- Lattice based key pair and signature sizes are roughly 12/2 kb and 9 kb, which is much larger than 256-bit ECC key sizes.
I assume that you mean the public key sizes are 1.5kbyte. Actually, Falcon-512 (which is what you'd use if you're really interested in minimizing sizes) has 897 byte public keys and 666 byte signatures; just somewhat larger than RSA sizes.
- The number of q-bits need to break n-bit ECC can be 6n, but it's also affected by some other factors.
I believe the number is actually slightly more; however it's close enough for estimating purposes (and I believe performance can be increased significantly by having a few more qubits available)
- The difficulty level for adding more q-bits to a computer increase exponentially.
That, no one knows. It may be that once we get real logical (error correcting) qubits, that the difficulty of adding more is significantly less than what we have experienced so far (then again, it might not - or, there might be other difficulties we run into that we haven't yet)
If adding a few more qubits doubled the complexity, then you are right, Quantum Computers are not a cryptographical concern. However, that is not a security assumption that many of us are happy to make.
