Most postulations I've seen follow the axiom that the number of qubits must be no less than twice the number of bits used to generate the key. I found a pretty good summary of that thinking on StackExchange: https://security.stackexchange.com/questions/87345/how-many-...