A submission to the Q-Day Prize claiming quantum ECDLP key recovery on curves up to 17 bits using IBM Quantum hardware was replicated by replacing the QiskitRuntimeService backend with os.urandom while leaving circuit construction, ripple-carry oracle, extraction, and d·G == Q verification unchanged (https://github.com/yuvadm/quantumslop/blob/25ad2e76ae58baa96f6219742459407db9dd17f5/URANDOM_DEMO.md). For small challenges (4-10 bits, 8192 shots) both the original IBM runs and the urandom patch recovered identical private keys on first attempt. For flagship 16-bit and 17-bit challenges (20000 shots, ripple-carry) urandom succeeded in 4/5 and 2/5 runs respectively, matching the author's reported hardware outcomes including the prize-winning d=1441 on the 17-bit curve.

Shor's original algorithm established polynomial-time quantum solution for discrete logarithms (Shor, 1994, https://doi.org/10.1109/SFCS.1994.365700). Current noisy intermediate-scale quantum devices face high error rates that limit circuit depth; IBM's own roadmap acknowledges error-correction milestones remain years away (IBM Quantum Roadmap, 2024, https://www.ibm.com/quantum/roadmap). Google's 2019 quantum supremacy experiment using a 53-qubit Sycamore processor was subsequently simulated classically in under three days (IBM, 2019, https://www.ibm.com/blogs/research/2019/10/on-quantum-supremacy/).

The original coverage omitted that the extraction routine (ripple_carry_shor.py:197-240) performs rejection sampling: each shot's (j, k, r) yields a candidate d_cand = (r - j)·k⁻¹ mod n that is accepted only after classical verification against the target point Q. Under uniform random bits the probability of at least one verified hit equals 1 - (1 - 1/n)^S, exactly matching the observed success rates for the author's (n, S) parameters without requiring quantum signal.