Symmetric crypto is safe: quantum computing allows to shorten bruteforce attack (N classical attempts) by sqrt(N) quantum operations (Grover’s algorithm). So unless you are using something marginally secure like aes-64, you are safe.
With asymmetric crypto there is completely another story: with powerful enough fully functional quantum machine (~2000 cubits) all popular algothims like RSA, DSA, elliptic curves (EC) wil be dead. EC will be first to die because of shorter keys, so smaller number of cubits will be necessary (~1000, but this depends on implementation and algo details).
So what can be done? There are MANY postquantum algorithms: hundreds of them already. Most of them have two shortcomings:
- They are not well tested. Cryptography likes mature algorithms and implementations. Many of proposed algorithms turned to be vulnerable against common classic (non-quantum attacks).
- Postquantum algos require very long keys (sum of public and private key lengths is often about 1MB, no consider how huge keychains will be). There are many practical problems with all these implementations.
You can find more accurate details in DJB’s talk:
and in many scientific articles.