Quantum computing devices are believed to be powerful in solving the prime factorization problem, which is at the heart of widely deployed public-key cryptographic tools. However, the implementation of Shor's quantum factorization algorithm requires significant resources scaling linearly with the number size; taking into account an overhead that is required for quantum error correction the estimation is that 20 millions of (noisy) physical qubits are required for factoring 2048-bit RSA key in 8 hours. Recent proposal by Yan et al. claims a possibility of solving the factorization problem with sublinear quantum resources. As we demonstrate in our work, this proposal lacks systematic analysis of the computational complexity of the classical part of the algorithm, which exploits the Schnorr's lattice-based approach. We provide several examples illustrating the need in additional resource analysis for the proposed quantum factorization algorithm.

翻译：量子计算设备被认为在解决素数因子分解问题（广泛应用于公钥密码工具的核心问题）方面具有强大能力。然而，实现Shor量子因子分解算法需要与数字规模线性增长的大量资源；考虑到量子纠错所需的额外开销，估算表明在8小时内分解2048位RSA密钥需要2000万个（含噪声的）物理量子比特。Yan等人近期提出的方案声称可能以亚线性量子资源解决因子分解问题。本研究证明，该方案缺乏对算法经典部分（利用Schnorr基于格的方法）计算复杂度的系统分析。我们通过若干实例说明，对于所提出的量子因子分解算法，需要进一步进行资源分析。