Here is an excellent presentation by Professor Andris Ambainis (@aambainis) on the aspects of cryptography and encryption in the future with quantum computers:
The main issues are with the asymmetric public key cryptography and the way quantum computing is good at factorization and solving discrete logarithms which are supposed to be the difficult part of the RSA algorithm:
He outlines the following alternative algorithms which are still hard to solve for quantum computers:
- lattice based (NTRU, Ring-LWE),
- code based (McEliece) and
- based on multivariate quadratic equation.
The only issue with those algorithms appears to be the key size:
| Algorithm | Public key size (bits) | Private key size (bits) |
|---|---|---|
| Ring-LWE | 6,595 | 14,000 |
| NTRU | 6,130 | 6,747 |
| Rainbow | 991,000 | 740,000 |
| Hash signature | 36,000 | 36,000 |
| McEliece | 37,674,480 | 77,742,169 |
| SIDH | 3,071 | 3,072 |
To me it feels like the computational power and the memory capacity of secure elements today is no longer the main issue.