Quantum computing devices are believed to be powerful in solving the prime factorization problem, which is at the heart of widely deployed public-key cryptographic tools. However, the implementation of Shor's quantum factorization algorithm requires significant resources scaling linearly with the number size; taking into account an overhead that is required for quantum error correction the estimation is that 20 millions of (noisy) physical qubits are required for factoring 2048-bit RSA key in 8 hours. Recent proposal by Yan et. al. claims a possibility of solving the factorization problem with sublinear quantum resources. As we demonstrate in our work, this proposal lacks systematic analysis of the computational complexity of the classical part of the algorithm, which exploits the Schnorr's lattice-based approach. We provide several examples illustrating the need in additional resource analysis for the proposed quantum factorization algorithm.

翻译：量子计算设备被认为在解决质因数分解问题方面具有强大能力，该问题是广泛部署的公钥密码工具的核心。然而，Shor量子因式分解算法的实现需要与数字大小呈线性增长的大量资源；考虑到量子纠错所需的开销，估计需要2000万个（有噪声的）物理量子比特才能在8小时内分解2048位的RSA密钥。Yan等人最近提出的方案声称有可能使用亚线性量子资源解决因式分解问题。正如我们在工作中所展示的，该方案缺乏对算法经典部分计算复杂性的系统分析，这部分利用了Schnorr的基于格的方法。我们提供了几个示例，说明需要对所提出的量子因式分解算法进行额外的资源分析。