- Choose a random integer
acoprime toN - Use a quantum circuit to estimate the period
roff(x) = aˣ mod N - Use
rto computegcd(a^(r/2) ± 1, N), which gives the prime factors
The algorithm is probabilistic. The period-finding step may yield a trivial result (r is odd, or the GCD gives 1 or N). The outer loop retries with a new run until a valid factorization is found.
Factoring N = 15 with a = 7
Choose N and a
Set
N = 15 and a = 7. The value a must be coprime to N (i.e., gcd(a, N) = 1). Since gcd(7, 15) = 1, this is valid.Prepare quantum registers
Allocate the two quantum registers. The first register (
q0, q1, q2) holds the phase estimate — three qubits for three bits of precision. The second register (q3–q6) holds the modular exponentiation result and is initialized to |1⟩ by setting q6 to |1⟩.Apply superposition to the first register
Hadamard on all three qubits of the first register creates a uniform superposition over
|0⟩ through |7⟩.Apply Controlled-U operations (modular exponentiation)
This is the quantum oracle for After this step the two registers are entangled: the second register holds
f(x) = 7ˣ mod 15. Each qubit in the first register controls a different power of a. The circuit implements Controlled-U^(2^0) through Controlled-U^(2^2) using CNOT and Toffoli gates.a^x mod N conditioned on the value x in the first register.Apply inverse QFT
The inverse Quantum Fourier Transform converts the periodic structure in the first register into a phase estimate. A bit-reversal swap precedes
InvQFT to match the expected qubit ordering.Measure the first register to obtain a phase estimate
Measuring For example, measuring
q0, q1, q2 yields a binary fraction 0.m that approximates s/r for some integer s. The function number.Ldexp converts the integer value of the measurement into a floating-point fraction.010 gives integer 2, so phi = 2 / 2³ = 0.25, which represents the fraction 1/4.Recover the period r using continued fractions
number.FindOrder applies the continued fraction algorithm to phi to find the best rational approximation s/r such that a^r ≡ 1 (mod N).s— numerator of the best rational approximationr— denominator (the period)d— the actual decimal value ofs/rok— whether a valid period was found
r is odd the algorithm cannot proceed; the loop retries.Compute GCD to find the prime factors
With period
r in hand, compute gcd(a^(r/2) - 1, N) and gcd(a^(r/2) + 1, N). These give the two prime factors of N, unless the result is trivial (1 or N).number.IsTrivial(N, p0, p1) returns true when either factor is 1 or N, meaning no useful factorization was found.Example output
The algorithm is run up to 10 times in a loop. A successful run produces:i=2, factoring N=15 with a=7 succeeded. The factors are p=3 and q=5. The measurement was 010 (binary), representing the fraction 0.010₂ = 0.250, which is the rational approximation s/r = 1/4. The period r = 4 satisfies 7⁴ mod 15 = 1.
Helper functions
| Function | Description |
|---|---|
number.FindOrder(a, N, phi) | Applies continued fractions to phi and verifies a^r mod N = 1. Returns s, r, d, ok. |
number.GCD(x, N) | Greatest common divisor. Used to extract prime factors from a^(r/2) ± 1. |
number.IsTrivial(N, p0, p1) | Returns true if either p0 or p1 is 1 or N — indicating a trivial and unusable factorization. |
number.IsOdd(r) | Returns true if the period is odd. An odd period cannot be used in the GCD step. |
number.Ldexp(m, exp) | Computes m * 2^exp. Used to convert a measurement integer to a floating-point fraction. |