Integer Factorization via Tensor Network Schnorr's Sieving

Classical public-key cryptography standards rely on the Rivest-Shamir-Adleman (RSA) encryption protocol. The security of this protocol is based on the exponential computational complexity of the most efficient classical algorithms for factoring large semiprime numbers into their two prime components. Here, we address RSA factorization building on Schnorr’s mathematical framework where factorization translates into a combinatorial optimization problem. We solve the optimization task via tensor network methods, a quantum-inspired classical numerical technique. This tensor network Schnorr’s sieving algorithm displays numerical evidence of polynomial scaling of resources with the bit-length of the semiprime. We factorize RSA numbers up to 100 bits and assess how computational resources scale through numerical simulations up to 130 bits, encoding the optimization problem in quantum systems with up to 256 qubits. Only the high-order polynomial scaling of the required resources limits the factorization of larger numbers. Although these results do not currently undermine the security of the present communication infrastructure, they strongly highlight the urgency of implementing post-quantum cryptography or quantum key distribution.

💡 Research Summary

The paper proposes a novel classical algorithm for factoring RSA semiprimes by enhancing Schnorr’s lattice‑based sieving with tensor‑network (TN) techniques, specifically a tree‑tensor‑network (TTN) variational approach. Traditional RSA security relies on the exponential difficulty of factoring large semiprimes; the best classical method, the General Number Field Sieve (GNFS), achieved the record factorization of an 829‑bit RSA key (RSA‑250) in 2020. While Shor’s quantum algorithm would break RSA in polynomial time, near‑term quantum devices are still far from capable of factoring cryptographically relevant sizes.

Schnorr’s framework recasts factoring as a collection of Closest Vector Problems (CVPs) on lattices derived from the target integer N. Each CVP is defined by a lattice Λ (basis B) and a target vector t; solving the CVP yields a lattice point b that approximates t. From these lattice points one extracts “smooth‑relation” (sr) pairs—pairs of integers whose prime factors are bounded by a smoothness bound B₂. When enough independent sr‑pairs are gathered, linear‑algebraic post‑processing produces two squares X² and Y² satisfying X² ≡ Y² (mod N), from which the prime factors p and q are recovered.

The bottleneck in Schnorr’s original method is the collection phase: Babai’s nearest‑plane algorithm provides only a single approximate solution per CVP, and enumerating additional candidates around it incurs exponential cost. The authors address this by (1) mapping the lattice points to eigenstates of a diagonal spin‑glass Hamiltonian H (Eq. 1), where each of the 2ⁿ possible binary roundings corresponds to a candidate lattice point, and (2) using a TTN to variationally approximate the low‑energy subspace of H. The TTN is optimized via a variational ground‑state search, and the OPES (Optimized Probabilistic Extraction Sampling) algorithm extracts bit‑strings from the TTN state without resampling, thereby efficiently collecting low‑probability but potentially useful sr‑pairs.

Key experimental settings: the number of qubits n (i.e., lattice rank) and the smoothness bound π₂ are treated as hyper‑parameters. The authors deviate from Schnorr’s sub‑linear prescription (n = π₂ ≈ ℓ/ log₂ℓ) and instead let π₂ grow polynomially with ℓ and n (π₂ = 2^{nℓ}). For each RSA bit‑length ℓ they generate 50 CVPs, sample O(ℓ^γ) bit‑strings per CVP (γ = 2–4), and evaluate the average number of sr‑pairs per lattice (AsrPL). Empirical fits yield an exponential decay of AsrPL with an effective bit‑length ℓ_eff = ℓ / n^{1/ω} (ω ≈ 8), matching predictions from the Dickman function. The required number of qubits scales as n ≈ C · ℓ log ℓ (Eq. 3), i.e., polynomially in the key size, provided a polynomial number of samples is taken.

Results: using n = 64 qubits and γ = 2 the algorithm successfully factored a 100‑bit RSA key. Simulations up to ℓ = 130 bits were performed with n up to 256 qubits, demonstrating that the resource growth remains polynomial within this range. However, the absolute constants are large; the smoothness bound and the number of sampled bit‑strings become prohibitive for larger keys. Moreover, the “qubits” are simulated classical degrees of freedom, and the memory/CPU requirements for a TTN with bond dimension m = 8 grow rapidly with n, limiting practical scalability beyond ~200 bits on current supercomputers.

The authors conclude that tensor‑network‑enhanced Schnorr sieving (TNSS) offers a meaningful reduction of the collection bottleneck and provides empirical evidence of polynomial scaling for RSA factorization up to 130 bits. Nonetheless, the method does not yet threaten real‑world RSA sizes (e.g., RSA‑2048), and the need for post‑quantum cryptography remains urgent. The work also contributes a valuable benchmark for hybrid quantum‑classical optimization techniques and suggests future directions such as improved Hamiltonian encodings, adaptive bond‑dimension strategies, or integration with quantum hardware for genuine quantum speed‑up.