A Formal Basis for Quantum Cryptographic Exposure Measurement under HNDL Threat
For organizations needing to prioritize cryptographic upgrades against future quantum decryption, the paper offers a theoretically grounded exposure measurement framework that reveals limitations of additive scoring methods.
The paper derives a structurally justified functional form for quantum cryptographic exposure under HNDL threat, showing that the compromise probability factorizes into temporal, vulnerability, exposure, and defense-attack terms, with endogenous marginal sensitivities. This provides a grounded basis for operational prioritization under partial observability.
An adversary copies your encrypted traffic today and waits for a quantum computer to decrypt it later. How exposed are you? We show that the functional form of the answer is not merely a calibration choice -- it is structurally justified by three assumptions about adversarial production and value-decay dynamics. Under those assumptions, the HNDL compromise probability factorises into a temporal hazard, a multiplicative cryptographic-vulnerability and operational-exposure term, and a saturation denominator governed by the defense-attack intensity ratio; the marginal sensitivity to each dimension is endogenous to the organisation's position in the vulnerability-exposure plane, not a fixed global constant. Additive scoring frameworks cannot reproduce this structure because the interaction between cryptographic vulnerability and operational exposure is absent by construction, regardless of calibration. The resulting framework provides a structurally grounded basis for operational HNDL exposure prioritisation under partial observability.