20 minute read

Quantum Computing Logo

Quantum Computing

Introduction

Quantum computing represents a fundamentally different model of computation — one that manipulates information using the principles of quantum mechanics rather than classical Boolean logic. For software engineers and security practitioners, this is not an abstract physics curiosity: quantum algorithms pose a direct, quantifiable threat to the cryptographic systems that underpin TLS, SSH, digital signatures, and virtually every secure protocol in production today.

This post provides a practical, conceptual walkthrough of quantum computing aimed at applied cryptography specialists, cybersecurity professionals, and software engineers. It covers the core mechanics (qubits, gates, circuits), the two algorithms that matter most for security (Grover’s and Shor’s), the current hardware timeline, and concrete guidance on post-quantum migration — including runnable Python examples using IBM’s Qiskit SDK.

Classical vs. Quantum Computation

A classical computer manipulates information encoded as bits — deterministic switches that are either 0 or 1. Every operation, from an AND gate to a full AES-256 encryption round, ultimately reduces to flipping and combining these binary values through Boolean logic circuits.

A quantum computer manipulates qubits. A qubit can exist in a superposition of 0 and 1 simultaneously. This is not merely “both at once” in a vague sense — it means the qubit’s state is described by a pair of complex probability amplitudes whose squared magnitudes sum to

  1. Measurement collapses this superposition into a definite classical outcome, but before measurement, quantum operations can exploit the full continuous state space.

The practical consequence: where a classical computer evaluates n-bit inputs one path at a time, a quantum computer can — for certain problem structures — manipulate all 2n paths coherently and use interference to amplify correct answers while cancelling wrong ones. This is not brute-force parallelism; it is a fundamentally different computational model.

CLASSICAL COMPUTER 0 1 1 0 1 Deterministic: each bit is 0 OR 1 Boolean Logic Gates Sequential One computation path at a time n bits → one of 2ⁿ states QUANTUM COMPUTER α|0⟩ β|1⟩ α|0⟩ β|1⟩ α|0⟩ β|1⟩ α|0⟩ β|1⟩ α|0⟩ β|1⟩ Superposition: each qubit is α|0⟩ + β|1⟩ Unitary Transformations Parallel Coherent manipulation of all paths n qubits → superposition of 2ⁿ states
Fig 1. Classical bits hold a single definite state; qubits hold a superposition of states, enabling coherent parallel processing across exponentially many paths.
Property Classical Quantum
Information unit Bit (0 or 1) Qubit (α|0⟩ + β|1⟩)
State space for n units One of 2n states Superposition of all 2n states
Operations Boolean gates (AND, OR, NOT) Unitary matrices (H, CNOT, T, …)
Reversibility Generally irreversible Always reversible (unitary)
Error model Discrete bit-flips Continuous decoherence & noise
Copying Trivial Forbidden (no-cloning theorem)

Key takeaway for security practitioners: Quantum computers do not accelerate all computations. They offer exponential speedups for a specific class of structured problems (period-finding, unstructured search) — and it is precisely these structures that underpin RSA, ECC, and discrete-log-based cryptography.

Quantum Attributes — Superposition, Entanglement & Interference

Superposition

A qubit can exist in a linear combination of the basis states |0⟩ and |1⟩. Mathematically, its state is |ψ⟩ = α|0⟩ + β|1⟩, where α and β are complex numbers satisfying |α|² + |β|² = 1. This is not probabilistic uncertainty — the qubit genuinely occupies both states until measurement forces a collapse.

For an n-qubit register, the state is a superposition across all 2n computational basis states. A 50-qubit register spans ~1015 amplitudes simultaneously — exceeding the memory of any classical supercomputer.

Entanglement

When two or more qubits are entangled, their joint state cannot be described as a product of individual qubit states. The classic example is the Bell state:

Bell State (EPR pair)+⟩ = (1/√2)(|00⟩ + |11⟩)

If you measure the first qubit and get |0⟩, the second qubit is instantly determined to be |0⟩ as well, regardless of physical distance. This correlation is stronger than any classical statistical correlation — a fact proven rigorously by Bell’s theorem.

For cryptography practitioners: entanglement is the engine behind quantum key distribution (QKD), quantum teleportation, and most quantum error correction codes. It is also what makes quantum states impossible to copy (the no-cloning theorem), which paradoxically is both a security advantage and an engineering challenge.

Quantum Interference

Interference is the mechanism that gives quantum algorithms their power. Probability amplitudes are complex numbers, and just like waves, they can add constructively (reinforcing correct answers) or destructively (cancelling wrong answers). Every quantum algorithm — from Grover’s to Shor’s — is fundamentally an exercise in engineering interference patterns to make the desired output overwhelmingly probable upon measurement.

SUPERPOSITION |ψ⟩ |0⟩ |1⟩ Qubit exists in both states simultaneously ENTANGLEMENT q₀ q₁ |Φ⁺⟩ = (|00⟩+|11⟩)/√2 Correlated: measuring one instantly determines the other INTERFERENCE Constructive (amplify ✓) Destructive (cancel ✗) Amplitudes add/cancel to boost correct answers
Fig 2. The three pillars of quantum computing: superposition creates the exponential state space; entanglement correlates qubits across distance; interference sculpts probability toward correct answers.

Qubits & the Bloch Sphere

A single qubit’s state |ψ⟩ = α|0⟩ + β|1⟩ has four real parameters (two complex numbers), but the normalization constraint |α|² + |β|² = 1 and the irrelevance of global phase reduce this to two real degrees of freedom. These can be parameterized as polar angles θ and φ:

Bloch Sphere Parameterization |ψ⟩ = cos(θ/2)|0⟩ + e sin(θ/2)|1⟩

θ ∈ [0, π] — polar angle from the north pole
φ ∈ [0, 2π) — azimuthal angle in the equatorial plane

This maps every pure qubit state to a unique point on the surface of a unit sphere — the Bloch sphere. Key landmarks:

  • North pole (θ=0): 0⟩
  • South pole (θ=π): 1⟩
  • Equator: Equal superpositions, e.g. +⟩ = ( 0⟩ + 1⟩)/√2 and
      −⟩ = ( 0⟩ − 1⟩)/√2

Every single-qubit quantum gate corresponds to a rotation of the Bloch sphere. For instance, the Hadamard gate (H) rotates the state 180° about the axis halfway between X and Z, mapping |0⟩ → |+⟩.

|0⟩ |1⟩ X Y Z |+⟩ |−⟩ |+i⟩ |−i⟩ |ψ⟩ θ φ |0⟩ = North pole |1⟩ = South pole |±⟩, |±i⟩ = Equator |ψ⟩ = Arbitrary state (θ, φ)
Fig 3. The Bloch sphere — every pure single-qubit state maps to a point on the surface. The polar angle θ controls the |0⟩ vs |1⟩ balance; the azimuthal angle φ encodes relative phase.

Relevance to cryptography: The Bloch sphere illustrates why quantum states cannot be cloned: copying a state would require knowing both θ and φ exactly, but a single measurement on an unknown state yields at most one bit of information and destroys the superposition. This underpins the no-cloning theorem, the security foundation of quantum key distribution (BB84, E91).

Quantum Gates vs. Classical Logic

Classical logic gates (AND, OR, NOT, XOR) are typically irreversible — an AND gate maps two input bits to one output bit, losing information. Quantum gates must be reversible because quantum mechanics is unitary: every gate is represented by a unitary matrix U satisfying U†U = I. This means every quantum gate has a well-defined inverse, and no information is ever lost during computation (only upon measurement).

Fundamental single-qubit gates

Pauli-X (NOT gate)

Flips |0⟩ ↔ |1⟩. Geometrically, a 180° rotation about the X-axis of the Bloch sphere.

Pauli-X Matrix
01
10

Pauli-Z (Phase flip)

Leaves |0⟩ unchanged, maps |1⟩ → −|1⟩. A 180° rotation about the Z-axis.

Pauli-Z Matrix
10
0−1

Hadamard (H)

Creates equal superposition from a basis state. Maps |0⟩ → |+⟩ and |1⟩ → |−⟩. This is the most frequently used gate, appearing at the start of nearly every quantum algorithm.

Hadamard Matrix (1/√2)
11
1−1

T gate (π/8 gate)

Adds a phase of eiπ/4 to the |1⟩ component. Critical for achieving universality (any unitary can be approximated with H, T, and CNOT).

T Gate Matrix
10
0eiπ/4

Multi-qubit gates

CNOT (Controlled-NOT)

The quantum analogue of XOR. It flips the target qubit if and only if the control qubit is |1⟩. This is the primary entangling gate and is essential for creating Bell states, implementing error correction, and building most multi-qubit operations.

CNOT Matrix (control=q₀, target=q₁)
1000
0100
0001
0010

Toffoli (CCNOT)

A three-qubit gate: flips the target only if both controls are |1⟩. It is classically universal (can implement any Boolean function) and is widely used in quantum error correction.

CLASSICAL GATES A B A∧B IRREVERSIBLE 2 bits → 1 bit A B A∨B IRREVERSIBLE 2 bits → 1 bit QUANTUM GATES |ψ⟩ H |ψ'⟩ REVERSIBLE 1 qubit → 1 qubit ctrl tgt REVERSIBLE 2 qubits → 2 qubits Gate Comparison Summary Property Classical Quantum Reversibility Generally no Always (unitary) Universal set {NAND} or {NOR} {H, T, CNOT} Information loss Yes (fan-in > fan-out) No (until measurement)
Fig 4. Classical gates are irreversible (information is destroyed); quantum gates are unitary and always reversible. The universal quantum gate set {H, T, CNOT} can approximate any quantum operation.

Quantum Circuits, Processing & Measurement

A quantum circuit is the standard model for describing quantum algorithms. It consists of:

  1. Qubit wires — horizontal lines representing qubits, initialized to |0⟩
  2. Gates — unitary operations applied at specific time steps (read left to right)
  3. Measurements — projective operations that collapse qubits into classical bits

The circuit below demonstrates creating a Bell state — the canonical entangled two-qubit state — and measuring both qubits:

Bell State Preparation Circuit |0⟩ |0⟩ H barrier c₀ c₁ |00⟩ (|0⟩+|1⟩)|0⟩/√2 (|00⟩+|11⟩)/√2 |00⟩ or |11⟩
Fig 5. A Bell state circuit: Hadamard creates superposition on q₀, CNOT entangles q₀ and q₁, then measurement collapses to either |00⟩ or |11⟩ with equal probability (50/50).

How measurement works

Measurement is irreversible and probabilistic. When a qubit in state α|0⟩ + β|1⟩ is measured in the computational basis:

  • Result 0 with probability α ²
  • Result 1 with probability β ²

After measurement, the qubit’s state collapses to the observed basis state. This is why quantum algorithms must be designed so that the correct answer has a high probability amplitude — you typically can’t just measure once and read out the whole quantum state. Most algorithms run multiple shots (repetitions) and analyze the statistical distribution of outcomes.

Circuit depth and decoherence: Every gate applied takes physical time, during which qubits lose coherence (decohere). Circuit depth — the number of sequential gate layers — is therefore a critical practical constraint. Algorithms must be designed to minimize depth, or error correction must be employed. Current hardware coherence times range from ~100μs (superconducting) to seconds (trapped ions), limiting circuits to hundreds or thousands of gates before errors overwhelm the computation.

Grover’s Algorithm

Grover’s algorithm (1996) provides a quadratic speedup for searching an unstructured database. Classically, finding a marked item among N unsorted entries requires O(N) queries on average. Grover’s algorithm achieves this in O(√N) queries.

Why cryptographers care

For a symmetric key of length n bits, brute-force search requires 2n evaluations classically but only 2n/2 on a quantum computer with Grover’s. This effectively halves the security level of symmetric ciphers: AES-128 drops to 64-bit equivalent security, while AES-256 remains at 128-bit equivalent — still considered secure. This is why NIST recommends doubling key lengths (or simply using AES-256) as the standard post-quantum mitigation for symmetric cryptography.

How it works

Grover’s algorithm operates on a register of n qubits and uses an oracle — a black-box function that recognizes the target item by flipping the phase of the corresponding state. The algorithm repeats two operations approximately √N times:

  1. Oracle call — marks the target state by inverting its amplitude
  2. Diffusion operator — reflects all amplitudes about their mean, amplifying the marked state and suppressing others
Grover's Algorithm — Amplitude Amplification Step 1: Hadamard → Uniform superposition All amplitudes equal: 1/√N Step 2: Oracle → Phase flip target −α Target amplitude negated Step 3: Diffusion → Amplify target mean Target amplitude boosted; others reduced Repeat steps 2–3 approximately √N times After ~√N iterations, the target state has probability ≈ 1 Grover Circuit (n qubits + 1 ancilla) |0⟩⊗ⁿ |1⟩ H⊗ⁿ H × √N iterations Oracle U_f Diffusion 2|s⟩⟨s| − I → target
Fig 6. Grover's algorithm: uniform superposition → repeated oracle + diffusion → measurement yields the target with high probability after ~√N iterations.

Impact on symmetric crypto: Grover’s reduces brute-force key search from O(2n) to O(2n/2). For AES-128, this means effective security drops to 64 bits — potentially breakable. AES-256 drops to 128-bit equivalent security — still considered safe. This is why the post-quantum recommendation for symmetric ciphers is simply: use 256-bit keys.

Shor’s Algorithm

Shor’s algorithm (1994) is the single most consequential quantum algorithm for cryptography. It factors large integers in polynomial time — specifically O((log N)³) — compared to the best known classical algorithm (General Number Field Sieve) which is sub-exponential. This directly breaks:

  • RSA — security relies on the hardness of factoring N = p × q
  • Diffie-Hellman / DSA — security relies on the discrete logarithm problem
  • Elliptic Curve Cryptography (ECC) — relies on the elliptic curve discrete log problem

Core insight: Period-finding

Shor’s algorithm reduces integer factoring to period-finding. For a composite number N, it finds the period r of the function f(x) = ax mod N for a randomly chosen a. Once the period is found, classical number theory extracts the factors using gcd(ar/2 ± 1, N).

The quantum speedup comes from the Quantum Fourier Transform (QFT), which finds the period of a function exponentially faster than any classical approach.

Shor's Algorithm — High-Level Flow 1. CLASSICAL Choose random a < N, check gcd(a, N) = 1 2. QUANTUM Create superposition Compute a^x mod N in quantum register 3. QFT Apply Quantum Fourier Transform → extract period r 4. CLASSICAL Use r to compute gcd(a^(r/2)±1, N) → factors of N Shor's Circuit Structure |0⟩⊗ⁿ input |0⟩⊗ⁿ output H⊗ⁿ Modular Exponentiation U_a: |x⟩|y⟩ → |x⟩|y·a^x mod N⟩ QFT† (inverse QFT) The measurement yields s/r (rational approximation) → use continued fractions to extract r Classical post-processing: compute gcd(a^(r/2) − 1, N) and gcd(a^(r/2) + 1, N)
Fig 7. Shor's algorithm: classical setup → quantum modular exponentiation → QFT extracts the period → classical post-processing yields factors. Total complexity: O((log N)³).

Cryptographic impact: Shor’s algorithm, when run on a sufficiently large fault-tolerant quantum computer, breaks RSA, ECC, and all discrete-log-based schemes. Current estimates suggest factoring a 2048-bit RSA key would require roughly 4,000–20,000 logical qubits (which translates to millions of physical qubits with current error rates). We are not there yet — but this is a matter of engineering progress, not theoretical barriers.

Resource estimates

Target Logical qubits needed Approximate physical qubits (error rate 10⁻³)
RSA-2048 ~4,000–20,000 ~10–20 million
ECC P-256 ~2,300 ~5–10 million
ECC P-384 ~3,500 ~8–15 million

Timeline & Evolution Toward Usable QC

Quantum computing is progressing through well-defined eras. Understanding the current stage is essential for making rational security decisions — neither panicking nor being complacent.

NISQ ERA 50–1,000+ noisy qubits No error correction 2019–NOW Google, IBM, Quantinuum IonQ, Rigetti, ... EARLY FAULT-TOLERANT 100–10,000 logical qubits Partial error correction ~2028–2033 Useful quantum advantage for specific problems CRYPTOGRAPHICALLY RELEVANT Millions of physical qubits Full fault tolerance ~2033–2040+ Shor's breaks RSA/ECC PQC migration MUST be done "Harvest Now, Decrypt Later" — adversaries are already collecting encrypted traffic Data with >10-year sensitivity lifetimes must migrate to PQC NOW, not when QC arrives.
Fig 8. The quantum computing timeline. We are in the NISQ era. Cryptographically relevant quantum computers are estimated for the 2033–2040 window, but "harvest now, decrypt later" attacks make PQC migration urgent today.

Key milestones (as of early 2026)

  • 2019 — Google’s Sycamore demonstrates “quantum supremacy” with 53 qubits on a specific sampling task
  • 2022–2024 — IBM reaches 1,000+ qubit processors (Condor); significant improvements in error rates
  • 2023 — Harvard/QuEra demonstrate 48 logical qubits with error correction via neutral atoms
  • 2024 — NIST finalizes ML-KEM (FIPS 203), ML-DSA (FIPS 204), and SLH-DSA (FIPS 205) post-quantum standards
  • 2025 — Microsoft announces Majorana-based topological qubits; Google’s Willow chip demonstrates below-threshold error correction
  • 2026–2030 — Expected: early fault-tolerant systems with 100+ logical qubits
  • 2030s — Expected: cryptographically relevant quantum computers (CRQC) capable of running Shor’s on RSA-2048

Practical Use Cases

Near-term (NISQ era)

  • Quantum chemistry simulation — Simulating molecular behavior for drug discovery and materials science. Molecules like FeMoCo (nitrogenase catalyst) are intractable classically but within reach of early fault-tolerant QC.
  • Optimization problems — Variational quantum algorithms (VQE, QAOA) for combinatorial optimization in logistics, finance, and supply chain.
  • Quantum machine learning — Hybrid classical-quantum models for pattern recognition and data classification (still mostly research-stage).
  • Quantum random number generation — True quantum randomness for cryptographic key generation (commercially available today).

Medium-term (fault-tolerant era)

  • Cryptanalysis — Breaking RSA/ECC via Shor’s algorithm
  • Advanced materials simulation — High-temperature superconductors, battery chemistry, catalyst design
  • Financial modeling — Monte Carlo simulations with quadratic speedup via quantum amplitude estimation
  • Optimization at scale — Logistics, scheduling, portfolio optimization with provable quantum advantage

Long-term

  • Quantum-safe communication — Quantum key distribution networks
  • Protein folding and genomics — Full ab-initio simulation of biological systems
  • AI and search — Grover-accelerated search subroutines embedded in larger classical AI systems

What Quantum Computers Can & Cannot Do

There is substantial misunderstanding about quantum computing capabilities. Here is a clear-eyed assessment:

✅ What they CAN do (with advantage) ❌ What they CANNOT do
Factor large integers in polynomial time (Shor’s) Speed up all computations — many problems have no known quantum speedup
Solve discrete log problems (breaks ECC, DH, DSA) Break symmetric ciphers fundamentally — AES-256 remains secure (Grover’s only halves key length)
Search unstructured spaces quadratically faster (Grover’s) Break hash functions beyond Grover’s quadratic speedup — SHA-256 → 128-bit equivalent, still safe
Simulate quantum physical systems exponentially faster Replace classical computers for everyday tasks (word processing, databases, web serving)
Generate true random numbers from quantum measurement Solve NP-complete problems in polynomial time (as far as we know — BQP ≠ NP is widely believed)
Provide provably secure key exchange (QKD) Transmit information faster than light (no-communication theorem)
Speed up certain optimization and ML tasks Operate without errors at room temperature (current hardware needs mK temperatures or high vacuum)

The complexity-theoretic picture: Quantum computers operate in the complexity class BQP (Bounded-Error Quantum Polynomial Time). BQP is believed to be strictly larger than P (problems like factoring sit in BQP but are believed not to be in P), but strictly smaller than NP. This means quantum computers offer exponential speedups for some problems, but are not universal problem-solving machines.

Security Implications

What breaks

All public-key cryptosystems based on the hardness of integer factorization or discrete logarithms are vulnerable to Shor’s algorithm:

  • RSA (all key sizes) — factoring the modulus
  • ECDSA / ECDH (all curves) — elliptic curve discrete log
  • DSA / DH — finite field discrete log
  • Most current TLS key exchange — ECDHE, DHE
  • Existing digital signatures — RSA-PSS, ECDSA

What survives

  • AES-256 — Grover reduces to 128-bit equivalent; still secure
  • SHA-256 / SHA-3 — Grover reduces collision resistance; 256-bit hashes retain ≥128-bit security
  • Post-Quantum Cryptography (PQC) — algorithms based on problems believed hard for quantum computers:
NIST PQC Standard Type Hard Problem Use Case
ML-KEM (FIPS 203) KEM Module-LWE (lattice) Key encapsulation / exchange
ML-DSA (FIPS 204) Signature Module-LWE (lattice) Digital signatures
SLH-DSA (FIPS 205) Signature Hash-based (stateless) Digital signatures (conservative)
FN-DSA (expected 2025) Signature NTRU lattice Compact signatures

The “Harvest Now, Decrypt Later” threat

Nation-state adversaries are widely believed to be collecting encrypted communications now, with the intention of decrypting them once CRQCs become available. Any data that must remain confidential for more than 10–15 years is at risk today. This includes classified government communications, medical records, financial data, trade secrets, and long-lived authentication credentials.

Migration strategy

  1. Inventory — Catalog all cryptographic dependencies (protocols, libraries, certificates, key sizes)
  2. Prioritize — Focus first on data with long sensitivity lifetimes and on key exchange (easier to upgrade than signatures)
  3. Hybrid approach — Deploy hybrid classical+PQC schemes (e.g., X25519 + ML-KEM-768) during transition to hedge against both classical and quantum attacks
  4. Adopt NIST standards — ML-KEM for key exchange, ML-DSA for general signatures, SLH-DSA where conservative hash-based security is preferred
  5. Test and validate — PQC key/signature sizes are significantly larger; test performance impact on all systems
  6. Monitor — Track quantum hardware progress and be prepared to accelerate migration if breakthroughs occur

Action required now: NIST, NSA (CNSA 2.0), and ANSSI have all published timelines requiring migration to PQC by 2030–2035. The European Union’s cybersecurity agency ENISA recommends beginning migration planning immediately. Given typical enterprise migration timelines of 5–10 years, organizations that have not started planning are already behind.

Python Example with Qiskit

Below is a complete, runnable example using IBM’s Qiskit SDK (v1.x) that demonstrates several key concepts from this report: superposition, entanglement, Grover’s algorithm, and measurement. This runs on a local simulator — no quantum hardware access required.

Installation

# Install Qiskit (requires Python 3.9+)
pip install qiskit qiskit-aer

Example 1 — Bell State (Entanglement)

from qiskit import QuantumCircuit
from qiskit_aer import AerSimulator
from qiskit.visualization import plot_histogram

# Create a 2-qubit circuit with 2 classical bits
qc = QuantumCircuit(2, 2)

# Step 1: Apply Hadamard to qubit 0 → creates |+⟩ = (|0⟩+|1⟩)/√2
qc.h(0)

# Step 2: CNOT with control=q0, target=q1 → creates Bell state |Φ+⟩
qc.cx(0, 1)

# Step 3: Measure both qubits
qc.measure([0, 1], [0, 1])

# Run on the Aer simulator with 1024 shots
simulator = AerSimulator()
result = simulator.run(qc, shots=1024).result()
counts = result.get_counts()

print("Bell State measurement results:")
print(counts)
# Expected output: {'00': ~512, '11': ~512}
# Qubits are perfectly correlated — never '01' or '10'

Example 2 — Grover’s Search (2-qubit, finding |11⟩)

from qiskit import QuantumCircuit
from qiskit_aer import AerSimulator

def grovers_2qubit():
    """
    Grover's algorithm on 2 qubits to find the state |11⟩.
    With N=4 states, we need exactly 1 Grover iteration
    (√4 = 2, π/4·√4 ≈ 1).
    """
    qc = QuantumCircuit(2, 2)

    # --- Initialization: uniform superposition ---
    qc.h([0, 1])

    # --- Oracle: mark |11⟩ by flipping its phase ---
    # CZ gate adds a phase of -1 when both qubits are |1⟩
    qc.cz(0, 1)

    # --- Diffusion operator: 2|s⟩⟨s| - I ---
    qc.h([0, 1])
    qc.z([0, 1])
    qc.cz(0, 1)
    qc.h([0, 1])

    # --- Measure ---
    qc.measure([0, 1], [0, 1])

    # Run simulation
    simulator = AerSimulator()
    result = simulator.run(qc, shots=1024).result()
    counts = result.get_counts()

    print("Grover's search for |11⟩:")
    print(counts)
    # Expected: {'11': 1024}  — 100% probability for 2-qubit Grover

    return qc, counts

circuit, results = grovers_2qubit()

Example 3 — Quantum Fourier Transform (building block of Shor’s)

import numpy as np
from qiskit import QuantumCircuit
from qiskit_aer import AerSimulator

def qft_circuit(n_qubits):
    """Construct an n-qubit Quantum Fourier Transform circuit."""
    qc = QuantumCircuit(n_qubits, name="QFT")

    for target in range(n_qubits):
        # Hadamard on target qubit
        qc.h(target)
        # Controlled phase rotations from higher qubits
        for control in range(target + 1, n_qubits):
            angle = np.pi / (2 ** (control - target))
            qc.cp(angle, control, target)

    # Swap qubits to match standard QFT convention
    for i in range(n_qubits // 2):
        qc.swap(i, n_qubits - i - 1)

    return qc

# Build and display a 4-qubit QFT
qft = qft_circuit(4)
print(qft.draw(output='text'))

# Verify: apply QFT to |0001⟩ and check the output state
test_circuit = QuantumCircuit(4)
test_circuit.x(0)                     # Prepare |0001⟩
test_circuit.append(qft, range(4))    # Apply QFT

simulator = AerSimulator()
test_circuit.save_statevector()
result = simulator.run(test_circuit).result()
statevector = result.get_statevector()
print("QFT output state (first 8 amplitudes):")
print(np.round(statevector[:8], 3))

Running these examples: All three examples run entirely on your local machine using Qiskit’s Aer simulator. No IBM Quantum account or hardware access is required. To run on real quantum hardware, sign up at quantum.ibm.com, obtain an API key, and swap AerSimulator() for a hardware backend via QiskitRuntimeService.

For Cirq (Google) or Amazon Braket alternatives, the circuit concepts are identical — only the SDK syntax differs.

Summary for Security Practitioners

Quantum computing is not a distant theoretical concern — it is an active engineering program with concrete milestones. The key facts:

  1. Shor’s algorithm breaks RSA and ECC. The only question is when, not if.
  2. Grover’s algorithm weakens symmetric crypto, but doubling key sizes (AES-256) is a sufficient mitigation.
  3. “Harvest now, decrypt later” means data with long sensitivity lifetimes is at risk today.
  4. NIST PQC standards are finalized (ML-KEM, ML-DSA, SLH-DSA). Migration can and should begin now.
  5. Hybrid schemes (classical + PQC) provide a safe transition path that protects against both classical and quantum attacks.
  6. Cryptographic agility — the ability to swap algorithms without redesigning systems — should be a primary engineering goal.

The time to begin your post-quantum migration is now. Not when CRQCs arrive.

You May Also Enjoy