
It’s worth understanding, in plain terms, why quantum computing threatens some cryptography and not other cryptography — because the distinction determines exactly where migration effort needs to go.
What RSA and ECC Actually Rely On
RSA’s security rests on the difficulty of factoring very large numbers into their prime components — easy to verify, extraordinarily hard to compute in reverse with classical computers at the key sizes in use today. Elliptic-curve cryptography (ECC) rests on a related but different hard problem, the discrete logarithm problem over elliptic curves. Both are examples of a category of maths problem that’s asymmetric: easy one direction, hard the other — which is exactly what makes a problem useful for cryptography.
What Shor’s Algorithm Changes
In 1994, mathematician Peter Shor showed that a sufficiently large, error-corrected quantum computer could solve both the factoring problem and the discrete logarithm problem efficiently — collapsing the “hard direction” that RSA and ECC depend on. This is a mathematical result, not a hardware achievement; the hardware capable of running Shor’s algorithm at the scale needed to threaten real-world key sizes doesn’t exist yet, but the mathematics means it’s a known, well-understood threat once it does.
Why Symmetric Encryption Is a Different Story
Symmetric algorithms like AES don’t rely on the same kind of asymmetric maths problem — they rely on the sheer size of the key space being infeasible to search. Grover’s algorithm, a different quantum algorithm, does provide a quantum speed-up against symmetric encryption, but only a quadratic one — roughly halving the effective key length rather than breaking the algorithm outright. AES-256 under Grover’s algorithm behaves, very roughly, like AES-128 does today: still considered secure, not broken. This is precisely why post-quantum migration efforts focus on public-key cryptography — key exchange and digital signatures — rather than symmetric encryption generally.
Why This Distinction Matters Practically
It tells you exactly where to look during discovery: RSA and ECC-based key exchange and signatures across TLS, certificates, and signing workflows are the priority. Well-implemented AES-256 encryption at rest is comparatively low priority for algorithm replacement, though key management around it still matters. Understanding the “why” behind the migration priority list makes it far easier to explain, and defend, to a technical audience.