arxiv: 2604.02591 · v2 · submitted 2026-04-03 · 💻 cs.CR

Recognition: 2 theorem links

· Lean Theorem

The Quantum-Cryptographic Co-evolution

Ashish Kundu , Ramana Kompella

Authors on Pith no claims yet

Pith reviewed 2026-05-13 20:48 UTC · model grok-4.3

classification 💻 cs.CR

keywords quantum gapcrypto-agilequantum computingcryptographic resilienceCRQCpost-quantum cryptographysystemic risk

0 comments

The pith

The quantum gap between capable quantum computers and safe encryption adoption creates the highest systemic risk.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper introduces a two-dimensional coordinate system with cryptographic resilience along the x-axis and computational capability along the y-axis. Dividing the plane into four quadrants allows categorization of the stages in the shift from classical cryptographic systems to quantum-resilient ones. The central argument identifies the quantum gap, the interval between the arrival of cryptographically relevant quantum computers and the widespread deployment of quantum-safe alternatives, as the period of greatest danger. This framing supports the conclusion that organizations must move immediately to crypto-agile frameworks that can switch algorithms without major disruption. A reader would care because the map offers a simple way to locate current infrastructure and time the necessary upgrades before quantum computers render existing protections obsolete.

Core claim

The paper establishes a two-dimensional coordinate system in which cryptographic resilience is plotted against computational capability, producing four quadrants that classify the co-evolution of cryptography and quantum computing. Within this map the quantum gap, defined as the time difference between the emergence of cryptographically relevant quantum computers and the adoption of quantum-safe systems, is identified as the region of highest systemic risk, requiring immediate adoption of crypto-agile architectures to reduce exposure.

What carries the argument

A two-dimensional coordinate system with cryptographic resilience on the x-axis and computational capability on the y-axis, divided into four quadrants that categorize transition stages from legacy to quantum-resilient systems.

If this is right

Immediate adoption of crypto-agile frameworks is required to shrink the quantum gap.
Legacy systems fall into quadrants that become unsustainable once quantum computers reach cryptographically relevant capability.
The quadrant framework provides a shared language for timing migration away from classical cryptography.
Global infrastructure faces existential exposure if the gap is not closed before quantum computers arrive.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

Organizations could plot their own systems on the map to set concrete migration deadlines.
The model suggests that standards bodies should accelerate quantum-safe algorithm deployment to shift the entire plane upward.
Future work could add numerical scales to the axes so that specific timelines and risk probabilities can be calculated.

Load-bearing premise

The two-dimensional coordinate system and its four-quadrant analysis correctly capture the real dynamics and relative risk levels of the cryptographic transition.

What would settle it

Empirical data or simulations showing that risk levels during the period after quantum computers break current encryption but before new systems are deployed are not higher than risks in other phases of the transition.

Figures

Figures reproduced from arXiv: 2604.02591 by Ashish Kundu, Ramana Kompella.

**Figure 2.** Figure 2: Detailed visualization of the quantum-cryptographic threat landscape. [PITH_FULL_IMAGE:figures/full_fig_p003_2.png] view at source ↗

**Figure 3.** Figure 3: Evolutionary Influence Graph: The flow of evolutionary pressure [PITH_FULL_IMAGE:figures/full_fig_p004_3.png] view at source ↗

**Figure 4.** Figure 4: Detailed Representative Influence Graph: Some inter-dimensional [PITH_FULL_IMAGE:figures/full_fig_p005_4.png] view at source ↗

read the original abstract

As quantum computing matures toward the realization of Cryptographically Relevant Quantum Computers (CRQC), global cryptographic infrastructure faces an existential threat. This paper introduces a two-dimensional coordinate system to map the co-evolution of cryptographic resilience (x-axis) and computational capability (y-axis). By analyzing the four resulting quadrants, we categorize the transition from legacy classical systems to quantum-resilient architectures. We argue that the "Quantum Gap" - the delta between CRQC arrival and quantum-safe adoption represents the highest systemic risk, necessitating an immediate transition to crypto-agile frameworks.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

A simple quadrant sketch for the quantum-to-post-quantum shift that restates known risks without metrics, data, or testable claims.

read the letter

The paper's core move is to draw a two-axis plane with cryptographic resilience on one side and computational capability on the other, then label the four quadrants and point to the gap between CRQC arrival and full adoption as the highest-risk period. That framing is new in its exact pairing, though quadrant transition models appear in earlier work on technology adoption and risk curves. The text does a clean job of naming the practical takeaway: organizations should move to crypto-agile designs now rather than wait for a clean break. That point is stated plainly and matches what many in the field already say in standards meetings. Beyond the diagram itself, there is little else on offer. The axes carry no units, no scaling, and no decision thresholds, so no concrete state can be plotted and no comparison between quadrants can be performed. The risk ranking therefore comes from the narrative labels rather than from any calculation or external benchmark. No timelines, cost estimates, or simulation results are supplied to support the claim that this particular gap is the largest systemic threat. The argument is internally consistent but reduces to restating the problem in visual form. Readers who need a one-slide overview for policy or planning discussions may find the picture useful as a talking point. Anyone looking for derivations, empirical checks, or new mechanisms will come away empty. The work does not contain the kind of grounded claim that justifies sending it to referees; it reads as a short position note rather than a research contribution that can be evaluated on evidence.

Referee Report

2 major / 1 minor

Summary. The paper introduces a two-dimensional coordinate system with axes for cryptographic resilience (x) and computational capability (y) to map the co-evolution of classical and quantum cryptography. It divides the plane into four quadrants, categorizes the transition from legacy systems to quantum-resilient architectures, and identifies the 'Quantum Gap' (delta between CRQC arrival and quantum-safe adoption) as the highest systemic risk, arguing for immediate adoption of crypto-agile frameworks.

Significance. If the framework can be equipped with measurable axes and thresholds, it could serve as a high-level conceptual tool for risk assessment in post-quantum migration planning. However, in its current form the contribution is primarily rhetorical rather than analytical, offering no new derivations, data, or falsifiable predictions.

major comments (2)

[Coordinate system definition] The coordinate-system section (immediately following the introduction) defines the x-axis only as 'cryptographic resilience' and the y-axis only as 'computational capability' without units, scaling, decision boundaries, or any mapping procedure. Consequently, no concrete coordinate can be assigned to the current state, the CRQC threshold, or post-quantum adoption, rendering the quadrant placement and the ranking of the 'Quantum Gap' as highest risk a narrative assertion rather than a derivable result from the model itself.
[Quadrant analysis and Quantum Gap discussion] The central claim that the Quantum Gap constitutes the highest systemic risk rests entirely on the four-quadrant analysis. Because the axes lack quantitative metrics or external benchmarks, the risk ordering cannot be tested or reproduced; this is load-bearing for the recommendation of immediate crypto-agile transition.

minor comments (1)

[Abstract] The abstract states the risk conclusion without indicating that the supporting framework is qualitative; a brief qualifier would improve clarity.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive feedback on our manuscript. We address each major comment below and outline the revisions we intend to make to strengthen the presentation of our coordinate system framework.

read point-by-point responses

Referee: [Coordinate system definition] The coordinate-system section (immediately following the introduction) defines the x-axis only as 'cryptographic resilience' and the y-axis only as 'computational capability' without units, scaling, decision boundaries, or any mapping procedure. Consequently, no concrete coordinate can be assigned to the current state, the CRQC threshold, or post-quantum adoption, rendering the quadrant placement and the ranking of the 'Quantum Gap' as highest risk a narrative assertion rather than a derivable result from the model itself.

Authors: We acknowledge that the axes are defined qualitatively in the current version. The framework is designed as a high-level conceptual tool to categorize stages of the quantum transition, similar to other risk assessment matrices in cybersecurity. To address the concern, we will revise the manuscript by adding a new subsection on 'Operationalizing the Coordinates,' which provides example mappings using existing benchmarks such as the NIST post-quantum cryptography standardization status for cryptographic resilience and publicly reported quantum computing milestones for computational capability. This will enable approximate coordinate assignments without claiming precise quantitative predictions. revision: yes
Referee: [Quadrant analysis and Quantum Gap discussion] The central claim that the Quantum Gap constitutes the highest systemic risk rests entirely on the four-quadrant analysis. Because the axes lack quantitative metrics or external benchmarks, the risk ordering cannot be tested or reproduced; this is load-bearing for the recommendation of immediate crypto-agile transition.

Authors: The risk ordering is derived from the logical structure of the quadrants: the Quantum Gap occurs when computational capability has advanced to CRQC levels while cryptographic resilience remains low. We will expand the discussion in the revision to include supporting evidence from recent reports on cryptographic migration timelines and potential vulnerabilities during transition periods. While the model remains conceptual and does not yield falsifiable numerical predictions, the added details will make the reasoning more explicit and allow for qualitative reproducibility. revision: partial

Circularity Check

1 steps flagged

Quantum Gap risk ranking is defined by construction from the paper's own 2D coordinate system and quadrants

specific steps

self definitional [Abstract]
"This paper introduces a two-dimensional coordinate system to map the co-evolution of cryptographic resilience (x-axis) and computational capability (y-axis). By analyzing the four resulting quadrants, we categorize the transition from legacy classical systems to quantum-resilient architectures. We argue that the 'Quantum Gap' - the delta between CRQC arrival and quantum-safe adoption represents the highest systemic risk, necessitating an immediate transition to crypto-agile frameworks."

The axes and quadrants are defined by the paper; the Quantum Gap is then defined as the delta inside this system, and the 'highest systemic risk' ranking is asserted from the resulting internal structure. No independent quantitative mapping or external data is provided to derive the risk ordering, so the conclusion is equivalent to the introduced framework by construction.

full rationale

The paper introduces its two-dimensional coordinate system (x-axis: cryptographic resilience; y-axis: computational capability) and then defines the Quantum Gap as the delta between CRQC arrival and quantum-safe adoption within that system. The claim that this gap represents the highest systemic risk follows directly from the internal quadrant analysis and narrative assertions about the axes, without any quantitative metrics, units, scaling, decision boundaries, simulations, or external benchmarks supplied for the axes. This reduces the central conclusion to the framework's own definitions by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 2 axioms · 1 invented entities

The paper rests on standard assumptions about quantum computing timelines and the vulnerability of classical crypto, while introducing the Quantum Gap as a new conceptual entity without independent evidence.

axioms (2)

domain assumption Cryptographically Relevant Quantum Computers (CRQC) will arrive and break current public-key systems.
Invoked as the basis for the threat model and the existence of the Quantum Gap.
domain assumption Quantum-safe algorithms and crypto-agile frameworks can be adopted in time to close the gap.
Underlying the call for immediate transition.

invented entities (1)

Quantum Gap no independent evidence
purpose: To quantify and highlight the period of maximum systemic risk between CRQC capability and quantum-safe adoption.
Newly coined term whose risk status is asserted without external data or falsifiable metrics.

pith-pipeline@v0.9.0 · 5375 in / 1382 out tokens · 44413 ms · 2026-05-13T20:48:17.268615+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

Foundation/RealityFromDistinction reality_from_one_distinction unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

We propose a two-dimensional coordinate system to map the co-evolution of cryptographic resilience (x-axis) and computational capability (y-axis). By analyzing the four resulting quadrants...
Cost/FunctionalEquation washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

The evolution follows a trajectory across four quadrants defined by the x-axis (Cryptographic Resilience) and y-axis (Computational Capability).

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

39 extracted references · 39 canonical work pages · 1 internal anchor

[1]

Post-Quantum Cryptography Standardization,

NIST, “Post-Quantum Cryptography Standardization,” 2024

work page 2024
[2]

Algorithms for quantum computation: discrete logarithms and factoring,

P. W. Shor, “Algorithms for quantum computation: discrete logarithms and factoring,” Proc. 35th Annual Symp. Found. Comput. Sci., 1994

work page 1994
[3]

Scheme for reducing decoherence in quantum computer memory,

P. W. Shor, “Scheme for reducing decoherence in quantum computer memory,” Phys. Rev. A, vol. 52, no. 4, 1995

work page 1995
[4]

Cybersecurity in the Quantum Era,

M. Mosca, “Cybersecurity in the Quantum Era,” 2018

work page 2018
[5]

A fast quantum mechanical algorithm for database search,

L. K. Grover, “A fast quantum mechanical algorithm for database search,” Proc. 28th Annual ACM Symp. Theory Comput., 1996

work page 1996
[6]

Harvest Now, Decrypt Later: The Looming Quantum Threat,

M. A. Al-Rubaie, “Harvest Now, Decrypt Later: The Looming Quantum Threat,” Journal of Cybersecurity, 2022

work page 2022
[7]

Hybrid Key Exchange in the Post-Quantum Era,

D. Stebila, “Hybrid Key Exchange in the Post-Quantum Era,” 2021

work page 2021
[8]

Crypto-Agility: Requirements and Implementations,

A. Steur, “Crypto-Agility: Requirements and Implementations,” 2020

work page 2020
[9]

Quantum Internet: A Vision for the Future,

S. Wehner, “Quantum Internet: A Vision for the Future,” 2023

work page 2023
[10]

Quantum Key Distribution: Theory and Practice,

N. Gisin, “Quantum Key Distribution: Theory and Practice,” 2021

work page 2021
[11]

Vulnerabilities in Lattice-Based Cryptography,

J. P. W. Bos, “Vulnerabilities in Lattice-Based Cryptography,” 2023

work page 2023
[12]

Quantum-Assisted Cryptanalysis of PQC Primitives,

T. Prest, “Quantum-Assisted Cryptanalysis of PQC Primitives,” 2022

work page 2022
[13]

The Future of PKI in a Quantum World,

R. Housley, “The Future of PKI in a Quantum World,” 2020

work page 2020
[14]

The Quantum Transition,

B. Schneier, “The Quantum Transition,” 2023

work page 2023
[15]

Quantum Readiness for Enterprise Networks,

Cisco Research, “Quantum Readiness for Enterprise Networks,” 2024. [Online]. Available: https://research.cisco.com/quantum

work page 2024
[16]

Security Requirements for Cryptographic Modules,

FIPS, “Security Requirements for Cryptographic Modules,” 2023

work page 2023
[17]

A logical processor based on reconfigurable atom arrays,

D. Bluvstein et al., “A logical processor based on reconfigurable atom arrays,” Nature, 2024

work page 2024
[18]

Surface codes: Towards practical large-scale quantum computation,

A. G. Fowler et al., “Surface codes: Towards practical large-scale quantum computation,” Phys. Rev. A, 2012

work page 2012
[19]

An introduction to quantum error correction and fault- tolerant quantum computation,

D. Gottesman, “An introduction to quantum error correction and fault- tolerant quantum computation,” 2009

work page 2009
[20]

Quantum cryptography: Public key distribution and coin tossing,

C. H. Bennett and G. Brassard, “Quantum cryptography: Public key distribution and coin tossing,” 1984

work page 1984
[21]

Quantum repeaters: The role of imperfect local operations in quantum communication,

H.-J. Briegel et al., “Quantum repeaters: The role of imperfect local operations in quantum communication,” Phys. Rev. Lett., 1998

work page 1998
[22]

Software-Defined Quantum Networking: Orchestrat- ing Quantum-Classical Hybrid Networks,

R. Nejabati et al., “Software-Defined Quantum Networking: Orchestrat- ing Quantum-Classical Hybrid Networks,” IEEE Comm. Mag., 2023

work page 2023
[23]

How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits,

C. Gidney and M. Eker ˚a, “How to factor 2048 bit RSA integers in 8 hours using 20 million noisy qubits,” Quantum, 2021

work page 2048
[24]

Shor’s discrete logarithm quantum algorithm for elliptic curves,

J. Proos and C. Zalka, “Shor’s discrete logarithm quantum algorithm for elliptic curves,” Quantum Info. Comput., 2003

work page 2003
[25]

Resource-optimized factoring of RSA-2048 with logical qubits,

A. G. Fowler et al., “Resource-optimized factoring of RSA-2048 with logical qubits,” J. Quantum Sci. Tech., 2024

work page 2048
[26]

Introduction to post-quantum cryptography,

D. J. Bernstein, “Introduction to post-quantum cryptography,” Post- quantum cryptography, Springer, 2009

work page 2009
[27]

An efficient key recovery attack on SIDH (preliminary version),

W. Castryck and T. Decru, “An efficient key recovery attack on SIDH (preliminary version),” IACR Cryptol. ePrint Arch., 2022

work page 2022
[28]

On lattices, learning with errors, random linear codes, and cryptography,

O. Regev, “On lattices, learning with errors, random linear codes, and cryptography,” Proc. 37th Annual ACM Symp. Theory Comput., 2005

work page 2005
[29]

A public-key cryptosystem based on algebraic coding theory,

R. J. McEliece, “A public-key cryptosystem based on algebraic coding theory,” DSN Progress Report, 1978

work page 1978
[30]

Quantum-Safe Cryptography: Standards and Implementation Guidelines,

ETSI, “Quantum-Safe Cryptography: Standards and Implementation Guidelines,” 2023

work page 2023
[31]

Hybrid Key Exchange in TLS 1.3,

IETF, “Hybrid Key Exchange in TLS 1.3,” RFC 9370, 2023

work page 2023
[32]

The Future of Cryptographic Agility,

B. Schneier, “The Future of Cryptographic Agility,” IEEE Security & Privacy, 2023

work page 2023
[33]

Quantum Computing in the NISQ era and beyond,

J. Preskill, “Quantum Computing in the NISQ era and beyond,” Quan- tum, vol. 2, p. 79, 2018

work page 2018
[34]

Quantum internet: A vision for the road ahead,

S. Wehner, D. Elkouss, and R. Hanson, “Quantum internet: A vision for the road ahead,” Science, vol. 362, no. 6412, 2018

work page 2018
[35]

Circuit for Shor’s algorithm using 2n+3 qubits,

S. Beauregard, “Circuit for Shor’s algorithm using 2n+3 qubits,” Quan- tum Info. Comput., vol. 3, no. 2, 2003

work page 2003
[36]

Optimized Quantum Adders for Cryptanalysis,

M. Eiden et al., “Optimized Quantum Adders for Cryptanalysis,” IEEE Trans. Quantum Eng., 2023

work page 2023
[37]

How to factor 2048 bit RSA integers with less than a million noisy qubits

C. Gidney, “How to factor 2048 bit RSA integers with less than a million noisy qubits,” Arxiv, 2505.15917, 2025.[Online]. Available: https://arxiv.org/abs/2505.15917

work page internal anchor Pith review Pith/arXiv arXiv 2048
[38]

NIST SP 800-140: CMVP Requirements for Cryptographic Modules,

NIST, “NIST SP 800-140: CMVP Requirements for Cryptographic Modules,” 2023

work page 2023
[39]

ISO/IEC 20543: Information technology — Security tech- niques — Quantum-resistant cryptography,

ISO/IEC, “ISO/IEC 20543: Information technology — Security tech- niques — Quantum-resistant cryptography,” 2023

work page 2023