Re: "...so we know where they'll strike next."
And we know a quantum factoring function already exists: Shor's Algorithm.
For that matter, we've had working QC implementations of it. It's just that no one's found a (feasible) way to build a large enough QC to use it for anything practical.
The best protocol for applying Shor's to DH, for example, takes 5K+1 qubits, where K is the length of the DH modulus in bits (1024, 2048, etc). I linked to the abstract on arxiv in a previous post here.
We're a few orders of magnitude away from a 10241-qubit QC, at least in terms of anything that's been made public. Some people think the NSA might have something like that, but I think they're nuts. The NSA mostly employs mathematicians, not physicists and engineers, and if they had the knowledge and resources to build something like that (remember this is something hugely beyond what anyone's done publicly), they almost certainly could find something better to do with them.
And a big-qubit QC isn't just a matter of scaling up. Noise and decoherence problems apparently get worse faster than linear with these things, though I admit I know very little about the practical details.
Biting the hand that feeds IT
