but, searching I found that it is apparently vulnerable to quantum computing attacks (wikipedia points me to: Nielsen, Michael A.; Chuang, Isaac L. Quantum Computation and Quantum Information. p. 202) and also found this:
Elliptic curve cryptography is logically equivalent to prime-factorization cryptography in a sense: both are special cases of the hidden subgroup problem. DLP is also a version of the hidden subgroup problem. Any variant of HSP can be broken by a quantum computer using a variant of Shor's algorithm.
How broken is the question - NSA cracks 2048 keys we just double the key size and are safe for 3-4 more years, or making it so trivial it doesn't matter how big the key size is.
In one of the crypto talks at the 30C3 the speaker mentioned that quantum computers are actually a greater danger to ECC, because of the smaller key sizes. ( I think this sounds plausible, but I am not an expert.)
https://en.wikipedia.org/wiki/Elliptic_curve_cryptography
but, searching I found that it is apparently vulnerable to quantum computing attacks (wikipedia points me to: Nielsen, Michael A.; Chuang, Isaac L. Quantum Computation and Quantum Information. p. 202) and also found this:
http://www.mathcs.richmond.edu/~jad/summerwork/ellipticcurve...