← Latest papers
⚛️ quantum physics

On the practicality of quantum sieving algorithms for the shortest vector problem

This paper demonstrates that under current and near-future technological assumptions, quantum sieving algorithms aided by Grover's search offer no practical speedup over classical computing for solving the Shortest Vector Problem in dimensions relevant to post-quantum cryptography, as they would require prohibitively large resources and time.

Original authors: Joao F. Doriguello, George Giapitzakis, Alessandro Luongo, Aditya Morolia

Published 2026-04-13
📖 5 min read🧠 Deep dive

Original authors: Joao F. Doriguello, George Giapitzakis, Alessandro Luongo, Aditya Morolia

Original paper licensed under CC BY 4.0 (http://creativecommons.org/licenses/by/4.0/). This is an AI-generated explanation of the paper below. It is not written or endorsed by the authors. For technical accuracy, refer to the original paper. Read full disclaimer

The Great Quantum Sieve: A Reality Check on Breaking Future Codes

Imagine you are trying to find the single shortest thread in a giant, tangled ball of yarn that is the size of a galaxy. This is essentially what the Shortest Vector Problem (SVP) is. In the world of cryptography, this "yarn ball" is a mathematical structure called a lattice, and finding that shortest thread is the key to breaking the most secure digital locks we have today.

For decades, scientists have been asking: "Can a quantum computer find this thread much faster than a regular computer?"

This paper, written by a team of researchers, says: "Probably not, at least not anytime soon."

Here is the breakdown of their findings using simple analogies.


1. The Setup: The Quantum Race

To break modern encryption (the kind that will protect our data after quantum computers arrive), hackers would need to solve the SVP on a lattice with a dimension of about 400. Think of this as a 400-dimensional maze.

Researchers have known for a while that Grover's Algorithm (a famous quantum search trick) can theoretically speed up this search. It's like having a magic flashlight that lets you check two rooms at once instead of one. Theoretically, this should make the search much faster.

However, this paper asks a very practical question: "What is the actual cost of building that magic flashlight?"

2. The Hidden Costs: The "Magic" isn't Free

The authors realized that previous studies were like estimating the cost of a road trip by only counting the price of gas, ignoring the car, the driver, the tolls, and the fact that the car might break down.

They decided to calculate the full bill, including:

  • The Car (Hardware): Building a quantum computer requires millions of tiny parts.
  • The Driver (Error Correction): Quantum bits (qubits) are incredibly fragile, like glass marbles on a bumpy road. To keep them from shattering, you need to wrap every single "useful" marble in a protective bubble made of thousands of other marbles. This is called Quantum Error Correction.
  • The Memory (QRAM): To search the yarn ball, the computer needs to remember where every thread is. The paper calculates the cost of building a massive "Quantum Library" (QRAM) that can be accessed instantly.
  • The Fuel (Time): How long does the engine take to run?

3. The Big Reveal: The Numbers are Shocking

When the authors crunched the numbers for a lattice of dimension 400 (the size needed to break current "post-quantum" security standards), the results were humbling:

  • The Qubit Count: To run this algorithm, you would need roughly 10 trillion (10¹³) physical qubits.
    • Analogy: If every atom in a human body is a qubit, you would need the atoms of billions of humans stacked together to build this computer.
  • The Time: Even with this massive machine, it would take roughly 10³¹ years to solve the problem.
    • Analogy: The universe is only about 13.8 billion years old (10¹⁰). This computer would take a time span 1,000,000,000,000,000,000,000,000,000,000 times longer than the age of the universe.

4. The "Classical" Surprise

Here is the twist: The authors also calculated how long a regular, single-core classical computer (like the one in your laptop, but running at a very fast speed) would take to do the same job.

It would take roughly the same amount of time: 10³¹ years.

This means that for the specific problem of breaking these lattice codes, the "quantum speedup" (the magic flashlight) is so expensive to build and run that it offers no real advantage over a regular computer. The overhead of keeping the quantum computer stable eats up all the speed gains.

5. Why is it so hard? (The "QRAM" Bottleneck)

The biggest culprit for this massive cost is the QRAM (Quantum Random Access Memory).

  • Analogy: Imagine you are looking for a needle in a haystack. A quantum computer wants to look at the whole haystack at once. But to do that, it needs a library card for every single piece of hay. Building a library card system for a haystack the size of a galaxy requires more resources than the haystack itself!
  • The paper shows that the memory required to hold the data for the search is so huge that it swallows up all the benefits of the quantum speedup.

6. The Conclusion: Don't Panic (Yet)

The authors conclude that:

  1. Current Standards are Safe: The lattice-based cryptography being standardized by NIST (like Kyber and Dilithium) is safe from quantum attacks for the foreseeable future.
  2. No Magic Bullet: Simply adding a quantum computer to the mix doesn't automatically break these codes. The hardware requirements are currently impossible.
  3. Future Hope? For quantum computers to actually break these codes, we would need massive breakthroughs in two areas:
    • Hardware: Building quantum computers that don't need millions of protective "bubbles" for every qubit.
    • Memory: Finding a way to build quantum memory (QRAM) that doesn't require a galaxy-sized amount of space.

Summary

Think of this paper as a reality check for the "Quantum Apocalypse." While quantum computers are amazing and will eventually solve many problems, they are not a magic wand that instantly breaks all encryption.

To break the specific "lattice" locks used for future security, we would need to build a machine so large and complex that it would take longer to build and run than the entire history of the universe. Until we make a giant leap in how we build quantum computers, our digital secrets remain safe.

Drowning in papers in your field?

Get daily digests of the most novel papers matching your research keywords — with technical summaries, in your language.

Try Digest →