Defense

The threat: harvest now, decrypt later

Nation-state intelligence services have been collecting encrypted network traffic at scale for years. The collected ciphertext is stored in archives today and will be decrypted once a cryptographically relevant quantum computer (CRQC) is available. The threat is not hypothetical: it is a rational forward-looking strategy for any adversary with both the collection infrastructure and the patience to wait. This site uses a 2029 to 2033 planning scenario to keep long-lived-data migration urgent without presenting it as an official forecast.

The implication for data classified as sensitive for more than five years is immediate: sessions encrypted today with RSA-2048 or ECDH are already at risk from harvested traffic. The long-term confidentiality requirement triggers the migration obligation now, not at Q-Day.

Q-Day timelines: NIST, NSA, and BSI positions

NIST finalised the first three post-quantum standards (FIPS 203, 204, 205) in August 2024, giving federal and commercial teams a stable algorithm baseline for migration planning. NSA CNSA 2.0 guidance maps the transition for National Security Systems, while Germany’s BSI TR-02102 series and related European guidance support immediate inventory and prioritised migration for long-lived sensitive data. These references converge on a 2025–2030 planning window — which is already well under way.

• NIST: FIPS 203, 204, and 205 finalised as the PQC baseline
• NSA CNSA 2.0: migration guidance mapped for National Security Systems
• BSI TR-02102: immediate planning for long-lived sensitive data
• ENISA: PQC adoption recommended for critical infrastructure now

Crypto-agility engine and hot-swap algorithm profiles

A PQC deployment is not a one-time migration. Standards evolve: NIST selected HQC as the backup KEM in 2025, and its final standardisation path should be tracked alongside ML-KEM deployments. Algorithm profiles will be updated as the threat landscape shifts. Quanten’s crypto-agility engine separates algorithm selection from application logic: algorithm identifiers, parameter sets, and negotiation preferences are managed as versioned configuration profiles that can be pushed to deployed nodes without restarting services.

Hot-swap updates take effect on new sessions; existing sessions complete under the previous profile. The dual-signature bridge mode maintains backward compatibility during rollouts by signing payloads with both the outgoing and incoming signature algorithm simultaneously, allowing receivers to verify with whichever they support.

Incident response and threat modelling

Quanten includes a structured threat model assessment as part of engagement scoping. We map each data asset class against its confidentiality lifetime, identify which currently-encrypted channels carry that data, and produce a prioritised migration backlog ordered by residual risk. Assets with multi-decade confidentiality requirements (pension records, health data, infrastructure blueprints) are elevated above short-lived session data.

Incident response procedures cover the scenario where a CRQC appears ahead of the planning window. Quanten’s runbook includes emergency algorithm profile rotation, triage of in-flight session data, and communication templates for regulatory notification obligations under NIS2 and DORA. Talk to our security team to start a threat modelling session — most engagements complete the initial risk register in two working days.