I noticed an interesting discussion in the crypto community — it turns out that quantum computers pose quite different levels of threat to various types of encryption. And this is more important than it seems at first glance.

Here's the gist: asymmetric encryption like ECDSA and RSA is under real threat. Quantum computing can fundamentally undermine these algorithms because they are based on mathematical problems that quantum computers solve much faster. This is a serious issue, and the industry understands it.

But with symmetric encryption, the situation is different. Take AES — here, quantum threats are much less critical. Yes, there is Grover's algorithm, which can theoretically speed up brute-force attacks, but in practice, it doesn't work as badly as it sounds. The problem is that Grover's algorithm is difficult to parallelize, so real attacks on 128-bit keys become incredibly expensive and simply ineffective.

Cryptographer Filippo Valsorde explained this well — AES-128 remains quite secure even considering post-quantum standards. NIST and other cryptography authorities agree that switching to 256-bit keys is not necessary. The current level of protection is sufficient.

So the consensus is simple: we need to urgently transition to post-quantum encryption for asymmetric algorithms, but there's no need to panic about AES. This is a classic case where different parts of cryptography require different approaches to protection.