Enter N and press ▶ Run Shor's Algorithm to begin.
Visualization will appear here after running the algorithm.
FACTORING COMPLEXITY (log scale)
At RSA-2048: Classical ≈ 1023 ops | Quantum ≈ 109 ops
Speedup: ~1014× — fourteen orders of magnitude
RESOURCE REQUIREMENTS
| Target | Logical Qubits | Physical Qubits (est.) | Threat Timeline |
|---|---|---|---|
| RSA-512 | ~1,500 | ~500K | Already broken classically |
| RSA-2048 | ~4,100 | <1M (Gidney, 2025) | 10–25 years |
| RSA-4096 | ~8,200 | ~2M | 15–30 years |
| ECC P-256 | ~2,330 | <500K (Google, 2026) | 10–20 years |
| ECC P-384 | ~3,500 | ~750K | 15–25 years |
Current largest fault-tolerant quantum computers: ~1,000 logical qubits (2026)
Gap to RSA-2048: ~4,100 logical qubits needed
▶ Why Shor breaks ECC too
Shor's algorithm also solves the discrete logarithm problem — the mathematical foundation of ECC and Diffie-Hellman.
ECDH, ECDSA, and all ECC-based protocols are equally vulnerable. Smaller key sizes make ECC faster to break than RSA on a quantum computer.
QUANTUM-RESISTANT AFTER SHOR
- ✓ AES-256 — Grover reduces to 128-bit effective — still strong
- ✓ SHA-3 — Grover reduces collision resistance — still usable
- ✓ ML-KEM (Kyber) — Lattice problems — no known quantum speedup
- ✓ ML-DSA — Lattice problems — no known quantum speedup
- ✓ SLH-DSA — Hash-based — quantum-safe by design
- ✓ BB84 QKD — Physics-based — immune to all computational attacks
- ✗ RSA (any size) — Broken by Shor
- ✗ ECC (any curve) — Broken by Shor
- ✗ Diffie-Hellman — Broken by Shor
Run the algorithm above to see a live demo.
→ crypto-lab-kyber-vault — post-quantum replacement
→ crypto-lab-bb84 — physics-based alternative