What question did this study set out to answer?

This research aims to evaluate the readiness of U.S. national security systems to migrate to post-quantum cryptography before the 2035 deadline.

May 24, 2026Open Access

Quantum Computing Threats to Cryptographic Infrastructure: A Quantitative Analysis of Post-Quantum Migration Readiness for National Security Systems

Key Points

This research aims to evaluate the readiness of U.S. national security systems to migrate to post-quantum cryptography before the 2035 deadline.
Analyzed six datasets related to quantum hardware, PQC algorithm benchmarks, and cryptographic vulnerabilities.
Used polynomial and logistic regression, Kruskal-Wallis tests, chi-square analysis, and Monte Carlo simulation.
Sample sizes included 46 quantum hardware metrics and 856 cryptographic vulnerabilities.
Projected that a cryptographically relevant quantum computer could compromise RSA-2048 by around 2042 (R² = .906).
Demonstrated significant performance differences across PQC algorithm families (p < .01), with ML-KEM being the fastest.
Found that only 0.03% probability exists for federal agencies to complete migration by 2035, with a median completion year of 2041.2.

Abstract

Advancing quantum computing capabilities pose an existential threat to the public-key cryptographic infrastructure—RSA, elliptic curve cryptography (ECC), and Diffie-Hellman key exchange—that secures national security systems, critical infrastructure, and classified communications. National Security Memorandum 10 (NSM-10) mandates that federal agencies complete migration to post-quantum cryptography (PQC) by 2035, yet the feasibility of achieving this deadline remains empirically unquantified. This quantitative study assessed four interrelated dimensions of the post-quantum migration challenge for U.S. national security systems through analysis of six curated datasets: quantum hardware metrics (N = 46), PQC algorithm benchmarks (N = 24), National Vulnerability Database cryptographic vulnerabilities (N = 856), cryptographic library vulnerabilities (N = 39), federal agency migration data (N = 22), and PQC TLS network performance data (N = 19). Analytical methods included polynomial and logistic regression, Kruskal-Wallis tests, chi-square analysis, logistic regression, and Monte Carlo simulation (10,000 iterations). Results revealed four convergent findings. First, a cubic polynomial model (R² = .906) projected that a cryptographically relevant quantum computer (CRQC) could compromise RSA-2048 by approximately 2042, while a logistic saturation model (R² = .991) suggested a potential qubit plateau at approximately 1,237 qubits. Second, statistically significant performance differences existed across PQC algorithm families (p < .01), with ML-KEM demonstrating the fastest key generation (12–31 µs) and effect sizes up to η² = .893. Third, implementation vulnerabilities constituted 82.1% of cryptographic CVEs, with no significant association with severity (χ² = 4.216, p = .239). Fourth, the probability of all federal agencies completing migration by 2035 was 0.03% (median completion: 2041.2). These findings reveal a significant urgency-readiness gap between quantum threat emergence and federal migration capacity. Algorithm migration alone addresses less than 20% of the cryptographic vulnerability surface. Risk-based prioritization, phased compliance frameworks, and concurrent investment in implementation security are recommended to bridge the gap between the quantum threat timeline and organizational readiness.

Quantum Computing Threats to Cryptographic Infrastructure: A Quantitative Analysis of Post-Quantum Migration Readiness for National Security Systems

Key Points

Abstract

Cite This Study

Also Consider

Also Consider