Skip to main content

What breaks. What survives.

When a cryptographically-relevant quantum computer arrives, every tool we use today lands in one of four buckets. The asymmetric layer collapses. The symmetric layer mostly holds. The migration path is the right column.

Pre-quantum baseline. Everything looks safe — and most of it is, today.

Broken by Shor's

Completely defeated. Replace.

6

Weakened by Grover's

Effective key length halves. Upgrade.

3

Survives with upgrades

Still strong at larger sizes.

4

Post-quantum replacement

The new foundation.

4

Back to the source

The Quantum Threat
What Breaks vs. What Survives

The shape of the transition

The asymmetric layer — what proves identity and shares keys — has to be rebuilt. The symmetric layer — what protects bulk data — keeps working with bigger keys. PQC is the bridge: ML-KEM picks up where RSA/ECC drop off, ML-DSA picks up where ECDSA drops off, and SLH-DSA stands by as a hash-based backup.

Open the PQC Toolkit

About this lab — Breaks vs. Survives

What this lab teaches

Which cryptographic tools collapse under Shor's algorithm, which only weaken under Grover's, and which survive the quantum transition essentially intact.

How to use it

  1. Scan the three groups: what breaks, what weakens, and what survives.
  2. Expand any entry for why it lands there and the recommended action.

Key takeaway

Public-key cryptography (RSA, ECC, Diffie–Hellman) breaks outright. Symmetric ciphers and hashes only need larger parameters — AES-256, SHA-384. The asymmetric layer is the emergency.

Related exhibits

Sources · RefDoc §14