Quantum Threats Mapped: Engineering Inventory Reveals Vulnerabilities in RSA, DH, and ECDSA Cryptography

The increasing power of quantum computers presents a fundamental challenge to modern digital security, threatening the mathematical foundations of widely used encryption methods. Carlos Benitez from Platinum Ciber and colleagues systematically address this growing risk by creating a detailed inventory of technologies vulnerable to quantum attacks. Their work moves beyond theoretical cryptography, focusing instead on the practical landscape of systems that rely on algorithms like RSA, Diffie-Hellman, and Elliptic Curve cryptography. By mapping these vulnerable technologies across diverse digital infrastructures, the researchers provide a crucial resource for practitioners, vendors, and policymakers to proactively identify and mitigate risks before the advent of cryptographically powerful quantum computers. This cross-domain threat map represents a significant step towards understanding and safeguarding the digital ecosystem in the face of emerging quantum capabilities.

Cryptography Standards and Network Security Protocols

This research comprehensively surveys the landscape of cryptography and network security standards, revealing a growing focus on preparing for the challenges posed by quantum computing. The study categorizes a vast collection of standards and specifications, highlighting key areas like core cryptographic technologies, network communication security, system and platform security, and the emerging field of post-quantum cryptography. A significant theme is the increasing awareness and proactive preparation for the threat quantum computers pose to current encryption methods, with post-quantum cryptography no longer a distant concern but an active area of research, standardization, and implementation. The analysis reveals a strong emphasis on securing industrial control systems, reflecting the critical importance of protecting vital infrastructure.

The breadth of the surveyed standards demonstrates a need for layered security approaches, encompassing hardware, operating systems, networks, and applications. Public Key Infrastructure (PKI) emerges as a foundational element in many of the security solutions examined, underscoring its central role in establishing trust and securing communications. The research also highlights the importance of adhering to established security best practices and the growing need to secure mobile devices and cloud-based services.

Quantum Risk Assessment of Cryptographic Systems

This study pioneers a systematic assessment of technologies vulnerable to quantum computing threats, combining detailed documentary analysis with a cross-domain classification of cryptographic systems. Researchers meticulously examined authoritative sources, including standards bodies like IETF and NIST, vendor documentation, and peer-reviewed academic research, to build a comprehensive picture of quantum risks. The methodology centers on identifying asymmetric algorithms currently in use and categorizing threats as either ‘Harvest Now, Decrypt Later’ (HTDL) or a forgery risk, depending on whether confidentiality or authenticity is compromised. To ensure rigor, the team evaluated each finding against at least two independent sources, strengthening the reliability of the inventory and minimizing potential inaccuracies.

The research organizes findings from both a technology-domain perspective and an operational environment perspective, allowing for both broad identification of at-risk technologies and detailed understanding of how these risks manifest in real-world systems. The study specifically focuses on vulnerabilities arising from quantum attacks against asymmetric cryptography, excluding symmetric algorithms assumed to be quantum-resistant with appropriate key lengths. The team’s approach deliberately avoids estimating a timeline for quantum readiness, instead emphasizing the need for proactive migration planning before such capabilities emerge. By identifying current vulnerabilities, the research provides a crucial foundation for practitioners, vendors, and policymakers to prioritize mitigation efforts and develop resilient cryptographic systems.

Quantum Vulnerability Mapping Across Digital Infrastructures

This research delivers a comprehensive inventory of technologies vulnerable to threats posed by the advent of cryptographically relevant quantum computers. The study systematically maps these vulnerabilities across diverse digital infrastructures, identifying exposures before quantum capabilities emerge and providing a crucial resource for practitioners, vendors, and policymakers. Researchers evaluated each technology along two dimensions: cryptographic primitives in use, specifically asymmetric algorithms, and the nature of the quantum threat, categorizing it as either ‘Harvest Now, Decrypt Later’ (HTDL) or a forgery risk. The resulting inventory organizes vulnerabilities from both a technology-domain perspective and an operational environment perspective, providing a cross-cutting view of cryptographic dependencies.

From the technology domain view, the team identified Transport Layer Security (TLS) as vulnerable, noting that digital signatures and key exchanges relying on vulnerable algorithms are susceptible to attacks. Similarly, QUIC, a modern transport protocol, inherits these same quantum exposures. IPsec/IKEv2, widely used in VPNs, faces similar threats. The study also examined Secure Shell (SSH), revealing that long-term keys could be forged and sessions decrypted once quantum computers are available. However, recent versions of OpenSSH now support hybrid key exchange methods combining classical cryptography with NIST-standardized post-quantum KEMs, offering a path towards post-quantum security. WireGuard, a lightweight VPN protocol, is exposed to HTDL attacks, and enterprise Wi-Fi networks utilizing EAP-TLS are also vulnerable. This detailed inventory provides a critical foundation for proactive mitigation of quantum-related cryptographic risks across a wide range of digital systems.

Quantum Risk Across Digital Infrastructure

This research presents a comprehensive inventory of technologies vulnerable to threats posed by the development of large-scale quantum computers, which could break widely used cryptographic systems. The study systematically maps these vulnerabilities across diverse digital infrastructures, identifying exposures before quantum capabilities emerge and providing a crucial resource for practitioners, vendors, and policymakers. Researchers evaluated each technology along two dimensions: cryptographic primitives in use, specifically asymmetric algorithms, and the nature of the quantum threat, categorizing it as either ‘Harvest Now, Decrypt Later’ (HTDL) or a forgery risk. The resulting inventory organizes vulnerabilities from both a technology-domain perspective and an operational environment perspective, providing a cross-cutting view of cryptographic dependencies.

The analysis highlights the particular vulnerability of the Public Key Infrastructure (PKI) ecosystem, with its global network of certificate authorities exposed to both retrospective decryption and the risk of forgery. This research demonstrates that the quantum threat is not confined to specific applications but represents a systemic challenge requiring broad attention. By linking abstract cryptographic risks to concrete technological exposures, the team provides a clear view of vulnerable systems, enabling informed prioritization of future migration efforts towards post-quantum cryptography. Further research is needed to rigorously evaluate post-quantum cryptographic schemes, track PQC adoption, and integrate post-quantum requirements into relevant standards and governance frameworks. Ultimately, this work equips practitioners, vendors, and regulators with the awareness necessary to preserve digital trust in the face of advancing quantum computing capabilities.