|
|
|
|
|
|
by jcranmer
3145 days ago
|
|
|
For AES, the quantum advantage is merely grover's algorithm, which allows you to invert a function in O(sqrt(N)) time instead of O(N) time. Basically, the algorithm would look like "compute AES-192 on a uniform random quantum state, then do Grover's algorithm for 2^96 timesteps." This needs as many qubits as it takes to compute AES-192 (which, since the algorithm isn't unitary, is strictly greater than 192 qubits). More important is the fact that it's a very long-running application: it requires to you keep over 192 qubits coherent for a very long time, which is probably an order of magnitude or more in error correction requirements. |
|
|