Irrespective of how powerful quantum computers are in the moment, for some critical data you’d need to consider an attacker who stores asym. encrypted traffic and waits until QC are powerful enough to break the encryption afterwards.
NIST chose some algorithms – I guess they could be plugged in as replacements for RSA (or whatever is currently used).
Google used some of those algorithms for Chrome and TLS and has some performance comparisons.
Would increased key lengths and reduced speed pose problems for TOR nodes etc.?