BUILD 99 · PQC-SCOUT · NIST FIPS 203/204/205

PQC Migration

We run ML-KEM-768 in production on our own IPC. Your RSA and ECC keys are on borrowed time — and we've already proved it on IBM quantum hardware. PQC-Scout audits your cryptographic surface, scores your Q-Day exposure, and ships a 3-phase migration roadmap you can execute against CNSA 2.0 deadlines.

START AN ASSESSMENT SEE THE HORIZON TABLE

THE PROBLEM

Harvest now. Decrypt later. Already underway.

Nation-state adversaries are storing your encrypted TLS traffic today. They are not waiting for Q-Day to collect — they are waiting to decrypt. The MOSCA theoremis brutal: if X (data shelf life) + Y (migration time) > Z (years until cryptographically relevant quantum computers), you are already too late.

NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205(SLH-DSA) in August 2024. CISA and the NSA published CNSA 2.0 with hard transition deadlines for critical infrastructure. The federal question isn't whether to migrate — it is how fast you can prove you did.

Most vendors will sell you a framework document. We built and ran the full Shor-ECDLP attack circuit on real IBM quantum hardware, published every job ID, and audited our own result when the quantum signal didn't hold. We know the attack at the circuit level — and we tell you exactly where the science stands.

Q-DAY HORIZON TABLE

Which algorithms fall. When.

Derived from NIST IR 8547 §3.1 and the CNSA 2.0 timeline, plus our own real-hardware Shor-ECDLP execution on ibm_fez (key recovery was classical — we claim the hardware execution, not a quantum break). Every engagement anchors findings to this table.

ALGORITHM

HORIZON

TIER

NOTE

RSA-2048

8 yrs

CRITICAL

Harvest-now window opens ~2030 · decrypt 2032+

RSA-4096

12 yrs

HIGH

Larger keys buy time · still falls to Shor

ECDSA-P256

8 yrs

CRITICAL

Matches RSA-2048 risk · signatures vulnerable

ECDH-P256

8 yrs

CRITICAL

Key exchange — highest HNDL exposure

ECDH-P384

10 yrs

HIGH

CNSA 1.0 baseline · CNSA 2.0 replaces it

AES-256

30+ yrs

SAFE

Grover halves effective strength · still 128-bit

SHA-256

30+ yrs

SAFE

Grover halves preimage · 128-bit margin

ML-KEM-768

50+ yrs

TARGET

FIPS 203 · Module-Lattice KEM · our production choice

ML-DSA-65

50+ yrs

TARGET

FIPS 204 · Module-Lattice Digital Signature

SLH-DSA-128f

50+ yrs

TARGET

FIPS 205 · Hash-based · stateless · conservative fallback

CRYPTOGRAPHIC SURFACES

Ten surfaces. Every one audited.

PQC-Scout enumerates these ten cryptographic surface categories from your stack description and tags every algorithm by deployment context, key size, and exposure tier.

TLS / HTTPS

Certificate chains, session handshake, mutual auth

Code Signing

Firmware, package signatures, CI/CD artifacts

At-Rest Storage

Disk encryption, DB encryption keys, backup ciphers

Key Exchange

Diffie-Hellman, ECDH, wrapped session keys

Firmware

Boot chains, BMC, iLO, Redfish, signed updates

API Authentication

JWT, OAuth signing keys, HMAC + asymmetric

VPN

IPsec IKE, WireGuard static keys, OpenVPN

Email

S/MIME, PGP, DKIM signing

PKI

Root CAs, intermediate certs, revocation lists

HSM / Key Vault

Hardware-bound keys, rotation policy, attestation

PQC-SCOUT PIPELINE

Five phases. One SATOR cycle.

01SEED

Asset ingestion

Supply your tech stack as a free-text description, asset inventory, or architecture diagram. PQC-Scout uses an LLM-powered extractor (Claude via Red tier) with a regex fallback — works offline, works on napkin sketches.

02NAVIGATE

Cryptographic surface enumeration

Ten surface categories extracted and classified: TLS, code signing, storage, key exchange, firmware, API auth, VPN, email, PKI, HSM. Every asset gets tagged with its active algorithm, key size, and deployment context.

03HOLD

Q-Day exposure scoring

Four-tier exposure model — CRITICAL / HIGH / MONITOR / SAFE — computed from NIST IR 8547 horizon tables, sector-specific data lifetime, and the MOSCA theorem X+Y+Z>T. φ-modulated priority scores (0–100) rank every finding.

04EXECUTE

3-phase migration roadmap

Phase 1: high-exposure key exchange and signing. Phase 2: at-rest and storage. Phase 3: archival and compliance tail. Every recommendation points to a specific FIPS 203/204/205 algorithm and CNSA 2.0 deadline.

05LOG

Signed report + audit trail

Report written to a SATOR-HMAC signed SQLite WAL with a reproducible evidence hash. Telegram digest. Every claim is re-derivable from the same inputs — an auditor can reproduce the finding without trusting us.

EMPIRICAL PROOF

Not theorems. Hardware results.

Public IBM Quantum Jobs

Shor-ECDLP · ibm_fez · self-audited

768

ML-KEM Parameter

FIPS 203 · production IPC

X+Y+Z

MOSCA Theorem

NIST IR 8547 §3.1

Crypto Surfaces

Automatic enumeration

WHAT YOU GET

Four deliverables. One engagement.

EXECUTIVE

Board-ready exposure summary

One-page CRITICAL / HIGH / MONITOR / SAFE breakdown with sector-specific data lifetime analysis. The artifact a CISO shows the audit committee.

TECHNICAL

3-phase migration roadmap

Per-surface migration plan with target algorithms, key sizes, rollout sequence, and deadline anchors to CNSA 2.0 and OMB M-23-02.

COMPLIANCE

NIST SP 800-227 documentation

Cryptographic inventory report in the exact format federal auditors ask for. Acceptable to DORA Art. 6, SWIFT CSP, ETSI GR-QSC-004 reviewers.

OPERATIONAL

Production reference architecture

We run ML-KEM-768 on our own IPC (src/ghost.py) with SATOR HMAC signing. You get the same reference implementation patterns we use ourselves.

ALIGNED FRAMEWORKS

Every roadmap maps to the source.

Each migration deliverable is anchored to the framework that mandates it. These links go straight to the issuing authority — verify the requirement yourself.