Qu&Co comments on this publication:
Ever since the publication of Shor’s algorithm in 1994, efficient integer factorization has been a key application area envisioned for quantum-computers, with important implications for the security of some of the most used cryptosystems. Because Shor’s algorithm requires a large-scale fault-tolerant quantum-processor, RSA-3072 encryption was so-far believed to remain safe until 2030. However, in recent years hybrid (classical-quantum) alternatives have been developed for many important quantum-algorithms. Such hybrid algorithms can be run on current-day noisy and small-scale quantum-processors. In this paper Eric Anschuetz et al. describe such a hybrid alternative for Shor’s algorithm, which they call variational quantum factoring (VQF). If some pre-processing is applied VQF scales with O(n), n being the number of bits of the integer being factored. If VQF can be optimized to scale well up to 3000+ qubits, which is very challenging, but not completely unthinkable, and if we assume the number of physical qubits in quantum-processors doubles every year, quantum-processors could have sufficiently high qubit count to break RSA-3072 as early as 2025. However, as VQF relies on a quantum-optimization algorithm (QAOA) it seems unlikely that the speed-up of VQF could be more than quadratic, which means that the runtime for breaking RSA-3072 could very well be prohibitively long and that doubling the RSA-6144 (double the key-length) would again be just as safe as RSA-3072 is currently.