Quantum computing devices are believed to be powerful in solving the prime factorization problem, which is at the heart of widely deployed public-key cryptographic tools. However, the implementation of Shor's quantum factorization algorithm requires significant resources scaling linearly with the number size; taking into account an overhead that is required for quantum error correction the estimation is that 20 millions of (noisy) physical qubits are required for factoring 2048-bit RSA key in 8 hours. Recent proposal by Yan et. al. claims a possibility of solving the factorization problem with sublinear quantum resources. As we demonstrate in our work, this proposal lacks systematic analysis of the computational complexity of the classical part of the algorithm, which exploits the Schnorr's lattice-based approach. We provide several examples illustrating the need in additional resource analysis for the proposed quantum factorization algorithm.

翻译：量子计算设备据信在解决大数分解问题上具有强大能力，而该问题是广泛部署的公钥密码工具的核心。然而，Shor量子因数分解算法的实现需要随整数大小线性增长的大量资源；考虑到量子纠错所需的额外开销，估计需要2000万个（有噪声的）物理量子比特才能在8小时内分解2048位RSA密钥。Yan等人最近提出的方案声称可以用次线性量子资源解决因数分解问题。正如我们在工作中所证明的，该方案缺乏对算法经典部分计算复杂性的系统性分析，该部分利用了基于Schnorr格的方法。我们提供了几个实例，说明需要对所提出的量子因数分解算法进行额外的资源分析。