Security Teams · Free Tool
Select a CRQC planning scenario and enter your estimated migration duration. The calculator applies the Mosca inequality to return your organisation's margin against the threat window, expressed in years. No registration required. All computation runs in your browser.
This calculator takes two inputs: a CRQC planning scenario drawn from published institutional estimates, and your estimated migration duration. It applies the Mosca inequality to produce a margin figure representing the years between your projected migration completion and the opening of the selected threat window.
The output is a scheduling metric, not a risk score. A positive margin indicates that migration can complete before the threat window under the selected assumptions. A negative margin indicates that it cannot, and that immediate triage of high-priority cryptographic assets is the appropriate response.
Published CRQC timeline estimates vary by more than a decade across major institutions. The calculator does not endorse any single estimate. The scenario selection is a risk management posture, not a forecast.
Quantum Security and Defence does not collect, associate, or retain your name or your company name when you use these tools. All information is stored only for the duration of the browser session.
We collect only country, industry, and results data. This information is anonymised and cannot be associated with you or your company. Such anonymised data may be used for industry-level reporting, shared with members, incorporated into our research, and provided to government departments to support lobbying activity and the communication of industry readiness.
By using this tool, you consent to the provision of results data on a strictly anonymised basis. No personal name, email address, or company name is stored.
Country is recorded anonymously for industry-level reporting only.
Required to calculate your score, recorded anonymously.
Industry selection is required and recorded anonymously. It does not affect the margin calculation.
Not recorded. Only used to create your PDF report in the browser session.
Not recorded. Only used to create your PDF report in the browser session.
Name and company are used only within your browser session. They are not stored or transmitted.
A Cryptographically Relevant Quantum Computer (CRQC) is one capable of running Shor's algorithm at scale to break RSA and elliptic-curve cryptography. No such machine exists today. Expert estimates for when one will arrive vary significantly. Choose a planning assumption that matches your organisation's risk appetite.
The year must be in the future. Enter a year from 2026 onwards.
Nothing is transmitted from your browser.
Migration duration is the time from when you begin active migration to when your critical cryptographic systems have been migrated. Published evidence suggests PKI migrations alone take 5-7 years for complex environments. The duration depends on the size and complexity of your cryptographic estate, the presence of legacy or embedded systems, and your supply chain dependencies. If you are unsure, 4 years is a reasonable mid-range estimate for a moderately complex enterprise.
The tool uses the worst-case (longest) duration in each range. Planning against 4 years is more prudent than 2.
Professional Advisory
This tool calculates your planning margin. For a full assessment of your organisation's PQC readiness, exposure, and regulatory obligations, engage directly.
Discuss your situation