There appears to be a problem with the paper though, it has no real foundation for the claims that quantum computing will obsolete essentially all of the existing crypto schemes out there. Another issue with the claim is the idea that AES-256 will require higher key. Apparently the authors do no understand what AES-256 really is.
Here is a link to the draft, and you are welcome to review it and comment.
http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf
Cryptographic Algorithm
|
Type
|
Purpose
|
Impact from large-scale
quantum computer
|
AES-256
|
Symmetric key
|
Encryption
|
Larger key sizes needed
|
SHA-256, SHA-3
|
Hash functions
|
Larger output needed
|
|
RSA
|
Public key
|
Signatures, key
establishment
|
No longer secure
|
ECDSA, ECDH
(Elliptic Curve Cryptography) |
Public key
|
Signatures, key
exchange
|
No longer secure
|
DSA
(Finite Field Cryptography) |
Public key
|
Signatures, key
exchange
|
No longer secure
|
Table 1 - Impact of Quantum Computing on Common Cryptographic Algorithms
