Day 7: Challenge — Quantum Threat Assessment

Phase 3 · July 14, 2026 · Week 1 Review

Agenda (2–3 hours)

• Review (20 min): Week 1 concepts from memory
• Write (150 min): Complete the threat assessment document

No new reading. This is a writing-and-synthesis day.
The output is the first major section of your migration roadmap.

Week 1 Concepts Check

Answer from memory:

1. What is Shor's algorithm and which specific problems does it solve in polynomial time?
2. Why does Grover's not "break" symmetric crypto the same way Shor's breaks public-key crypto?
3. What is "harvest now, decrypt later" and why does it matter for data classified today?
4. Why is the LWE problem believed to be quantum-resistant? What periodic structure is missing?
5. What is the difference between a KEM and a key exchange? Why does TLS need a KEM, not just a signature?
6. When should you prefer SLH-DSA over ML-DSA?

Challenge Assignment: Threat Assessment Document

Write a complete 2–3 page quantum threat assessment for the Amazon Leo Secure Comms provisioning service. This becomes Part 1 of pqc-migration-roadmap.md.

Section 1: Assets at Risk

• Data types, sensitivity lifetimes, HNDL exposure

Section 2: Current Cryptographic Inventory

• Every algorithm in use: TLS (key exchange, auth, MAC, hash), cert signing, internal APIs

Section 3: Quantum Threat Analysis

• For each algorithm: Shor's applicable? Grover's applicable? Estimated years of remaining security?
• Recommend immediate mitigations (e.g., upgrade cipher suites) vs. PQC migration required

Section 4: Timeline

• What is the risk window if migration completes in 2028? 2030? 2032?
• What is the highest-priority item to migrate first?

Threat Assessment Template

# PQC Threat Assessment: Amazon Leo Secure Comms Provisioning Service
Date: July 2026 | Author: [your name]

## 1. Assets at Risk
| Asset | Description | Sensitivity Lifetime | HNDL Risk |
|-------|-------------|---------------------|-----------|
| Device provisioning keys | ... | ... | ... |
| TLS session content | ... | ... | ... |
| ...

## 2. Current Cryptographic Inventory
| Algorithm | Usage | Quantum vulnerable? | Impact if broken |
|-----------|-------|--------------------|-|
| X25519 ECDHE | TLS key exchange | Yes (Shor's) | Session decryption |
| ...

## 3. Threat Analysis
...

## 4. Migration Timeline
...

A Note on Speculation

Your service-specific details are approximations — you're on leave and don't have
access to internal documentation. That's fine. Use your knowledge of the team's architecture
and make reasonable assumptions. Note where you're estimating.

When you return in October, this document becomes a starting point for a real conversation
with your team. The structure and reasoning are what matter, not the exact numbers.

Resources

• Your notes from Days 1–6
• CISA advisory: "Preparing Critical Infrastructure for Post-Quantum Cryptography"
• NSA CNSA 2.0: the algorithm requirements and timeline are authoritative