There exists too much noise on impending doom with respect to Quantum Computing. Yet, I fail to understand the severity. So below I slowly try to piece together the various aspects. Will update this over coming weeks as I verify / learn more.
Tier
Algo
Notes
Usage
Effort to Break (qubits)
F
ECC (Elliptic Curve Cryptopgrahy)
Trivially breakable
Modern standard of for SSL/TLS (ECDHE key exchange, ECDSA singatures). Used in cryptocurrencies (Bitcoin, Ethereum), secure messaging apps (Singal, WhatsApp) and PGP
3k-5k
E
RSA (Rivest-Shamir-Adleman)
Trivially breakable. Saving grace for now is number of logical qubits needed compared to ECC
Historical foundation of SSL/TLS for key exchange, digital signtures (S/MIME for email), code signing and securing SSH connections. Actively being phased out
20 million
D
AES (Advanced Encryption Standard)
Moderate. Security reduced so ensure key length 256+
Used for encrypting data at rest & in transit (SSL/TLS)
6k-7k
C
SHA-2 or HMAC (Hash-based Message Authentication Code)
These are Hash functions. They are not considered quantum-resistant but secure against all known classical attacks
Used in SSL/TLS, APIs (e.g. AWS Signature V4), JWTs, Bitcoin
2.5k-3k
B
Lattice-Based Cryptography
Post-Quantum Cryptography
Early versions being tested in SSL/TLS libraries
Billions - running over extended period
A
Quantum Key Distribution
Information-Theoretic Security. Method for securely distributing a random key
Used to secure high-value dedicated links. Not replacement for SSL/TLS on public internet
Infinite - protected by laws of physics
How about Bitcoin
Tier
Algo
Notes
F
P2PK (Pay-to-Public-Key)
Trivially breakable - The public key is directly visible in the transaction script. An attacker can use Shor's algorithm to derive the private key from the public key and immediately spend the funds. Once broken, the funds can be stolen instantly. Any unspent P2PK output is a sitting duck for a quantum attacker
E
P2PKH (Pay-to-Public-Key-Hash)
Trivially breakable - Saving grace is the timing element
D
P2SH (Pay-to-Script-Hash)
Moderate. Depending on the script. 1-of-1 signature would be as vulnerable as the script - e.g. P2PKH. If multi-singature; its event more vulnerable as attacker only needs to break one key to start attempting to forge a valid signature
High but better than P2PKH. Segwith allows to place signature and public key in separate "witness" data structure. It changes transaction malleability and fee dynamics. Core vulnerability of revealing the public key in the mempool remains
B
P2TR (Pay-to-Taproot)
Post-Quantum Cryptography - theoretical. Taproot has two spending paths; key path and the script path. Key path will reveal the public key so vulnerable. However, if spent on script path, it can hide complex conditions, including potentially quantum-resistant schemes. Script path needs further implementation
A
Hypothetical P2PQ (Pay-to-Post-Quantum-Key)
Post-Quantum Cryptography - theoretical. This is a theoretical address type where the locking script contains a public key from a quantum-resistant algorithm like CRYSTALS-Dilithium
A+
SHA-256 - Proof-of-Work Mining
Moderate to Low. To gain a 51% advantage, a quantum attacker wouldn't need to control 51% of the classical hash rate. They would need a quantum computer capable of performing Grover's algorithm fast enough to outpace the entire classical network. This is estimated to require millions of highly specialized, error-corrected qubits, making it an extraordinarily expensive and difficult feat, far more so than breaking a single private key. The network's security is amplified by its total hash rate, which remains a formidable barrier
