Post-quantum readiness and cryptographic transition planning for enterprise cloud
摘要
Cryptographically relevant quantum computers (CRQCs) would break widely deployed public-key cryptography (RSA/ECC) via Shor’s algorithm, enabling retroactive decryption of captured ciphertext (“harvest now, decrypt later”). This paper presents an enterprise-cloud transition framework that couples (i) standards-based algorithm selection using NIST’s post-quantum standards (FIPS 203–205), (ii) a cloud threat model that distinguishes retroactive confidentiality loss from forward integrity/authentication risks, and (iii) a quantitative timing-risk model grounded in Mosca’s inequality. Using a public expert-elicitation distribution for Q-day timing and a reproducible Monte Carlo estimator, we compare migration strategies and key planning parameters (migration start year, migration duration, and confidentiality lifetime). We also contrast this probabilistic view with common deterministic single-date Q-day planning, highlighting how tail uncertainty can materially change exposure estimates and recommended start years. For a representative enterprise case (