====== 2.2 Risk ======

Risk analysis for the quantum threat and protective measures.

----

===== The Threat: Harvest Now, Decrypt Later =====

**Scenario:**
  - Attackers intercept encrypted communication today
  - Store the data for years
  - Decrypt it with a future quantum computer

**Affected Data:**
  * TLS-encrypted connections
  * Signed documents and contracts
  * Authentication certificates
  * Archived business data

----

===== Timeline =====

<mermaid>
timeline
    title Quantum Migration Timeline
    section Now (2024-2025)
        NIST FIPS 203/204 final : ML-DSA & ML-KEM standardized
        OpenSSL 3.6 : PQ algorithms available
        WvdS Library : Hybrid cryptography production-ready
    section Transition (2026-2028)
        EU NIS2 : Critical infrastructure must act
        BSI Recommendation : PQ migration for agencies
        Enterprise : Large companies migrate
    section Critical (2029-2032)
        CRQC possible : Cryptographically relevant quantum computer
        Legacy unsafe : RSA/ECDSA broken
        Deadline : All systems must be PQ-capable
</mermaid>

^  Source  ^  Estimate (cryptographically relevant QC)  ^
| BSI((BSI: "Quantum-Safe Cryptography - Fundamentals, Current Developments and Recommendations", 2021, Section 4.1: https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/Brochure/quantum-safe-cryptography.pdf)) | 10-20 years |
| NIST((NIST: "Post-Quantum Cryptography FAQ", 2024: https://csrc.nist.gov/projects/post-quantum-cryptography/faqs)) | "Unknown, could come faster" |
| Global Risk Institute((Global Risk Institute: "Quantum Threat Timeline Report", December 2023, pp. 4-5: https://globalriskinstitute.org/publication/quantum-threat-timeline-report-2023/)) | ~14 years to CRQC (median estimate) |

**Critical Point:** Data with protection requirements >10 years is **now** at risk((BSI: "Make cryptography quantum-safe - BSI recommendations for action", September 2024, Section 2.3: https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Krypto/Post-Quanten-Kryptografie_Handlungsempfehlungen.pdf)).

----

===== Risk Matrix =====

^  Data Type  ^  Protection Requirement  ^  Risk without PQ  ^
| State secrets | 50+ years((BSI VS-Instruction (VSA): Retention periods for classified materials)) | Critical |
| Health data | 30+ years((MBO Medical Professional Code: Retention requirements for medical documentation)) | Critical |
| Financial contracts | 10-30 years((Commercial Code: Retention periods for commercial and business correspondence)) | High |
| Trade secrets | 5-10 years | Medium |
| Day-to-day operations | <5 years | Low |

----

===== Risk Mitigation =====

**Hybrid cryptography provides:**

^  Aspect  ^  Benefit  ^
| Future-proofing | PQ signature protects against quantum attacks |
| Backward compatibility | Legacy systems continue to work |
| No risk | Secure if either algorithm is secure |
| Ready immediately | 2 lines of code for activation |

----

===== Cost-Benefit =====

**Implementation Costs:**
  * Library integration: Minimal (NuGet package)
  * OpenSSL 3.6: Freely available
  * Development effort: 2 lines of code + tests

**Costs of Inaction:**
  * Data compromise after quantum computer availability
  * Regulatory penalties (when standards become mandatory)
  * Reputational damage

**Conclusion:** Low investment, high protection value.

----

===== Recommendation for Action =====

<WRAP important>
**Start now, don't wait.**

Migration to hybrid cryptography takes months to years (depending on system size). When quantum computers become available, it will be too late for data intercepted today.
</WRAP>

----

===== Further Reading =====

  * [[.:migration-roadmap|Strategy & Technology]] - Implementation plan
  * [[en:int:pqcrypt:konzepte:sicherheit|Security]] - Technical details
  * [[en:int:pqcrypt:developer:migration|Migration]] - Technical steps

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Post-Quantum Cryptography Professional//

{{tag>risk hndl quantum-threat}}