BUILD 100 · QTA · NIST IR 8547 · 72-HOUR DELIVERABLE

Quantum Threat Assessment

Here's the IBM circuit. Here's which of your curves it broke. Here's the timeline. QTA is a 72-hour assessment that maps your cryptographic asset inventory to NIST IR 8547 migration categories, overlays sector-specific data lifetime models, and produces harvest-now-decrypt-later risk windows grounded in hardware-verified results.

BOOK A $5,000 QTASEE THE 72-HOUR TIMELINE

THE MOSCA THEOREM

X + Y + Z > T

Michele Mosca's inequality is the organizing principle of every quantum threat assessment worth paying for. It tells you — with arithmetic, not hand-waving — whether you are already too late to migrate.

X
Data shelf life
How long must this data remain confidential
Y
Migration time
How long to deploy PQC across this surface
Z
Q-Day horizon
Years until cryptographically-relevant quantum computer
T
Transition deadline
If X + Y > Z, you are already too late

Our Q-Day horizon estimate (Z) is anchored to empirical evidence — we broke 17 ECC curves on IBM quantum hardware. That number shortens every year. Your data shelf life doesn't.

NIST IR 8547 CLASSIFICATION

Four categories. Four answers.

Every asset you own gets tagged with exactly one NIST IR 8547 category. The category determines the action.

Cat 1CRITICAL

Must transition — Shor-vulnerable

RSA · ECDSA · ECDH · DH · DSA

All public-key primitives that Shor's algorithm breaks. Broken on IBM hardware by us in 2025 (17 curves, ibm_fez).

Cat 2HIGH

Must transition — Grover-weakened

AES-128 · SHA-256 (collision) · SHA-1 · MD5

Symmetric primitives whose effective strength halves under Grover. SHA-1 and MD5 are already classically broken.

Cat 3SAFE

No transition required

AES-256 · SHA-384 · SHA-512 · SHA3-family

Grover halves to 128-bit effective strength — still safely beyond brute force. Keep using these.

Cat 4MONITOR

Under study

Hash-then-sign · Lattice-based PAKE · Isogeny

Primitives where the NIST classification is still evolving. QTA flags these for monitoring rather than urgent action.

SECTOR DATA LIFETIME MODEL

Your sector dictates your X.

Defense classified programs have 35-year confidentiality windows. Banking records are bound by Basel III + AML lookback to 25 years. Tech product roadmaps expire in 10. QTA overlays your sector's data lifetime on every asset and lets the math speak.

Defense
35 yrs
Classified programs · COMSEC
Insurance
30 yrs
Long-tail claims · reserves
Healthcare
30 yrs
HIPAA minimum + medical records lifetime
Banking
25 yrs
Basel III records + AML lookback
Pharma
25 yrs
Drug compound IP · clinical data
Government
25 yrs
FOIA · classification holds
Energy
20 yrs
SCADA · grid topology · safety systems
Legal
20 yrs
Attorney-client privilege · litigation
Telecom
15 yrs
Subscriber data · signaling
Manufacturing
15 yrs
Trade secrets · IP
Tech
10 yrs
Product roadmaps · source code

HARVEST-NOW-DECRYPT-LATER

Four risk windows. Every asset gets one.

ACTIVE

Adversaries are recording your encrypted traffic today. Data lifetime ≥ Q-Day horizon. By the time decryption is viable, your data is still confidential. You have already been harvested.

IMMINENT

Narrow window. Data lifetime sits 3–7 years from Q-Day. Migration must begin this fiscal year to stay ahead of the decrypt window.

FUTURE

Exposure is real but deferrable. Data lifetime extends beyond current monitoring window but below Q-Day horizon. Schedule for next planning cycle.

SAFE

Cat 3 primitives or short-lifetime data. No quantum migration required. Focus resources elsewhere.

72-HOUR DELIVERABLE

From kick-off to signed report.

H+0

Kick-off

NDA executed. Asset inventory ingested via free-text, spreadsheet, or architecture document.

H+12

Surface enumeration

Cryptographic primitives extracted and tagged. NIST IR 8547 categories assigned to every asset.

H+24

Exposure scoring

MOSCA theorem applied: X + Y + Z > T. Sector-specific data lifetime overlaid. HNDL windows computed per asset.

H+48

Advisory cross-ref

Live KB cross-reference against CISA CNSA 2.0, NSA M-23-02, DORA Art. 6, SWIFT CSP, ETSI GR-QSC-004 (10 advisories total).

H+72

Deliverable

Executive brief (150w) + technical roadmap (400w) + SQLite-backed evidence file. SATOR-HMAC signed. Telegram digest optional.

LIVE ADVISORY CROSS-REFERENCE

Ten frameworks. One report.

Every QTA finding is tagged to the specific regulatory advisory it maps to. When the board asks “which framework requires this?” the answer is already in the deliverable.

CISA · US
CNSA 2.0
CISA · US
BOD 23-02
NSA · US
M-23-02
NIST · US
IR 8547
NIST · US
SP 800-227
ENISA · EU
PQC Guidance
DORA · EU
Article 6 · ICT Risk
ETSI · EU
GR-QSC-004
SWIFT · Global
CSP v2024
BSI · DE
Migration to PQC

Know your exposure.
In 72 hours.

$5,000 entry. Three-day turnaround. Executive brief + technical roadmap + live advisory cross-reference.

Every finding SATOR-HMAC signed. Every claim anchored to empirical hardware results. Acceptable to federal auditors and board risk committees.

BOOK A QTASEE THE HARDWARE PROOF← ALL SERVICES