PQC-FHE Quantum Security Assessment 2026

Real Qiskit Circuit Benchmarks | Sector-Specific Threat Analysis | GPU-Accelerated Simulation

Industry Sectors

API Routes

238

Tests Passing

Max GPU Qubits

2031

Q-Day Estimate

1. Sector Quantum Threat Map

Healthcare CRITICAL

HIPAA | 50yr retention

RSA-2048, ECDSA-256

HNDL: 45yr window

Urgency: 87/100

Finance HIGH

CNSA 2.0 | 7yr retention

RSA-2048/4096, ECDSA-384

HNDL: 2yr window

Urgency: 70.5/100

Blockchain CRITICAL

Immutable | 999yr retention

ECDSA-256, Ed25519

HNDL: 994yr window

Urgency: 73/100

IoT/Edge MODERATE

NIST 800-183 | 10yr retention

RSA-2048, AES-128

HNDL: 5yr window

Urgency: 59/100

MPC-FHE MODERATE

Lattice-native | 1yr retention

CKKS Ring-LWE (124.5 bits)

HNDL: LOW

Urgency: 56/100

2. Shor vs RSA/ECC — Q-Day Timeline

Quantum Computing Progression

2026 — Current State

~1,000 physical qubits, NISQ era. Shor demo: N=15,21,35 on simulator. GPU: 32 qubits max.

2029 — ECC Falls (Optimistic)

P-256 requires 2,330 qubits. ECDSA-256 broken. Blockchain signatures at risk.

2031 — RSA-2048 Falls (Moderate)

Pinnacle: 100K physical qubits. RSA-2048 broken in ~30 min. Healthcare HNDL window opens.

2035 — NIST Deadline

All classical public-key crypto deprecated. Full PQC migration required.

Shor Resource Requirements

Target	Logical Qubits	Gates	Time (Pinnacle)
RSA-2048	4,098	2.7×10¹⁰	30 min
RSA-3072	6,146	9.1×10¹⁰	2 hr
RSA-4096	8,194	2.2×10¹¹	5 hr
P-256 (ECC)	2,330	1.3×10¹¹	~1 hr
P-384 (ECC)	3,484	4.2×10¹¹	~3 hr

Sources: Gidney-Ekera 2021, Gidney 2025, Pinnacle Architecture 2026

3. Grover vs AES — Symmetric Security

AES-128 WEAKENED

Classical Security128 bits

128 bits

Post-Quantum (Grover)64 bits

64 bits

Qubits: 2,953 | Toffoli: 2.23×10¹⁰

CCQC 2025: -45.2% FDW | T-depth: 30 (ASIACRYPT 2025)

Insufficient for CNSA 2.0 compliance

AES-256 SECURE

Classical Security256 bits

256 bits

Post-Quantum (Grover)128 bits

128 bits

Qubits: 6,681 | Toffoli: 1.51×10¹¹

CNSA 2.0 compliant. All sectors recommended.

4. Real Quantum Circuit Benchmark Results

Shor Factoring (AerSimulator 🟢 GPU)

N	Factors	Qubits	Device	Status
15	3 × 5	12	GPU	Success
21	3 × 7	15	GPU	Success
35	5 × 7	18	GPU	Success
143	11 × 13	24	GPU	Success
221	13 × 17	24	GPU	Success

Real QFT-based period finding on cuStateVec GPU. Pass Manager level=2. Extrapolates to RSA-2048 (4,098 qubits).

ECC Discrete Log (GF(2⁴) 🟢 GPU)

Curve	Qubits	Toffoli	Threat
P-256	2,330	1.26×10¹¹	~2035
P-384	3,484	4.19×10¹¹	~2037
Ed25519	2,321	1.24×10¹¹	~2035
secp256k1	2,330	1.26×10¹¹	~2035

Roetteler (2017) + arXiv:2503.02984 (2025). Formula: 9n+2log₂n+10 qubits.

Grover Search (AerSimulator 🟢 GPU)

Qubits	Space	Device	Speedup
4	16	GPU	~31x
8	256	GPU	~256x
12	4,096	GPU	~4,096x
16	65,536	GPU	~65,536x

Quadratic speedup demonstrated on cuStateVec GPU. Pass Manager level=3. AES-128: 64-bit effective security.

Qiskit Pass Manager + GPU Acceleration (IBM Quantum Learning)

Level 2

Shor + ECC + Noise

generate_preset_pass_manager

Level 3

Grover (deep circuits)

generate_preset_pass_manager

Basis Gates

cz/ecr, id, rz, sx, x

GPU

cuStateVec ~25% faster

RTX PRO 6000 96GB

All 5 verifier classes use AerSimulator(device='GPU') with CPU fallback. Circuit diagrams via matplotlib base64 PNG API.

IBM Quantum QPU Dynamic Discovery + Noise Integration (v3.5.0)

Heron r1

ibm_torino (133Q)

T1=160µs T2=100µs

CZ err=5.0e-3

Heron r2

ibm_fez/kingston/marrakesh (156Q)

T1=250µs T2=150µs

CZ err=3.8e-3

Eagle r3

ibm_brisbane (127Q)

T1=200µs T2=120µs

ECR err=7.5e-3

QPU Backends

API → JSON Cache

→ KNOWN_PROCESSORS

v3.5.0: ibm_torino corrected to Heron r1 (133Q). Added ibm_fez/kingston/marrakesh as Heron r2 (156Q). BenchmarkResultsManager saves results + circuit diagrams. 90 API routes. Dynamic QPU discovery via qiskit-ibm-runtime.

FHE Bootstrap Key Memory Optimization (v3.3.0)

~28GB

Before (startup)

~3.7GB

After (core only)

~24GB

On-demand (temp)

87%

Memory saved

Bootstrap keys (small 223MB + lossy 11.3GB + full 12.3GB) deferred until computation. Auto-created on first bootstrap call, released after use via API.

5. Four Migration Strategies Compared

Strategy	Shor Resistant	Security (bits)	CNSA 2.0	HNDL Protected	Complexity	Recommendation
RSA Only (No Migration)	No	0	No	No	None	UNACCEPTABLE
Hybrid (RSA + PQC)	Yes	~128	Yes	Yes	Moderate	TRANSITIONAL
PQC Primary (ML-KEM/DSA)	Yes	~124.5	Yes	Yes	High	RECOMMENDED
PQC Only (Full Migration)	Yes	~124.5	Yes	Yes	Very High	FUTURE GOAL

Security bits include BKZ reduction (-3.5 bits, Zhao & Ding 2025) and quantum sieve exponent (0.2846, Dutch team Oct 2025).

6. HNDL Threat Windows by Sector

Harvest-Now-Decrypt-Later: Data harvested today, decrypted when CRQC arrives (~2031)

Healthcare

45 years exposed — CRITICAL

Blockchain

994 years exposed — CRITICAL

IoT/Edge

5 years exposed

Finance

2 years exposed

MPC-FHE

LOW risk

Reference: arXiv:2603.01091 (March 2026) — Open-source HNDL testbed

7. 2026 Recommendations

Immediate Actions (2026-2027)

Migrate all AES-128 to AES-256 (Grover halves security)
Deploy hybrid RSA+ML-KEM for key exchange (CNSA 2.0)
Implement ML-DSA-65/87 for digital signatures
Inventory all HNDL-vulnerable data (retention > 5 years)
Deploy SPA countermeasures on IoT/embedded devices

Strategic Planning (2027-2030)

Full PQC migration for healthcare (50yr HNDL window)
Blockchain signature scheme upgrade (ECDSA to ML-DSA)
Algorithm diversity: deploy SLH-DSA alongside ML-DSA
Monitor Regev algorithm developments for resource estimates
Regular quantum circuit benchmark verification (quarterly)

2026 PQC Research Landscape (v3.5.0)

~100K

Physical Qubits

CRQC for RSA-2048

(QLDPC, Feb 2026)

HQC

5th NIST Algorithm

Code-based KEM

Lattice diversification

2030/2035

NIST IR 8547

2030: Deprecated

2035: Disallowed

Hybrid TLS (ML-KEM + X25519) now default in Chrome/Firefox/Cloudflare. AI-assisted side-channel: single-trace ML-KEM key recovery (2026). MOZAIK: Open-source MPC+FHE IoT platform (Jan 2026).

8. Infrastructure & Monitoring Verification

Docker & Containerization

Component	Detail	Status
Docker Image	pqc-fhe-api:v3.5.0 (420MB)	Built
Base Image	python:3.12-slim	OK
liboqs	0.14.0 (multi-stage build)	OK
Health Check	/health (30s interval)	OK
Non-root User	appuser	OK
GPU Image	Dockerfile.gpu (CUDA 12.2)	Available

Monitoring & Orchestration

Component	Detail	Status
Prometheus	/metrics endpoint	Scraping
Grafana	Dashboard + Data Source	Connected
Helm Chart	kubernetes/helm/pqc-fhe/	Validated
NetworkPolicy	Ingress/Egress rules	OK
RBAC	ServiceAccount + Role	OK
Docker Compose	API + Prometheus + Grafana	Verified

Prometheus Metrics Endpoint (/metrics)

Uptime

process_uptime_seconds

Memory

resident_memory_bytes

HTTP

requests_total / by_status

gc_objects_collected

Info

pqc_fhe_info{v=3.5.0}

Zero-dependency Prometheus exposition format (text/plain; version=0.0.4). Thread-safe HTTP middleware tracks request count, duration, status codes. No prometheus_client library needed.

9. v3.5.0 Verification Results

Test Suite

238

All Tests Passed (0 Failed)

TestIBMQuantumV350: 10 tests

TestBenchmarkResultsSaving: 7 tests

Shor probabilistic retry: max 3 attempts

pytest -q: 80 deprecation warnings only

Sector Benchmarks (5 Buttons)

1. Performance Benchmarks OK

2. Quantum Security Sim OK

3. All-Sector Comparison OK

4. Real Circuit Benchmark OK

5. All-Sector Circuit OK

All buttons verified with ibm_fez noise backend. 8 noise backend options in dropdown.

Docker & Monitoring

Docker build: 420MB

Prometheus target: UP

Grafana dashboard: Connected

Helm lint: Passed

Helm template: Rendered

docker-compose: API + Prometheus + Grafana (monitoring profile)

PQC-FHE Integration Platform v3.5.0 | Accurate Hardware Discovery | IBM Quantum QPU Noise | Docker + Prometheus + Grafana | GPU-Accelerated (RTX PRO 6000 Blackwell 96GB cuStateVec)

References: NIST IR 8547, CNSA 2.0, Gidney 2025, Pinnacle 2026, Regev JACM 2025, HQC NIST 2025, MOZAIK 2026, IBM Quantum Learning, IBM Processor Types