Free reference
RSA / ECDSA quantum risk reference
A quick reference for the quantum risk of common algorithms and their post-quantum replacements. Public-key algorithms are the quantum-vulnerable ones; symmetric algorithms and hashes are a different, lower-risk category.
| Algorithm | Type | Risk | Notes | Migrate to |
|---|---|---|---|---|
| RSA | Public-key (encryption/signature) | Quantum-vulnerable | Factoring — broken by Shor's algorithm. | ML-KEM (key) / ML-DSA (sign) |
| ECDSA | Signature | Quantum-vulnerable | EC discrete log — broken by Shor's. | ML-DSA / SLH-DSA |
| DH | Key exchange | Quantum-vulnerable | Finite-field discrete log — broken by Shor's. | ML-KEM (hybrid) |
| ECDH | Key exchange | Quantum-vulnerable | EC discrete log — broken by Shor's. | ML-KEM (hybrid) |
| X25519 | Key exchange | Quantum-vulnerable | Modern ECDH curve, still classical. | X25519MLKEM768 (hybrid) |
| Ed25519 | Signature | Quantum-vulnerable | Modern EdDSA, still classical. | ML-DSA (or hybrid) |
| RS256 | JWT signature (RSA) | Quantum-vulnerable | RSA-based JWT signature. | ML-DSA when supported |
| ES256 | JWT signature (ECDSA) | Quantum-vulnerable | ECDSA P-256 JWT signature. | ML-DSA when supported |
| HS256 | JWT MAC (HMAC) | Symmetric | Symmetric — different risk category. | Adequate key length; HKDF |
| AES-256 | Symmetric encryption | Lower risk / target | Grover's only halves effective key strength. | Already adequate at 256-bit |
| SHA-256 | Hash | Lower risk / target | Grover/collision impact is manageable. | SHA-384/512 for margin |
| ML-KEM | Key encapsulation (FIPS 203) | Lower risk / target | NIST PQC standard. | Target algorithm |
| ML-DSA | Signature (FIPS 204) | Lower risk / target | NIST PQC standard. | Target algorithm |
| SLH-DSA | Hash-based signature (FIPS 205) | Lower risk / target | NIST PQC standard. | Target algorithm |
Scan your own stack with the free domain scanner.