A new research work dramatically reduces the amount of qubits to break elliptic curve ciphers on a hypothetical quantum computer. Elliptic curve crypto is the math protecting most HTTPS connections, digital signatures, and cryptocurrency wallets. Shor's quantum algorithm can break it, but requires a large fault-tolerant quantum computer - the question is exactly how large.
This new work cuts the required logical qubit count for attacking a 256-bit curve nearly in half. From 2,124 down to 1,098. That is a huge improvement. It also means breaking elliptic curve cryptography now looks cheaper in qubits than breaking RSA of equivalent security - a reversal of previous estimates. The method to achieve this is really smart but let me spare you the details. Appreciate it in the paper! It is really clever. Also expensive. Quantum computers cannot be reduced only to qubit count. Quantum gates are equally important. This technique requires a huge increase in gate count - by more than a factor of 1000. Roughly 2^43 Toffoli gates. Even the IBM's stated target for its first fault-tolerant system around 2029 is 100 million gates. This attack needs ~11.9 trillion. A crude "space times work" proxy computation makes the new method around 836 times more costly overall than what it replaces. Not less.