosen base succeeds or must be retried
For register-flow diagrams and Qiskit-generated circuit drawings, see CIRCUITS.md.
- Peter W. Shor, "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer" (arXiv)
- Published SIAM version of Shor's paper
- Nielsen and Chuang, "Quantum Computation and Quantum Information"
- IBM Quantum Learning: Shor's algorithm
- IBM Quantum tutorial: Shor's algorithm
- Wikipedia: Shor's algorithm
Sid Richards
- LinkedIn: sid-richards-21374b30b
- GitHub: SidRichardsQuantum
MIT. See LICENSE.