All of these use ciphers that are only affected by Grover’s algorithm. This basically halves the exponent on your key space (so instead of 2^128 keys you only have 2^64 keys), however this doesn’t necessarily mean that the algorithm is faster than a good parallel brute force on classical computers.
The more problematic algorithms are the ones affected by Shor’s algorithm, which are all algorithms in broad use today that involve some sort of agreeing on a shared secret.
All of these use ciphers that are only affected by Grover’s algorithm. This basically halves the exponent on your key space (so instead of 2^128 keys you only have 2^64 keys), however this doesn’t necessarily mean that the algorithm is faster than a good parallel brute force on classical computers.
The more problematic algorithms are the ones affected by Shor’s algorithm, which are all algorithms in broad use today that involve some sort of agreeing on a shared secret.
I’m not well versed on the speed of Grover’s over classical brute force. According to NIST this is correct! Thanks for the addition.