What problem does this paper attempt to address?

The problem that this paper attempts to solve is to implement Shor's quantum algorithm to calculate the discrete logarithm on elliptic curves. Specifically, the author shows in detail how to implement Shor's efficient quantum algorithm for elliptic curve groups in specific cases. The following is the specific description of this problem: ### 1. Research Background On classical computers, calculating the discrete logarithm problem (DLP) is very difficult for certain groups (such as elliptic curve groups), especially for elliptic curve groups defined over finite fields. The complexity of these problems makes them the basis of modern public - key cryptography, such as elliptic curve cryptography (ECC). However, quantum computers can solve these problems in polynomial time through Shor's algorithm, thus threatening the security based on these difficult problems. ### 2. Specific Problems The paper mainly focuses on the following points: - **Implementing Shor's Quantum Algorithm for Discrete Logarithm**: Especially for the case of elliptic curve groups. - **Optimizing the Use of Quantum Resources**: Compared with the integer factorization problem, the elliptic curve discrete logarithm problem can solve larger - scale problems on smaller quantum computers. For example, cracking a 160 - bit elliptic curve key requires approximately 1,000 qubits, while factoring an equivalent - security 1,024 - bit RSA modulus requires approximately 2,000 qubits. - **Technical Difficulties**: The main technical challenge is how to implement the extended Euclidean algorithm on a quantum computer to calculate the multiplicative inverse modulo \( p \). Since the running time of the Euclidean algorithm depends on the input, the "quantum halting problem" is encountered. ### 3. Paper Contributions - **Detailed Implementation**: The paper provides detailed steps and methods for implementing Shor's algorithm for discrete logarithm on elliptic curves on a quantum computer. - **Optimization Scheme**: By reducing the number of required qubits and running time, an optimized implementation scheme is proposed. - **Technical Details**: Solves the key technical problems in the quantum implementation of the extended Euclidean algorithm, ensuring the reversibility and efficiency of the algorithm. ### 4. Main Formulas - Elliptic Curve Equation: \[ E: y^2 = x^3 + ax + b \] where \( a, b\in K \) and satisfy \( 4a^3 + 27b^2\neq 0 \). - Group Operation Formulas: - If \( P=(x_1, y_1) \), \( R=(x_2, y_2) \), then \[ P + R = \begin{cases} O & \text{if } (x_2, y_2)=(x_1, -y_1) \\ (x_3, y_3) & \text{otherwise} \end{cases} \] - where \( x_3=\lambda^2-(x_1 + x_2) \), \( y_3=\lambda(x_1 - x_3)-y_1 \) - The slope \( \lambda \) is defined as: \[ \lambda = \begin{cases} \frac{y_2 - y_1}{x_2 - x_1} & \text{if } P\neq R \\ \frac{3x_1^2 + a}{2y_1} & \text{if } P = R \end{cases} \] Through these contents, the paper shows how to use the advantages of quantum computing to solve the discrete logarithm problem, which was traditionally considered difficult to solve, especially for its application on elliptic curve groups.