Quantum algorithms

Todo: sprinkle some citations around, and make the math digestible

Introduction
Quantum algorithms are (relatively) simple sets of instructions which manipulate qubits to solve computational problems, such as searching or factorisation.

Even though quantum computers are presented as being the next generation of computing, the problems a quantum computer and a classical one can solve are different. Whereas quantum computers are better at solving problems involving a large amount of calculations, classical ones are still better at memory-intensive tasks such as loading graphics or running games.

Grover's algorithm
Grover's algorithm is a quantum algorithm which finds the unique input to a function that produces a particular output, using around √N evaluations of the function, where N is the number of possible inputs. It was devised by Lov Grover in 1996.

Classically, this cannot be solved in fewer than around N evaluations (because, in the worst case, the N-th member of the domain might be the correct member). Grover's algorithm provides a quadratic speedup of this.

Like many quantum algorithms, Grover's algorithm is probabilistic, since it gives the correct answer with a probability of less than 1. Although there is no upper bound on the number of repetitions that might be needed before the correct answer is obtained, the expected number of repetitions is a constant factor that does not grow with N.

Shor's algorithm
Shor's algorithm, named after mathematician Peter Shor, is a quantum algorithm (an algorithm that runs on a quantum computer) for integer factorization, formulated in 1994. Informally, it solves the following problem: Given an integer N, find its prime factors.

On a quantum computer, to factor an integer N, Shor's algorithm runs in polynomial time (the time taken is polynomial in log(N), which is the size of the input), and is consequently in the complexity class BQP. This is almost exponentially faster than the most efficient known classical factoring algorithm, the general number field sieve, which works in sub-exponential time.

If a quantum computer with a sufficient number of qubits could operate without succumbing to quantum noise and other quantum-decoherence phenomena, then Shor's algorithm could be used to break public-key cryptography schemes, such as the widely-used RSA scheme. RSA is based on the assumption that factoring large integers is computationally intractable. As far as is known, this assumption is valid for classical (non-quantum) computers; no classical algorithm is known that can factor integers in polynomial time. However, Shor's algorithm shows that factoring integers is efficient on an ideal quantum computer, so it may be feasible to defeat RSA by constructing a large quantum computer.

In 2001, Shor's algorithm was demonstrated by a group at IBM, who factored 15 into 3 * 5, using an NMR implementation of a quantum computer with 7 qubits. After IBM's implementation, two independent groups implemented Shor's algorithm using photonic qubits, emphasizing that multi-qubit entanglement was observed when running the Shor's algorithm circuits.

In 2012, the factorization of 15 was performed with solid-state qubits. Also, in 2012, the factorization of 21 was achieved, setting the record for the largest integer factored with Shor's algorithm.