- Edited
Kryptos Nuttso
For further reading, I found this paper to be really valuable:
Post-quantum cryptography - dealing with the fallout of physics success (Bernstein and Lange)
From table 1 on page 3:
Name: AES-256
Function: block cipher
Pre-quantum security level: 256
Post-quantum security level: 128 (Grover)Name: RSA-3072
Function: encryption
Pre-quantum security level: 128
Post-quantum security level: broken (Shor)Name: RSA-3072
Function: signature
Pre-quantum security level: 128
Post-quantum security level: broken (Shor)
Keep in mind that the definition of "post-quantum" is fuzzy and uncertain. There are many players in the academic-industrial-military complex overhyping its imminence in the pursuit of investment / grant money.
As far as I am aware, there are no reputable expert quantum physicists in the field that expect this to happen sooner than 10 years from now, but most of them expect it to happen within the 21st century.