1: \begin{abstract}

2: We show in some detail how to implement Shor's efficient quantum

3: algorithm for discrete logarithms for the particular case of elliptic

4: curve groups. It turns out that for this problem a smaller quantum

5: computer can solve problems further beyond current computing than for

6: integer factorisation. A 160 bit elliptic curve cryptographic key

7: could be broken on a quantum computer using around 1000 qubits while

8: factoring the security-wise equivalent 1024 bit RSA modulus would

9: require about 2000 qubits. In this paper we only consider elliptic

10: curves over GF($p$) and not yet the equally important ones over

11: GF($2^n$) or other finite fields. The main technical difficulty is to

12: implement Euclid's gcd algorithm to compute multiplicative inverses

13: modulo $p$. As the runtime of Euclid's algorithm depends on the input,

14: one difficulty encountered is the ``quantum halting problem''.

15: 

16: \end{abstract}

17: