Shor's algorithm is a quantum algorithm capable of efficiently solving the elliptic curve discrete logarithm problem, which underpins the security of NIST P-256 ECC. However, running Shor's algorithm at the scale needed to break real-world ECC encryption requires millions of fault-tolerant, error-corrected qubits—technology that does not currently exist. IBM Quantum and NIST both report that today's quantum computers are far from this threshold and that practical attacks are likely years or decades away.
Recent estimates suggest that even with rapid progress, building a quantum computer capable of breaking NIST P-256 ECC would require significant advances in hardware, error correction, and scaling. NIST is actively developing and recommending post-quantum cryptographic standards in anticipation of future quantum threats, emphasizing that migration should begin before quantum computers reach this capability. Until then, NIST P-256 ECC remains secure against all known quantum attacks.