## Grover's algorithm and RSA from Nielsen

0

Nilsen states that one can define a function for the oracle in the Grover algorithm, which is constructed as follows. So there is a number $$m$$ that consists of $$p$$ and $$q$$ (both primes) $$m = pq$$. Now define a function that says $$f (x) \equiv 1$$ if $$x$$ divides $$m$$, 0 otherwise.

Then the function $$f(x)$$ for $$x \in \{1,7,11,77\}$$ would be 1. That means in the algorithm then the amplitudes of these states would be negated and increased by the diffusion operator. If I measure the register then say I could measure states $$1, 7, 11, 77$$. But 1 and 77 do not bring me much as prime factors?

So that I actually measure 7 and 11 as correct prime factors, would it be enough to simply rerun the algorithm?

Step back - what are you asking? Why do you think that $77 \bmod 7 = 1$? Why do you think that $77\bmod 1=1$? The way you've defined $f(x)$ is perfectly fine, and $f(x)$ would be $1$ for $x\in{1,7,11,77}$. – Mark S – 2019-05-01T02:50:03.427

That's what I was about. 1,7,11 and 77 are correct. Only one would like to measure the prime factors 7 and 11 as best as possible. But the algorithm would then probably make the phase shift for 1,7,11 and 77, so I measure one of these states at the end, with 1 and 77 not giving me much as prime factors. Is it enough to simply repeat the algorithm? – None – 2019-05-01T08:26:19.550

Edit: Oh, that was also a mistake of mine, of course, 77 mod 1 = 0 as well as 77 mod 7 = 0 (typo). – None – 2019-05-01T08:33:26.053

If you implement an oracle for Grover's algorithm that sometimes gives unhelpful answers, you can, as you suggest, rerun and remeasure. In your example, there are only two incorrect answers $$x=0$$ and $$x=m$$. With the way you defined $$f(x)$$, these would indeed be negated and diffused. Because there are only two bad answers, the impact may be small.
However the oracle in Grover's Algorithm can be anything that you can define. So you can explicitly define $$f(x)$$ to be $$1$$ iff $$x$$ divides $$m$$ and $$x\not\in \{0,m\}$$. This has the effect of making $$f$$ a little more complicated of course, increasing the gate count, but depending on the situation it may be more efficient than having to rerun/remeasure.