I would appreciate feedback on how to post to an existing thread instead of starting a new one. As a result of David Honig's reply, I can already see one big problem with my 5/6 proposal. Unless someone tells me differently, I still think it soundly defeats the Beckman Chari Devabhaktuni Prescott (preprint 9602016) implementation of Shor's algorithm, available at http://xxx.lanl.gov However, I said that the 5/6 proposal prevents a cryptanalyst from loading the number onto the quantumputer, and that is flat out incorrect. I'm pretty sure that was Dave's point, but if it wasn't, I myself am saying there is a problem. If you want to work with keys the way BCDP does, you need 5K+1 qubits (e.g., 5121 qubits) to work with a K bit (e.g., 1024 bits) key. The quantumputer's enormous storage capacity is then used to work with all the possible solutions. But if all you want to do is to load the number, you only need 10 qubits plus a scratch pad. (E.g., do a WH transformation, followed by phase shifts on the individual state vectors.) So even though the 5/6 method could withstand attack by BCDP, it probably would not withstand attack by an (obviously) classified algorithm. This is true since the classified technique would almost certainly use quantum storage more efficiently than any of the public domain stuff. Is that the point you were trying to raise, Dave? --Terry Cooper
