Cybersecurity

Quantfall

A platform for cryptography inventory and migration to post-quantum algorithms for banks, fintech, the public sector and healthcare. Readiness for “Q‑Day” — the day a quantum computer breaks today’s encryption.

IndustryBanks · fintech · public sector · healthcare
DeploymentOn-prem, fully offline
DataNever leaves the perimeter
CoreA single self-contained binary

Rule #1: client data never leaves its perimeter. This is a product rule, not a setting.

  • 01

    Cryptography inventory

    The scanner finds all cryptography in the perimeter — in code, certificates and infrastructure — and stores results locally, with no telemetry.

  • 02

    Mosca risk assessment

    Findings are interpreted through a data-class ontology and a Q‑Day arrival model. The output is a standardized cryptography bill of materials — CBOM (CycloneDX).

  • 03

    Board-level report

    A self-contained post-quantum readiness report. Works offline; every report is versioned — binary, rule pack and Q‑Day model.

  • 04

    Quantum-threat monitoring

    A pipeline tracks science, regulation and quantum-computing progress, updating the Q‑Day model and migration priorities.

Declassification timeline

The product’s core idea: show when each data class becomes readable to an adversary — via Mosca’s inequality.

at risk when secrecy lifetime + migration time > time to Q‑Day
State secrets Medical confidentiality Banking secrecy Personal data
Q‑Day
today→ Q‑Day

Classes whose data survives until Q‑Day are at risk and migrate first.

How it works

Scanner

Finds cryptography inside the perimeter and builds the report. Offline, no telemetry.

Threat intelligence

Tracks quantum-computing progress and post-quantum standards, updating migration priorities.

Knowledge base

Detection rules, a data-class ontology and the Q‑Day model — versioned and expert-reviewed.

Why now

The threat is already active — “harvest now, decrypt later”

Encrypted traffic and databases are being intercepted today, to be decrypted once a cryptographically relevant quantum computer arrives. For data with long secrecy lifetimes the breach has already happened — it just can’t be read yet.

Migrating cryptography in a large organization takes years: inventory, prioritization, algorithm replacement and key reissuance. By Mosca’s inequality, if secrecy lifetime plus migration time exceeds the time to Q‑Day, the data is already at risk. The first step is measurable and finite — the inventory.

Industries

Who needs Quantfall

The first to face quantum risk are those whose secrets must hold for decades.

Banks

Banking secrecy

Accounts, deals and client data stay valuable for decades — longer than today’s cryptography will survive.

Fintech

Payment infrastructure

Keys, tokens and payment channels are the first target for “harvest-now” interception. An inventory shows what to replace first.

Public sector

State secrets & critical infrastructure

For government data and critical information infrastructure, secrecy lifetimes are measured in decades — the time margin is already negative.

Healthcare

Medical confidentiality

Diagnoses don’t “expire”: medical confidentiality must hold for the patient’s lifetime — one of the longest secrecy horizons there is.

FAQ

Frequently asked questions

  • 01

    What is Q‑Day?

    Q‑Day is the day a quantum computer becomes powerful enough to break today’s asymmetric cryptography (RSA, ECC) with Shor’s algorithm. The exact date is unknown, so Quantfall maintains a versioned Q‑Day model based on science, regulation and quantum-computing progress.

  • 02

    What is “harvest now, decrypt later”?

    An adversary strategy: intercept and stockpile encrypted data now, to decrypt it after Q‑Day. That is why data with long secrecy lifetimes must move to post-quantum algorithms long before a quantum computer exists.

  • 03

    What is a CBOM?

    A CBOM (Cryptography Bill of Materials) is a standardized inventory of an organization’s cryptography in the CycloneDX format: algorithms, keys, certificates, protocols and where they are used. It is the starting point of any PQC migration and an artefact for audits and regulators.

  • 04

    What is Mosca’s inequality?

    A rule for assessing quantum risk: if the secrecy lifetime of data plus the time to migrate to new cryptography exceeds the time to Q‑Day, the data is under threat today. Quantfall applies it to each of the organization’s data classes and shows what migrates first.

  • 05

    Does Quantfall need internet access?

    No. Quantfall is a single self-contained binary, deployed on-prem and fully offline, with no telemetry. Data and scan results never leave the organization’s perimeter — a product rule, not a setting.

  • 06

    Where do we start a PQC migration?

    With an inventory: you cannot migrate cryptography you cannot see. The Quantfall scanner builds a CBOM, assesses findings via Mosca’s inequality and produces a prioritized migration plan with a board-level report.

Contact

Assess your organization’s quantum risk

We’ll show how Quantfall builds a cryptography inventory and a migration plan — on a pilot segment of your infrastructure, with no data leaving the perimeter.

Contact us directly: ceo.aegisimmortalis@gmail.com · +7 927 375-72-28