| RSA | Public key encryption and digital signatures | Highly vulnerable | Shor’s algorithm can efficiently factorize large numbers. | RSA is widely used for securing data and verifying identities. |
| DSA / ECDSA | Digital signatures | Highly vulnerable | Shor’s algorithm can solve the discrete logarithm problem for both finite fields and elliptic curves. | ECDSA is often preferred because it offers the same security with shorter key lengths. |
| Diffie-Hellman (DH / ECDH) | Key exchange | Highly vulnerable | Shor’s algorithm can efficiently solve the discrete logarithm problem. | ECDH is a variant that uses elliptic curves. |
| AES | Symmetric encryption | Moderately vulnerable | Grover’s algorithm can speed up brute force searches, effectively halving the key length. | The security of AES-256 would be reduced to that of AES-128 in a post-quantum context, but it’s still considered strong. |
| 3DES | Symmetric encryption | Moderately vulnerable | Grover’s algorithm can speed up brute force searches, and 3DES has a reduced effective key length. | 3DES is older and less secure than AES. |
| SHA-2 and SHA-3 | Cryptographic hash functions | Moderately vulnerable | Grover’s algorithm can be used to find collisions faster than classical computers. | Using longer output lengths can help maintain security. |
| HMAC | Message authentication | Depends on the underlying hash function | Its security is based on the underlying hash function. | If the hash function is quantum-resistant, HMAC will be too. |