Modifying Shor's algorithm to compute short discrete logarithms

We revisit Shor’s algorithm for computing discrete logarithms in Fp on a quantum computer and modify it to compute logarithms d in groups 〈g〉 of prime order q in the special case where d≪ q. As a stepping stone to performing this modification, we first introduce a modified algorithm for computing logarithms on the general interval 0 < d < q for comparison. We demonstrate conservative lower bounds on the success probability of our algorithms in both the general and the special case. In both cases, our algorithms initially set the index registers to a uniform superposition of all states, compared to p− 1 states in Shor’s original algorithm. In the special case where d≪ q, our algorithm uses 3 dlog2 de qubits for the two index registers and computes two QFTs of size 2dlog2 de and 2 dlog2 de, compared to 2 blog2 qc qubits for the index registers and two QFTs both of size 2blog2 qc in the general case. A quantum circuit for computing [a − bd] g is furthermore required, where 0 ≤ a < 2 dlog2 de and 0 ≤ b < 2dlog2 de in the special case, compared to 0 ≤ a, b < 2blog2 qc in the general case. This implies that the complexity of computing discrete logarithms on a quantum computer can be made to depend not only on the choice of group, and on its order q, but also on the logarithm d. In the special case where d≪ q, our algorithm does not require q to be prime. It may hence be generalized to finite abelian groups.