pith. sign in

arxiv: 2605.16549 · v1 · pith:H2K6VRDDnew · submitted 2026-05-15 · 💻 cs.CR · cs.CE

Post-Quantum Discovery as a Governance Capability: Evidence-Based Cryptographic Visibility and Exposure Prioritisation in a Critical Service Provider

Jelena Zelenovic , Leila Taghizadeh , Edoardo Pena-Gonzalez , Jaime Gomez Garcia , Bart Preneel This is my paper

Pith reviewed 2026-05-20 16:40 UTC · model grok-4.3

classification 💻 cs.CR cs.CE
keywords post-quantum cryptographycryptographic inventorygovernance capabilityexposure prioritisationcritical service providercrypto-agilityharvest now decrypt laterrisk management
0
0 comments X

The pith

Post-quantum cryptography discovery functions as a governance capability that turns uncertainty into measurable accountability.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

This paper examines how a large European critical service provider started its post-quantum preparations by focusing first on discovery rather than immediate migration. Tool-supported inventorying exposed scattered ownership of cryptographic systems, uneven data quality across legacy and current environments, and strong dependence on external suppliers for future plans. The organization then created a structured exposure register to rank assets according to their business criticality, the required secrecy duration of the data they protect, and the practical difficulty of updating them. The authors maintain that this discovery process should count as a governance function because it creates stable organizational knowledge and supports clearer risk decisions both inside the organization and with its partners.

Core claim

PQC discovery should be understood as a governance capability that stabilises organisational knowledge and converts cryptographic uncertainty into measurable accountability, supporting risk based decision making and ecosystem coordination. This conclusion rests on the documented experience of one anonymized critical service provider that first performed tool-supported cryptographic inventorying to create an evidence-based baseline and then operationalized the findings through a structured exposure register for prioritisation based on asset criticality, confidentiality longevity, and migration feasibility.

What carries the argument

The structured exposure register that ranks cryptographic assets by asset criticality, confidentiality longevity, and migration feasibility to enable evidence-based prioritisation.

If this is right

  • Organizations obtain a verifiable baseline of cryptographic assets before allocating resources to migration.
  • Risk decisions shift from qualitative judgment to measurable accountability tied to specific assets and data lifetimes.
  • Coordination with third-party vendors improves through shared visibility of roadmaps and dependency data.
  • Long-lived sensitive information receives earlier protection under harvest-now decrypt-later threat models.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The same discovery and registration methods could be applied in other regulated sectors that manage long-lived confidential data.
  • Repeated use of exposure registers might gradually produce consistent visibility standards across supply chains.
  • Testing the approach in organizations with differing regulatory pressures would clarify how much the single-case findings generalize.

Load-bearing premise

The challenges and solutions seen in this single anonymized European critical service provider case study are representative enough to guide other organizations pursuing post-quantum readiness.

What would settle it

A comparative study that tracks whether other critical service providers adopting the same discovery-first approach and exposure register achieve clearer risk prioritisation and faster migration progress than providers that skip the structured discovery step.

Figures

Figures reproduced from arXiv: 2605.16549 by Bart Preneel, Edoardo Pena-Gonzalez, Jaime Gomez Garcia, Jelena Zelenovic, Leila Taghizadeh.

Figure 1
Figure 1. Figure 1: Guiding questions addressed by PQC discovery as a governance capability. As per Global Risk Institute and Feder Reserve Board [4, 6], the urgency of addressing this knowledge deficit has increased due to HNDL threats, under which adversaries may capture encrypted traffic now and decrypt it later once cryptographically relevant quantum computers (CRQCs) become available. Under such conditions, and as per Mo… view at source ↗
read the original abstract

Post Quantum Cryptography (PQC) readiness is increasingly constrained not by algorithm availability, but by cryptographic visibility, dependency complexity, and fragmented governance. This paper presents an anonymised case study of a large European critical service provider that initiated PQC readiness through a discovery first strategy, utilizing tool supported cryptographic inventorying to establish an evidence based baseline prior to migration planning. The discovery phase revealed systemic challenges, including distributed cryptographic ownership, uneven evidence quality across legacy and modern environments, and high dependency on third party cryptographic roadmaps. To operationalise these findings, the organisation introduced a structured exposure register that enabled prioritisation based on asset criticality, confidentiality longevity, and migration feasibility. We argue that PQC discovery should be understood as a governance capability that stabilises organisational knowledge and converts cryptographic uncertainty into measurable accountability, supporting risk based decision making and ecosystem coordination. The results contribute actionable lessons for institutions pursuing crypto-agility and resilience under post quantum harvest now, decrypt later threat models.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

2 major / 2 minor

Summary. The paper presents an anonymized case study of a large European critical service provider that adopted a discovery-first strategy for post-quantum cryptography (PQC) readiness. Using tool-supported cryptographic inventorying, the organization established an evidence-based baseline, identified challenges such as distributed cryptographic ownership, uneven evidence quality, and high third-party dependency, and implemented a structured exposure register for prioritization based on asset criticality, confidentiality longevity, and migration feasibility. The authors argue that PQC discovery should be understood as a governance capability that stabilizes organizational knowledge, converts cryptographic uncertainty into measurable accountability, and supports risk-based decision making and ecosystem coordination under harvest-now-decrypt-later threats.

Significance. If the findings hold, this work offers practical, actionable insights for critical infrastructure providers navigating PQC transitions. By framing discovery as a governance mechanism rather than a purely technical exercise, it highlights how visibility and structured prioritization can reduce uncertainty and enable coordinated responses, contributing to the literature on crypto-agility in high-stakes environments.

major comments (2)
  1. [Abstract and Case Study Description] The central governance claim rests on the case study outcomes, yet the abstract and case study sections supply no quantitative metrics (e.g., number of assets inventoried, percentage of legacy vs. modern systems, or exposure scores), validation methods, or error analysis. This absence prevents assessment of whether the observed challenges and the exposure register actually produced measurable accountability or stabilized knowledge.
  2. [Discussion and Conclusions] The claim that the single anonymized European provider's experience can guide other organizations (weakest assumption) is load-bearing for the broader contribution, but the manuscript provides no details on selection criteria, data collection protocols, or limitations of generalizability. Without these, the extrapolation from one instance to ecosystem coordination remains unsupported.
minor comments (2)
  1. [Operationalisation of Findings] The exposure register is described at a high level but lacks an example structure, sample entries, or prioritization scoring formula, which would improve clarity for practitioners.
  2. [Throughout] A few sentences contain minor phrasing issues (e.g., repeated use of 'evidence-based baseline' without variation), and the reference list would benefit from additional citations to recent PQC migration frameworks and inventory tooling papers.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the constructive feedback on our manuscript. We address each major comment below and indicate the revisions we will make to improve clarity and support for the claims.

read point-by-point responses

  1. Referee: [Abstract and Case Study Description] The central governance claim rests on the case study outcomes, yet the abstract and case study sections supply no quantitative metrics (e.g., number of assets inventoried, percentage of legacy vs. modern systems, or exposure scores), validation methods, or error analysis. This absence prevents assessment of whether the observed challenges and the exposure register actually produced measurable accountability or stabilized knowledge.

    Authors: We acknowledge that the current presentation lacks specific quantitative indicators and validation details, which limits evaluation of the outcomes. Due to anonymization requirements and the sensitive operational context of the critical service provider, exact figures cannot be reported. We will revise the case study section to include high-level, non-identifying descriptors of inventory scale and evidence quality, along with a description of the validation approach employed during discovery. This will provide better context for the governance claims without compromising confidentiality. revision: partial

  2. Referee: [Discussion and Conclusions] The claim that the single anonymized European provider's experience can guide other organizations (weakest assumption) is load-bearing for the broader contribution, but the manuscript provides no details on selection criteria, data collection protocols, or limitations of generalizability. Without these, the extrapolation from one instance to ecosystem coordination remains unsupported.

    Authors: We agree that explicit discussion of these elements is needed to support the contribution. The case was chosen to represent a complex, large-scale European critical infrastructure environment with legacy dependencies. We will add a limitations subsection that states the single-case illustrative nature of the study, outlines the high-level data collection process (tool-supported inventory combined with internal governance review), and clarifies the boundaries of generalizability. The manuscript will position the findings as transferable lessons rather than universal prescriptions. revision: yes

Circularity Check

0 steps flagged

No significant circularity in descriptive case study

full rationale

The paper is a descriptive case study reporting on an anonymized European critical service provider's PQC discovery process, including challenges such as distributed cryptographic ownership and the introduction of an exposure register for prioritization based on asset criticality and migration feasibility. No mathematical derivations, equations, fitted parameters, or predictions are present that could reduce to inputs by construction. The central claim frames PQC discovery as a governance capability based on observed findings from this single case, without self-definitional loops, load-bearing self-citations, uniqueness theorems, or renamings of known results. The argument relies on direct empirical reporting rather than any self-referential reduction, making the content self-contained as a non-derivational report.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The paper rests on standard domain assumptions in cybersecurity about the value of visibility for risk management; no free parameters, invented entities, or ad-hoc axioms are introduced in the abstract.

axioms (1)
  • domain assumption Cryptographic visibility and dependency mapping are necessary prerequisites for effective PQC migration planning in complex organizations.
    Implicit in the description of the discovery-first strategy and the challenges revealed by inventorying.

pith-pipeline@v0.9.0 · 5722 in / 1301 out tokens · 103307 ms · 2026-05-20T16:40:52.772327+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

What do these tags mean?
matches
The paper's claim is directly supported by a theorem in the formal canon.
supports
The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends
The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses
The paper appears to rely on the theorem as machinery.
contradicts
The paper's claim conflicts with a theorem or certificate in the canon.
unclear
Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

30 extracted references · 30 canonical work pages

  1. [1]

    We propose a discovery-first methodology to establish cryptographic visibility across heterogeneous and distributed technology estates, positioning discovery as a measurable, repeatable, and auditable governance capability rather than a one-time technical inventory exercise

    work page

  2. [2]

    We introduce a structured exposure register model that enables risk -based asset prioritization across multiple dimensions, including systemic criticality, confidentiality longevity, long -term integrity and authentication assurance, and migration feasibility. While confidentiality durability is a primary driver in many post -quantum cryptography (PQC ) t...

    work page

  3. [3]

    Mosca inequalities

    We present empirical observations from a large -scale real -world case study, demonstrating that ownership fragmentation, variable evidence confidence levels, and supplier dependency chains represent primary structural barriers to PQC migration and broader crypto-agility adoption. 2 PQC Migration and the Need for Crypto-Agility As discussed across multipl...

    work page

  4. [4]

    Data Ingestion from Discovery Pipeline Discovery outputs are normalised and ingested into a structured dataset. These inputs originate from: • Static analysis (e.g., cryptographic libraries, hardcoded keys, configurations) • Dynamic telemetry (e.g., TLS handshakes, certificates, cipher suites) • Dependency mapping (e.g., APIs, third-party services, infras...

    work page 2048

  5. [5]

    The estimation of temporal variables follows structured governance assumptions

    Enrichment with Governance and Risk Metadata Each asset record is then enriched with business and risk-relevant attributes required for prioritisation: • Confidentiality horizon (T_shelf): derived from data classification and retention policies • Migration duration (T_migration): estimated based on system complexity, change windows, and dependencies • Own...

    work page

  6. [6]

    time-exposed

    Time-Based Exposure Evaluation For each enriched asset, the QER applies the temporal exposure rule defined in Eqn. (1): An asset is marked as “time-exposed” if: • Its confidentiality lifetime plus migration duration exceeds the assumed threat horizon. In practice, this is implemented as: • Automated calculation of exposure status (Yes / Borderline / No) •...

    work page

  7. [7]

    Prioritisation and Register Population The final QER entry is created by combining: • Exposure status (from Step 3) • Business criticality (C/I/A classification) • Evidence confidence These inputs are then used to: • Compute a priority score (Section 4.2) • Assign a migration wave (Wave 1–4) • Define target cryptographic state (e.g., hybrid, PQC-ready) In...

    work page

  8. [8]

    confidentiality horizon

    Continuous Update and Governance Integration The QER is not static; it is maintained as a living governance instrument: • Updated periodically as discovery coverage improves • Refreshed when threat horizon assumptions change • Integrated into: o Risk committees o Architecture governance o Third-party risk processes This ensures that PQC readiness evolves ...

    work page 2048

  9. [9]

    Step: Assign scores Criticality (C/I/A): High / High / Medium Criticality Score = 3 Time-Exposed? Yes Time Exposure Score = 3 Evidence Confidence: High Evidence Confidence Penalty = 0 (because High evidence = no penalty)

    work page

  10. [10]

    Hidden Crypto

    Step: Apply the formula in Eqn. (2) Substitute values: 𝑃𝑟𝑖𝑜𝑟𝑖𝑡𝑦= (3 × 0.4) + (3 × 0.4) + (0 × 0.2) 𝑃𝑟𝑖𝑜𝑟𝑖𝑡𝑦= 1.2 + 1.2 + 0 Final Priority Score 𝑃𝑟𝑖𝑜𝑟𝑖𝑡𝑦= 2.4 Interpretation: Given the defined priority bands in Table 2, a Priority Score = 2.4 is very high, meaning this service should be treated as Wave 1 (urgent) because: • it is highly critical to the org...

    work page

  11. [11]

    https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation, last accessed 2026/01/16

    ENISA: Post-quantum cryptography: Current state and quantum mitigation. https://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation, last accessed 2026/01/16

    work page 2026

  12. [12]

    Quantum Computing Report: NIST NCCoE Publishes Drafts on Migration to Post-Quantum Cryptography NIST NCCoE Publishes Drafts on Migration to Post-Quantum Cryptography - Quantum Computing Report, last accessed 2026/02/01

    work page 2026

  13. [13]

    https://www.etsi.org/technologies/quantum-safe-cryptography, last accessed 2026/01/11

    ETSI: Quantum-safe cryptography (QSC) programme overview. https://www.etsi.org/technologies/quantum-safe-cryptography, last accessed 2026/01/11

    work page 2026

  14. [14]

    Harvest now, decrypt later

    Federal Reserve Board: “Harvest now, decrypt later”: Examining post-quantum cryptography and the data privacy risks for distributed ledger networks. FEDS Notes (2025). https://www.federalreserve.gov/econres/notes/feds-notes/harvest-now-decrypt-later-examining-post-quantum- cryptography-and-the-data-privacy-risks-for-distributed-ledger-networks-20250101.ht...

    work page 2025

  15. [15]

    Cloud Security Alliance: Preparing for the Era of Post-Quantum Cryptography https://cloudsecurityalliance.org/blog/2024/02/14/preparing-for-the-era-of-post-quantum-cryptography , last accessed 2026/01/16

    work page 2024

  16. [16]

    https://csrc.nist.gov/projects/post-quantum-cryptography, last accessed 2026/01/16

    NIST: Post-quantum cryptography. https://csrc.nist.gov/projects/post-quantum-cryptography, last accessed 2026/01/16

    work page 2026

  17. [17]

    https://globalriskinstitute.org/publications/quantum-threat-timeline-report-2024/, last accessed 2026/02/10

    Global Risk Institute: Quantum threat timeline report 2024. https://globalriskinstitute.org/publications/quantum-threat-timeline-report-2024/, last accessed 2026/02/10

    work page 2024

  18. [18]

    , year 2018

    Mosca, M.: Cybersecurity in an era with quantum computers: Will we be ready? IEEE Security & Privacy 16(5), 38–41 (2018). https://doi.org/10.1109/MSP.2018.3761723

    work page doi:10.1109/msp.2018.3761723 2018

  19. [19]

    NIST: NIST Releases First 3 Finalized Post-Quantum Encryption Standards https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards, last accessed 2026/01/19

    work page 2024

  20. [20]

    RFC 8446 (2018)

    IETF: The transport layer security (TLS) protocol version 1.3. RFC 8446 (2018). https://datatracker.ietf.org/doc/rfc8446/, last accessed 2026/01/21

    work page 2018

  21. [21]

    https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html, last accessed 2026/01/21

    OW ASP: Cryptographic storage cheat sheet. https://cheatsheetseries.owasp.org/cheatsheets/Cryptographic_Storage_Cheat_Sheet.html, last accessed 2026/01/21

    work page 2026

  22. [22]

    https://eur-lex.europa.eu/eli/reg/2022/2554/oj, last accessed 2026/01/21

    European Union: Regulation (EU) 2022/2554 of the European Parliament and of the Council on digital operational resilience for the financial sector (DORA) (2022). https://eur-lex.europa.eu/eli/reg/2022/2554/oj, last accessed 2026/01/21

    work page 2022

  23. [23]

    Unpublished manuscript (2026)

    Anonymous: Post-quantum exposure. Unpublished manuscript (2026)

    work page 2026

  24. [24]

    https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom, last accessed 2026/02/01

    NTIA: The minimum elements for a software bill of materials (SBOM) (2021). https://www.ntia.gov/report/2021/minimum-elements-software-bill-materials-sbom, last accessed 2026/02/01

    work page 2021

  25. [25]

    https://csrc.nist.gov/projects/ssdf, last accessed 2026/02/03

    NIST: Secure software development framework (SSDF). https://csrc.nist.gov/projects/ssdf, last accessed 2026/02/03

    work page 2026

  26. [26]

    https://www.cisa.gov/sbom, last accessed 2026/02/03

    CISA: SBOM sharing lifecycle report. https://www.cisa.gov/sbom, last accessed 2026/02/03

    work page 2026

  27. [27]

    https://www.opengroup.org/open-fair, last accessed 2026/02/03

    The Open Group: The Open FAIR™ body of knowledge. https://www.opengroup.org/open-fair, last accessed 2026/02/03

    work page 2026

  28. [28]

    NIST SP 800-30 Rev.1 (2012)

    NIST: Guide for conducting risk assessments. NIST SP 800-30 Rev.1 (2012). https://csrc.nist.gov/publications/detail/sp/800-30/rev-1/final , last accessed 2026/02/03

    work page 2012

  29. [29]

    IETF Internet-Draft (2025)

    Stebila, D., Fluhrer, S., Gueron, S.: Hybrid key exchange in TLS 1.3. IETF Internet-Draft (2025). https://datatracker.ietf.org/doc/html/draft-ietf-tls-hybrid-design-16, last accessed 2026/02/03

    work page 2025

  30. [30]

    Google Security Blog

    Google: Experimenting with post-quantum cryptography in TLS. Google Security Blog. https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html, last accessed 2026/02/03

    work page 2016