Glossary
Definitions drawn from the book and aligned with NIST standards, institutional guidance, and operational practice.
This glossary defines 20 key terms in quantum risk and post-quantum security from The Quantum Almanac 2026-2027. Terms include harvest now decrypt later (HNDL), post-quantum cryptography (PQC), ML-KEM, ML-DSA, SLH-DSA, cryptographic agility, Q-Day, CRQC, PKI, zero trust architecture, quantum key distribution, NIST PQC standards, cryptographic debt, machine identity, trust architecture, hybrid cryptography, evidence hierarchy, migration governance, readiness maturity model, and third-party quantum risk.
An attack strategy where adversaries intercept and store encrypted data today, intending to decrypt it once a cryptographically relevant quantum computer becomes available. The primary threat model driving urgency in post-quantum migration.
Referenced in: Ch 3, Ch 5 | View all chapters
Cryptographic algorithms designed to resist attacks by both classical and quantum computers. NIST finalized three standards in 2024: ML-KEM (key encapsulation), ML-DSA (digital signatures), and SLH-DSA (stateless hash-based signatures).
Referenced in: Ch 2, Ch 7 | View all chapters
The ability of a system to switch between cryptographic algorithms without requiring significant architectural changes. A prerequisite for smooth post-quantum migration.
Referenced in: Ch 7, Ch 9 | View all chapters
NIST-standardized post-quantum key encapsulation mechanism (formerly CRYSTALS-Kyber). Provides quantum-resistant key exchange for TLS and other protocols.
Referenced in: Ch 7, Appendix J | View all chapters
NIST-standardized post-quantum digital signature algorithm (formerly CRYSTALS-Dilithium). Used for code signing, certificate authentication, and document verification.
Referenced in: Ch 7, Appendix J | View all chapters
NIST-standardized post-quantum signature scheme (formerly SPHINCS+). Conservative design based only on hash function security, providing a fallback if lattice assumptions prove vulnerable.
Referenced in: Ch 7, Appendix J | View all chapters
A quantum computer powerful enough to break current public-key cryptography. Estimates range from 2030 to beyond 2040, but the uncertainty itself drives the migration timeline.
Referenced in: Ch 2, Ch 5 | View all chapters
The hypothetical future date when a quantum computer can break widely-used public-key cryptography. The Almanac argues that focusing on Q-Day predictions misses the point—the migration timeline, not the threat timeline, is the binding constraint.
Referenced in: Ch 5, Ch 19 | View all chapters
The framework of policies, hardware, software, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. A primary attack surface for quantum threats.
Referenced in: Ch 10 | View all chapters
A security model that eliminates implicit trust and requires continuous verification of every user and device. The quantum transition adds complexity to zero trust implementations because certificate and key management must be migrated.
Referenced in: Ch 13 | View all chapters
A method of secure communication that uses quantum mechanics principles to generate shared secret keys. Distinct from post-quantum cryptography, which uses classical computers with quantum-resistant algorithms.
Referenced in: Ch 2 | View all chapters
The National Institute of Standards and Technology’s post-quantum cryptography standardization project. FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) were finalized in August 2024, with a federal mandate deadline of January 1, 2029.
Referenced in: Ch 6, Ch 7 | View all chapters
The accumulated risk from deployed cryptographic systems that do not meet current security requirements. Includes weak key lengths, deprecated algorithms, hardcoded cryptographic dependencies, and untracked certificate inventories.
Referenced in: Ch 9, Ch 12 | View all chapters
Cryptographic credentials (certificates, keys, tokens) that authenticate machines, services, and workloads to each other. Machine identities outnumber human identities by orders of magnitude and represent the largest migration surface.
Referenced in: Ch 10 | View all chapters
The systems, policies, and technical controls that establish and maintain trust between entities in a digital ecosystem. Quantum risk forces a re-evaluation of trust assumptions across PKI, code signing, and inter-service authentication.
Referenced in: Ch 1, Ch 10 | View all chapters
An approach that combines classical and post-quantum algorithms in a single protocol, ensuring security even if one algorithm is later found vulnerable. Used in transition-period TLS and key exchange deployments.
Referenced in: Ch 7, Appendix J | View all chapters
The Almanac’s framework for weighing claims about quantum risk. Ranks sources from most to least reliable: standards bodies and regulation, central bank and G7 guidance, production platform defaults, peer-reviewed research, vendor announcements, and futurist commentary.
Referenced in: Ch 1, Ch 6 | View all chapters
The organizational structure, policies, and processes needed to manage the transition from classical to post-quantum cryptography. Includes inventory, prioritization, vendor pressure, testing, and board communication.
Referenced in: Ch 18, Ch 20 | View all chapters
A framework in the Almanac for assessing an organization’s post-quantum readiness across dimensions including inventory completeness, governance structure, vendor engagement, and migration timeline. Five levels from unaware to optimized.
Referenced in: Appendix H | View all chapters
The exposure organizations face through vendors, suppliers, and service providers who may not be migrating their cryptographic systems on a compatible timeline. Managed through procurement language, contract clauses, and vendor scoring.
Referenced in: Ch 12, Appendix C | View all chapters
Go deeper