> the class of all problems solvable by a classical computer is exactly the same as the class of all problems solvable by a quantum computer

I started this sub-thread because I'm pretty sure this statement is true. But the details are tricky.

> the best-known quantum algorithm for factoring integers is asymptotically faster than the best-known classical algorithm for factoring integers

The only reason that current commercial cryptography works is that classical computers can't factor large integers effectively. But quantum speedups to factoring isn't particularly profound, since factoring is just a small part of computing.

> > the class of all problems solvable by a classical computer is exactly the same as the class of all problems solvable by a quantum computer

> I started this sub-thread because I'm pretty sure this statement is true. But the details are tricky.

Actually that is one of the first problems that was solved when we started looking into quantum computers. Our models of classical and quantum computation are both Turing complete and only Turing complete. Any classical computer can simulate a quantum computer, and any quantum computer can simulate a classical one. A quantum computer's only advantage is in speed, and we don't yet have proof that there is an exponential speed benefit that cannot be circumvented by finding a better classical algorithm.

Since asymmetric cryptography generally relies on an exponential barrier between the process of using the encryption and the process of breaking the encryption, that is what we really need to completely break modern asymmetric cryptography.