Your RSA-2048 keys break in 2030. Find every one of them before attackers do.
ComplianceQBOM

Quantum is coming. Know where you're exposed.

A Quantum Bill of Materials inventories every cryptographic algorithm across your stack and scores each one for quantum vulnerability. Think of it as CBOM, focused specifically on quantum-readiness — required under NSA CNSA 2.0 and emerging DoD mandates.

O3 · Quantum Readiness Assessment
2 critical
RSA-2048TLS certificates · Break-year: 2030
Vulnerable
ECDH P-256Key exchange · Break-year: 2031
Vulnerable
AES-128-GCMData encryption · Break-year: 2040+
Weakened
SHA-256Integrity checks · Break-year: 2040+
Weakened
CRYSTALS-KyberKey encapsulation · Break-year: N/A
Safe

CNSA 2.0 gap: RSA and ECDH must be replaced by 2030. Migrate to CRYSTALS-Kyber + Dilithium.

CRYPTO ALGORITHM INVENTORY

Every cipher in your stack. Scored for quantum vulnerability.

Discovers every cryptographic algorithm across your source code, libraries, binaries, and configurations — then scores each one against Grover's and Shor's algorithms to determine quantum exposure.

RSA, ECC, DH algorithms flagged as quantum-vulnerable
Symmetric ciphers scored for Grover's algorithm weakening
Source code, libraries, binaries, and configs all scanned
Algorithm usage mapped to affected services and endpoints
O3 · Quantum Readiness Assessment
2 critical
AlgorithmUsageBreak-YearStatus
RSA-2048TLS certs2030Vulnerable
ECDH P-256Key exchange2031Vulnerable
AES-128-GCMData enc2040+Weakened
SHA-256Integrity2040+Weakened
CRYSTALS-KyberKey encapN/ASafe

CNSA 2.0 gap: RSA and ECDH must be replaced by 2030. Migrate to CRYSTALS-Kyber + Dilithium.

BREAK-YEAR ESTIMATION

2030. That's when RSA-2048 breaks. Are you ready?

Estimates the year at which a sufficiently powerful quantum computer could break each algorithm — based on current hardware progress curves and algorithm-specific qubit requirements — giving your team a concrete remediation deadline.

Per-algorithm break-year based on qubit requirement curves
Continuous update as quantum hardware progress accelerates
Harvest-now-decrypt-later risk flagged for near-term algorithms
Remediation urgency score calculated from break-year + attack surface
O3 · Break-Year Analysis
Updated Q1 2026
RSA-2048~4K qubits
Break: 2030Critical
Urgency85%
ECDH P-256~2K qubits
Break: 2031Critical
Urgency80%
AES-128-GCM~3K qubits
Break: 2040+Medium
Urgency40%
SHA-256~3K qubits
Break: 2040+Low
Urgency30%
CNSA 2.0 GAP ANALYSIS

NSA's deadline is 2033. Most teams haven't started.

Compares your current cryptographic posture against NSA's Commercial National Security Algorithm Suite 2.0 requirements and surfaces every gap — encryption, signatures, key exchange, and PKI infrastructure all require updates.

Gap analysis against all CNSA 2.0 algorithm requirements
PQC algorithm coverage check (Kyber, Dilithium, SPHINCS+)
PKI and certificate infrastructure migration gaps
Code signing and key exchange replacement priority
O3 · CNSA 2.0 Gap Analysis
3 gaps found
CRYSTALS-Kyber-1024
Key encapsulation
Adopted1 usage found
CRYSTALS-Dilithium
Digital signatures
Not adoptedReplace RSA-PSS
SPHINCS+
Hash-based signatures
Not adoptedNo usage detected
AES-256
Symmetric encryption
Partial6 services still use AES-128
MIGRATION PRIORITY ROADMAP

What to migrate first. In what order. With a deadline.

Ranks cryptographic assets by urgency — algorithms closest to their break-year with the widest attack surface get the highest migration priority — giving engineers a concrete remediation queue with compliance evidence for NSA, DoD, and NIST PQC standards.

Priority queue ranked by break-year and attack surface size
NIST FIPS 203/204/205 compliance evidence generated
DoD Quantum Readiness mandate documentation
Automated tracking as migrations complete
O3 · CNSA 2.0 Migration Timeline
Priority Queue
2025–2026

Inventory complete — all cryptographic assets catalogued and scored

O3 handles this
2026–2028

Replace RSA and ECDH in TLS, code signing, and key exchange

In roadmap
2028–2030

Migrate PKI and certificate infrastructure to PQC algorithms

Planned
2030–2033

Legacy system decommission and full CNSA 2.0 compliance validation

Required
FAQ

Questions,
answered.

Everything teams ask before rolling this out. Still stuck? Reach our team.

  • A Quantum Bill of Materials (QBOM) is a structured inventory of every cryptographic algorithm in use across a software system, with each algorithm scored for its vulnerability to quantum computing attacks. It extends a Cryptographic Bill of Materials (CBOM) with quantum-specific analysis: vulnerability classification against Grover's and Shor's algorithms, break-year estimates, and migration priority rankings aligned to NSA CNSA 2.0 and NIST PQC standards.
  • Asymmetric algorithms based on integer factoring or discrete logarithm problems are most vulnerable: RSA (all key sizes), ECDSA, ECDH, and Diffie-Hellman. Shor's algorithm can break these efficiently on a sufficiently large quantum computer. Symmetric algorithms (AES, ChaCha20) and hash functions (SHA-256, SHA-3) are weakened but not broken. Grover's algorithm effectively halves their security level, meaning AES-128 becomes equivalent to AES-64 classically.
  • NSA CNSA 2.0 (Commercial National Security Algorithm Suite 2.0) specifies the post-quantum cryptographic algorithms approved for National Security Systems. It requires transition to CRYSTALS-Kyber for key encapsulation, CRYSTALS-Dilithium or FALCON for digital signatures, and SHA-384/512 for hashing. NSS operators must complete migration by 2033, with interim milestones from 2025 onward.
  • A break-year estimate is the projected year by which a quantum computer with sufficient qubit count and error correction could break a specific cryptographic algorithm. These estimates are derived from current quantum hardware progress curves and algorithm-specific qubit requirements. For RSA-2048, estimates cluster around 2030–2034 depending on which hardware trajectory model is used. Break-year estimates are uncertain but useful for migration prioritization.
  • NIST finalized its first three post-quantum cryptography standards in August 2024: FIPS 203 (ML-KEM, based on CRYSTALS-Kyber) for key encapsulation, FIPS 204 (ML-DSA, based on CRYSTALS-Dilithium) for digital signatures, and FIPS 205 (SLH-DSA, based on SPHINCS+) for stateless hash-based signatures. O3 maps your current algorithms to their recommended PQC replacements and generates a migration priority queue.