Threat intelligence
Quantum Security Threats.
The cryptographic agility window is closing. This is where current systems sit on the threat curve, and what to migrate to.
Threat Level: Global
CRITICAL
RSA / ECC public-key infrastructure
HNDL captures (est.)
142,847
flows/sec across observed backbones
Active advisories
3
24 CRQC programs monitored
Threat matrix
What is exposed, and how badly
System
Risk
Attack
Action
RSA-2048
CRITICAL
Shor's algorithm
Public-key encryption and signatures. Migrate to ML-KEM + ML-DSA hybrid now.
ECC P-256 / P-384
CRITICAL
Shor's algorithm (ECDLP)
ECDH and ECDSA both broken. Same hybrid migration path.
DH / DHE 2048
CRITICAL
Shor's algorithm (DLP)
Classical DH key exchange offers no PQC residual security.
AES-128
MODERATE
Grover's algorithm
Effective security drops to ~64 bits. Recommend migration to AES-256.
AES-256
LOW
Grover's algorithm
Effective security ~128 bits — still acceptable. Default symmetric choice.
SHA-256
LOW
Grover's algorithm
Pre-image resistance halved (~128 bits). Acceptable for most uses.
Hybrid TLS 1.3
MITIGATED
Both
X25519 + ML-KEM-768 — current best-practice deployment baseline.
The three attack vectors
Shor's Algorithm
Polynomial-time integer factoring and discrete log on a sufficiently large fault-tolerant quantum computer. Breaks RSA, DH, and ECC entirely.
Grover's Algorithm
Quadratic speedup for unstructured search. Halves effective key length for symmetric ciphers and pre-image attacks on hashes.
Harvest-Now-Decrypt-Later
Adversary captures encrypted traffic today, decrypts when CRQC arrives. Already happening at state-actor scale on long-tail-confidential data.
POST-QUANTUM PATH
Migrate to FIPS 203 / 204 / 205 / 206.
The NIST PQC standards are stable, implementable, and being deployed at scale. The migration is logistical, not cryptographic.
FIPS 203
ML-KEM (Kyber)
Key encapsulation
FIPS 204
ML-DSA (Dilithium)
Digital signatures
FIPS 205
SLH-DSA (SPHINCS+)
Hash-based signatures
FIPS 206
FN-DSA (Falcon)
Compact signatures