[sillysaurusx]

There are lots of alternative constructions. ECC, for example.

1024-bit and higher RSA is still unfactorable, so I don't think anyone will be attacking RSA directly any time soon.

[akvadrako]

ECC is considered even less quantum resistant than RSA because the key lengths are so short.

[DennisP]

But for now, it's more important to ask whether ECC is vulnerable to some variant of Schnorr's attack, which uses conventional computers. We already had an algorithm to break RSA on quantum.