# Post Quantum Cryptography

## Importing the required packages 

**This lab will be done entirely in python**

# I) What is RSA ?

## a) Presentation of RSA (History)

Before the 1970s, all cryptography relied on shared secret keys (symmetric encryption). But this raised a major problem: how could the secret key be exchanged securely if enemies were listening?
In response to it, in 1976, Whitfield Diffie and Martin Hellman published New Directions in Cryptography by introducing the idea of a public key to encrypt and a private key to decrypt so no need to secretly exchange keys in advance.
Building on this, researchers realized that multiplying two large prime numbers was a simple task, whereas factoring their product back into its prime components was extremely difficult.
This property, known as a “one-way function,” provided exactly the mathematical foundation needed for a secure encryption system. In 1977, Rivest, Shamir, and Adleman transformed this insight into a practical algorithm, which became known as RSA, named after their initials.

## b) Implementation of RSA (Algorithm)

## II) Can we crack RSA ?

### II.I) Brute Force

### II.II) The GNFS Algorithm

#### Story of the GNFS

#### The algorithm & Code in python

## III) Foundations of Quantum Physics

### Brief Introduction

### Superposition and no-cloning theorem

### Entanglement

## IV) Discover the Quantum Computers

### What is a quantum computer

### What is a qubit & how to measure a state ?

### Quantum Circuits & Gates

### Advanced Concepts and Further Reading

#### Relaxation (T1) and Decoherence (T2) times in quantum world

#### Further reading

## V) Setting up our first algorithm for quantum computers

### Setting up qiskit

Here is a function to run your circuit on a simulator

We will be running the functions on a quantum computer simulator so you don't have to setup a IBM qiskit account. All the required packages are already installed. If you want to run your code on a real quantum hardware we advice you to follow the steps [here](https://canvas.kth.se/courses/56029/pages/tutorial-ibm-quantum-platform-upgraded-login-api-key-and-your-first-run-bell-pair?module_item_id=1256103).

In [1]:
def run_simulation(qc, shots=1024):
    simulator = AerSimulator()
    compiled_circuit = transpile(qc, simulator)
    job = simulator.run(compiled_circuit, shots=shots)
    result = job.result()
    counts = result.get_counts()
    return counts

### First Algorithm (QRNG)

In **quantum computing**, one of the simplest yet most powerful applications is the generation of **random numbers**.  

In **classical computing**, we usually rely on *pseudo-random number generators (PRNGs)*.  
These algorithms create numbers that **look random**, but they are ultimately **deterministic** if the algorithm and the initial seed are known.

---

#### How the Algorithm Works

Think of a **qubit** like a magic coin:

1. **Start:**  
   It’s set to heads ($|0⟩$) by default.

2. **Hadamard gate (H):**  
   This is like spinning the coin perfectly.  
   While it’s spinning, it’s in a **superposition**, not just heads or tails, but both at once.

3. **Measure:**  
   You “catch” the coin. The spin stops, and it becomes either heads or tails.  
   In quantum terms, the qubit **collapses** to $0$ or $1$, each with a 50% chance.

If you **spin and measure** the qubit many times, you get a list of 0s and 1s that’s **truly random**. In our case we are going to use 3 qubits to directly form a number of 3 bits.

That’s a **Quantum Random Number Generator (QRNG)**. 

Now we have to try to implement it.


First we have to create a circuit

In [2]:
n = 3
qc = QuantumCircuit(n) #We use the QuantumCircuit primitive and specify the number of qubits
# The initial state of the cicuit is every qubit in state 0

NameError: name 'QuantumCircuit' is not defined

Then we have to add the gates we are going to use on the qubits

In [3]:
for i in range(n):
    qc.h(i) #We apply the hadamard gate on every qubit as seen in the algorithm before
    # This will put every qubit in superposition (like spinning a coin)

NameError: name 'qc' is not defined

Then we have to measure the state of the qubits 

In [4]:
qc.measure_all(n) #We use this function because we want to measure all the qubits. This will collapse the state of one qubit to be 0 or 1 
# and store the result in a so called measuring bit

NameError: name 'qc' is not defined

We can visualise the circuit

In [5]:
qc.draw('mpl')

NameError: name 'qc' is not defined

Then we have to run the simulation. We have to run the simulation many times to have good results. In fact, each run of a quantum circuit gives only **one random outcome** (e.g., `0` or `1`). Because quantum results are **probabilistic**, we must repeat the circuit many times (called *shots*) to estimate the **true probabilities** of each outcome (More runs = more accurate results). In our case we will run the simulation 1024 times.

In [None]:
results = run_simulation(qc, shots=1024)
print(results)

The result is a dictionnary with key an output of a simulation and value how many time this value appeared during all the 1024 simulations. But this isn't a good way to visualise it. It would be more representative with a plot. Fortunately qiskit has a way to do it with 'plot_histogram'.

In [6]:
plot_histogram(results)

NameError: name 'plot_histogram' is not defined

We can see that the outcome is truly random making each 3 bits numbers equally likely. We really have implemented a quantum random generator.

## VI) Crack RSA with Quantum Computers

### Shor Algorithm


### Step-by-Step Tutorial: Implementing Shor's Algorithm in Qiskit

## VII) Is security of our data compromised ?

### Quantum Computers are yet not powerful enough

In [None]:
Although Shor’s algorithm provides a polynomial-time method for integer factorization, its practical application is severely limited by the current state of quantum hardware. Experimental demonstrations have so far only managed to factor very small numbers, with the most reliable implementations handling integers such as **15** and **21**.  

**Guess what?** *YOU have implemented a circuit that factors 15!* So you officially belong to the elite ranks of quantum computing pioneers :).

These results validate the algorithm but highlight the vast gap between theoretical capability and cryptographically relevant problem sizes.

Estimates for breaking a **2048-bit RSA modulus** remain far beyond present technology. Factoring such a number is projected to require approximately **20 million physical qubits** when error correction overhead is considered. Even with algorithmic optimizations, the requirement is unlikely to fall below **one million physical qubits**. By contrast, the most advanced hardware currently available contains just over **1,000 qubits** (such as IBM’s *Condor* processor with **1,121 qubits**), underscoring the enormous gap between experimental capability and the resources required to compromise RSA in practice.  

The circuit depth of Shor’s algorithm scales quadratically with the key size, and at this scale, execution would demand **trillions of sequential quantum gate operations**—orders of magnitude beyond the **coherence times of existing devices** (IBM's best hardware has a coherence time of **400 microseconds**). In addition, the total energy expenditure for such a computation has been estimated in the **tens of megawatt-hours**, comparable to the continuous operation of a small industrial facility.

In summary, while RSA is theoretically vulnerable to quantum factorization, the hardware required to execute such an attack does not yet exist. Present-day quantum computers remain **millions of qubits** and several technological breakthroughs away from posing a realistic threat to widely used cryptographic key sizes.

### Classical methods such as Elliptic Curve Cryptography cannot be crack by quantum computers (yet)

### Quantum Cryptography based on superposition and entanglement (Bell's Pairs)

#### You are done with this lab ! Hope you liked it that and you have learned a bit more about cryptography today and the quantum world!