Q-Day refers to the estimated date (around 2028-2030) when quantum computers will be capable of breaking current RSA and ECC encryption. Qryptonic helps organizations prepare before this critical threshold.

What is the $2M Quantum Challenge?

Qryptonic offers a $2 million payment to any organization that passes our 90-120 day white-box cryptographic assessment with zero critical vulnerabilities. To date, $0 has been paid out—every assessment has discovered critical vulnerabilities.

Knowledge Base

Frequently Asked Questions

Common questions about quantum security, our assessment services, and enterprise compliance.

Quantum Threats Assessments $2M Challenge Compliance Enterprise

Quantum Threats

What is Q-Day?

Q-Day refers to the projected date when quantum computers become powerful enough to break current encryption standards like RSA and ECC. Current estimates range from 2028-2035. Qryptonic uses December 31, 2028 as a conservative risk horizon for planning purposes.

What is "harvest now, decrypt later" (HNDL)?

HNDL is an attack strategy where adversaries collect encrypted data today with the intention of decrypting it once quantum computers are available. This makes quantum-safe cryptography urgent now—sensitive data encrypted today may be readable in 5-10 years.

Which encryption algorithms are quantum-vulnerable?

RSA (all key sizes), ECC/ECDSA, ECDH, and DSA are all vulnerable to Shor's algorithm on quantum computers. AES is partially vulnerable to Grover's algorithm but remains secure at 256-bit key sizes. TLS 1.2 and earlier versions using RSA/ECDH key exchange are at risk.

What is post-quantum cryptography (PQC)?

PQC refers to cryptographic algorithms designed to be secure against both classical and quantum computers. NIST has standardized three algorithms: ML-KEM (CRYSTALS-Kyber) for key encapsulation, ML-DSA (CRYSTALS-Dilithium) for digital signatures, and SLH-DSA (SPHINCS+) for hash-based signatures.

Assessments

How long does a Qscout26 assessment take?

Qscout26 is a 7-day rapid assessment. First findings are typically delivered within 72 hours, with the complete cryptographic inventory and risk report by day 7. Zero operational disruption—no downtime required.

What is the difference between Qscout26 and Qstrike26?

Qscout26 is a 7-day discovery assessment that identifies cryptographic vulnerabilities. Qstrike26 is a comprehensive 4-month engagement that validates vulnerabilities through actual testing on quantum hardware, providing proof-of-concept exploits and detailed remediation guidance.

Do you test on real quantum computers?

Yes. Qstrike26 tests on 8 quantum hardware platforms: AWS Braket, IBM Quantum, Azure Quantum, Google Quantum AI, IonQ, D-Wave, Quantinuum, and Rigetti. This is actual quantum exploitation testing, not simulation.

What do I receive from an assessment?

Deliverables include: Complete cryptographic inventory (CBOM), risk-scored vulnerability report, executive summary for board presentation, prioritized remediation roadmap with dependencies, and ongoing consultation during remediation.

$2M Challenge

What is the $2M Challenge?

We pay $2,000,000 USD to any organization that completes a full Qstrike26 assessment (90-120 days) with zero critical or high-severity cryptographic vulnerabilities identified. To date, no organization has passed—every assessment has found critical issues.

Why offer $2M if you always find something?

Because cryptographic vulnerabilities exist in every enterprise environment we've tested. The challenge demonstrates our confidence and aligns our incentives with yours—we only succeed when we find real issues that matter.

What counts as a "critical" vulnerability?

Critical vulnerabilities include: exposed private keys, weak key generation, deprecated algorithms in production (MD5, SHA-1, DES), TLS misconfigurations allowing downgrade attacks, and quantum-vulnerable key exchange in systems handling sensitive data.

Compliance

Is Qryptonic SOC 2 certified?

We are pursuing SOC 2 Type II certification. Controls are implemented and audit is scheduled for Q2 2025. Current status and readiness documentation available in our Trust Center.

Do you support NIST PQC standards?

Yes. Our platform is aligned with NIST FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). We help organizations plan and execute migration to these standards.

Can you help with FedRAMP compliance?

Our platform is pursuing FedRAMP authorization for government deployments. For federal agencies and contractors, we can provide cryptographic assessments aligned with NIST 800-53 and CMMC requirements.

Enterprise

What industries do you serve?

We focus on regulated industries with high-value data: Financial Services (banking, capital markets, payments), Healthcare (providers, payers, pharma), Government & Defense (federal, state, defense contractors), and Critical Infrastructure (energy, utilities, telecom).

How is customer data handled?

Assessment data is encrypted at rest (AES-256-GCM) and in transit (TLS 1.3). Data is retained for 90 days post-engagement then securely deleted. Customer data is never used for AI model training. Full data handling policy in our Trust Center.

What are your support SLAs?

Enterprise support includes: Critical issues (1-hour response, 24/7), High (4-hour response, 24/7), Medium (8-hour response, business hours), Low (24-hour response). Dedicated customer success manager included for all engagements.

Do you offer on-premises deployment?

Yes. Deployment options include SaaS (multi-tenant), dedicated cloud, on-premises, and hybrid configurations. On-premises deployment available for organizations with strict data residency requirements.

Still Have Questions?

Our team is ready to answer specific questions about your environment and requirements.