<P> Finally, upon termination of the algorithm, the result needs to be read off . In the case of a classical computer, we sample from the probability distribution on the three - bit register to obtain one definite three - bit string, say 000 . Quantum mechanically, one measures the three - qubit state, which is equivalent to collapsing the quantum state down to a classical distribution (with the coefficients in the classical state being the squared magnitudes of the coefficients for the quantum state, as described above), followed by sampling from that distribution . This destroys the original quantum state . Many algorithms will only give the correct answer with a certain probability . However, by repeatedly initializing, running and measuring the quantum computer's results, the probability of getting the correct answer can be increased . In contrast, counterfactual quantum computation allows the correct answer to be inferred when the quantum computer is not actually running in a technical sense, though earlier initialization and frequent measurements are part of the counterfactual computation protocol . </P> <P> For more details on the sequences of operations used for various quantum algorithms, see universal quantum computer, Shor's algorithm, Grover's algorithm, Deutsch--Jozsa algorithm, amplitude amplification, quantum Fourier transform, quantum gate, quantum adiabatic algorithm and quantum error correction . </P> <P> Integer factorization, which underpins the security of public key cryptographic systems, is believed to be computationally infeasible with an ordinary computer for large integers if they are the product of few prime numbers (e.g., products of two 300 - digit primes). By comparison, a quantum computer could efficiently solve this problem using Shor's algorithm to find its factors . This ability would allow a quantum computer to decrypt many of the cryptographic systems in use today, in the sense that there would be a polynomial time (in the number of digits of the integer) algorithm for solving the problem . In particular, most of the popular public key ciphers are based on the difficulty of factoring integers or the discrete logarithm problem, both of which can be solved by Shor's algorithm . In particular the RSA, Diffie - Hellman, and elliptic curve Diffie - Hellman algorithms could be broken . These are used to protect secure Web pages, encrypted email, and many other types of data . Breaking these would have significant ramifications for electronic privacy and security . </P> <P> However, other cryptographic algorithms do not appear to be broken by those algorithms . Some public - key algorithms are based on problems other than the integer factorization and discrete logarithm problems to which Shor's algorithm applies, like the McEliece cryptosystem based on a problem in coding theory . Lattice - based cryptosystems are also not known to be broken by quantum computers, and finding a polynomial time algorithm for solving the dihedral hidden subgroup problem, which would break many lattice based cryptosystems, is a well - studied open problem . It has been proven that applying Grover's algorithm to break a symmetric (secret key) algorithm by brute force requires time equal to roughly 2 invocations of the underlying cryptographic algorithm, compared with roughly 2 in the classical case, meaning that symmetric key lengths are effectively halved: AES - 256 would have the same security against an attack using Grover's algorithm that AES - 128 has against classical brute - force search (see Key size). Quantum cryptography could potentially fulfill some of the functions of public key cryptography . </P>

What's the difference between idea physical and computer models