For AES, the quantum advantage is merely grover's algorithm, which allows you to invert a function in O(sqrt(N)) time instead of O(N) time. Basically, the algorithm would look like "compute AES-192 on a uniform random quantum state, then do Grover's algorithm for 2^96 timesteps." This needs as many qubits as it takes to compute AES-192 (which, since the algorithm isn't unitary, is strictly greater than 192 qubits).
More important is the fact that it's a very long-running application: it requires to you keep over 192 qubits coherent for a very long time, which is probably an order of magnitude or more in error correction requirements.
Most postulations I've seen follow the axiom that the number of qubits must be no less than twice the number of bits used to generate the key. I found a pretty good summary of that thinking on StackExchange: https://security.stackexchange.com/questions/87345/how-many-...
More important is the fact that it's a very long-running application: it requires to you keep over 192 qubits coherent for a very long time, which is probably an order of magnitude or more in error correction requirements.