Post-Quantum Readiness
Quantum Risk Assessment: How to Evaluate Your Organization's Cryptographic Exposure
Learn how to assess your organization's quantum risk: classify cryptographic assets by data sensitivity and confidentiality lifetime, model harvest-now-decrypt-later scenarios, and build a risk register.
Quantum Risk Assessment: How to Evaluate Your Organization's Cryptographic Exposure Quantum risk assessment goes beyond counting certificates. It requires understanding what data your cryptography protects, how long that data must remain confidential, and where third party dependencies introduce risk you cannot directly control. This article provides a practical framework for assessing quantum risk across your organization — moving from "we use RSA everywhere" to a structured risk register with prioritized mitigation actions. The Harvest Now, Decrypt Later Threat Model The primary quantum risk is not that a quantum computer will suddenly break TLS tomorrow. It is that an adversary can record encrypted traffic today, store it, and decrypt it years later when cryptographically relevant quantum computers (CRQCs) become available. This means data encrypted with RSA or ECC today is already at risk if its confidentiality must extend beyond the next 10 15 years. For regulated industries — financial services, healthcare, defense, critical infrastructure — this is not a theoretical concern. It is a data governance problem with a known clock. The Quantum Risk Assessment Framework Step 1: Asset to Data Mapping For each cryptographic asset in your inventory, document what data it protects: TLS certificate on api.example.com: Protects customer PII in transit, payment card data, authentication tokens. Confidentiality lifetime: 7+ years (regulatory requirement). TLS certificate on blog.example.com: Protects public marketing content. Confidentiality lifetime: 0 years (already public). SSH host key on build server.internal: Protects CI/CD pipeline access. Confidentiality lifetime: months (keys rotate with each deployment). This mapping is the foundation of risk classification. An asset that protects long lived sensitive data is higher risk than one that protects ephemeral public data — even if both use the same RSA 2048 algorithm. Step 2: Algorithm Vulnerability Assessment Map each asset to its quantum vulnerability: | Algorithm | Quantum Vulnerability | Impact | | | | | | RSA 1024 | Already breakable classically; immediate replacement needed | Critical | | RSA 2048 | Broken by CRQC using Shor's algorithm | High | | RSA 4096 | Broken by CRQC; larger key offers no quantum resistance | High | | ECC P 256 | Broken by CRQC using Shor's algorithm (easier than RSA 2048) | High | | ECC P 384 | Broken by CRQC | High | | Ed25519 | Broken by CRQC (elliptic curve based) | Medium High | | AES 128 | Grover's algorithm provides quadratic speedup; 64 bit classical equivalent | Medium | | AES 256 | Grover's algorithm provides quadratic speedup; 128 bit classical equivalent | Low | | SHA 256 | Grover's algorithm provides quadratic speedup for preimage; 128 bit equivalent | Low | | SHA 384 | Quantum resistant for practical purposes | Low | Step 3: Data Sensitivity Classification Assign a sensitivity tier to the data each asset protects: Regulated: PII, PHI, PCI, classified, controlled unclassified information (CUI), trade secrets, intellectual property with 10+ year protection requirement. Sensitive Internal: Internal business data, employee information, source code, infrastructure configurations. Confidentiality lifetime: 3 7 years. Business General: Marketing plans, operational metrics, non sensitive communications. Confidentiality lifetime: 1 3 years. Public: Content already in the public domain. No confidentiality requirement. Step 4: Vendor Dependency Risk For asset