Page "Quantum computer" Paragraph 22

However, other existing cryptographic algorithms do not appear to be broken by these algorithms.

Some public-key algorithms are based on problems other than the integer factorization and discrete logarithm problems to which Shor's algorithm applies, like the McEliece cryptosystem based on a problem in coding theory.

Lattice-based cryptosystems are also not known to be broken by quantum computers, and finding a polynomial time algorithm for solving the dihedral hidden subgroup problem, which would break many lattice based cryptosystems, is a well-studied open problem.

It has been proven that applying Grover's algorithm to break a symmetric ( secret key ) algorithm by brute force requires roughly 2 < sup > n / 2 </ sup > invocations of the underlying cryptographic algorithm, compared with roughly 2 < sup > n </ sup > in the classical case, meaning that symmetric key lengths are effectively halved: AES-256 would have the same security against an attack using Grover's algorithm that AES-128 has against classical brute-force search ( see Key size ).

Quantum cryptography could potentially fulfill some of the functions of public key cryptography.