Adversarial Thinking

Threat Modeling
in the Quantum Era

You cannot defend what you have not modeled. Systematic identification of attack surfaces, adversary capabilities, and the assumptions that break when quantum computing changes the rules.

ATTACK SURFACE ADVERSARY MODEL STRIDE KILL CHAIN QUANTUM THREATS

⚠ THREAT INTEL

Nation-state actors are actively mapping cryptographic dependencies in critical infrastructure ◆ MITRE ATT&CK documents 14 tactics and 200+ techniques across the full attack lifecycle ◆ Harvest-now-decrypt-later changes the threat model: interception is the attack, decryption comes later ◆ Most threat models assume classical computational limits that assumption expires in the quantum era ◆ Supply chain attacks on cryptographic libraries are escalating XZ Utils, SolarWinds, Log4j ◆ Without a C-BOM, your threat model has a blind spot: the entire cryptographic attack surface ◆ Nation-state actors are actively mapping cryptographic dependencies in critical infrastructure ◆ MITRE ATT&CK documents 14 tactics and 200+ techniques across the full attack lifecycle ◆ Harvest-now-decrypt-later changes the threat model: interception is the attack, decryption comes later ◆ Most threat models assume classical computational limits that assumption expires in the quantum era ◆ Supply chain attacks on cryptographic libraries are escalating XZ Utils, SolarWinds, Log4j ◆ Without a C-BOM, your threat model has a blind spot: the entire cryptographic attack surface ◆

Core Concepts

The Building Blocks of Threat Modeling

Threat modeling provides a structured lens for understanding what can go wrong before it does. These are the concepts that matter most in the quantum era.

Foundational

The Core Question: What Could Go Wrong?

Threat modeling is the systematic process of identifying, analyzing, and prioritizing potential threats. Unlike vulnerability scanning, it examines the system holistically including assumptions that may never have been written down and dependencies that were never formally documented.

Quantum Threat

Classical Threat Models Assume Classical Limits

Every existing threat model embeds an assumption: adversaries are constrained by classical computational capability. RSA-2048 is "secure" because no classical computer can factor it in useful time. Quantum computing invalidates this assumption completely not as a distant risk, but as a closing planning horizon.

Active Now

Harvest-Now-Decrypt-Later: The Threat Model Has Already Changed

HNDL attacks mean the adversary does not need quantum capability today only to intercept and store encrypted traffic. The effective breach has already occurred for any data with long-term confidentiality requirements. Threat models that ignore HNDL are already incomplete.

Framework

STRIDE Applied to Quantum Attack Vectors

STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) maps directly to quantum threats. Shor's algorithm simultaneously enables S (forged signatures), T (tampered authenticity via broken PKI), and I (decrypted ciphertext). All three collapse together.

Supply Chain

Cryptographic Supply Chain Is an Attack Surface

Libraries like OpenSSL, BoringSSL, and cloud provider cryptographic modules are dependencies you trust implicitly. XZ Utils (2024) demonstrated that a single compromised maintainer can introduce backdoors into core cryptographic infrastructure. Your threat model must include the supply chain beneath your algorithms.

Prerequisite

Threat Modeling Requires Cryptographic Inventory First

You cannot model threats to assets you do not know exist. A Cryptographic Bill of Materials is the prerequisite for quantum-aware threat modeling it reveals the attack surface, maps the algorithm dependencies, and quantifies where classical and quantum threats converge into highest-priority risk.

What Is Threat Modeling?

Threat modeling is the systematic process of identifying, analyzing, and prioritizing potential threats to a system. It answers a fundamental question: what could go wrong, and what would an adversary do about it?

Unlike vulnerability scanning (which looks for known flaws), threat modeling examines the system holistically. It considers the adversary's goals, capabilities, and constraints. It maps attack paths. It identifies assumptions that could be broken including assumptions so foundational that they were never written down as assumptions at all.

Good threat modeling is not about defending against everything. It is about understanding where risk concentrates, where defenses matter most, and which assumptions cannot afford to break.

Y2Q Position: Most existing threat models are quantum-blind. They assume classical computational limits for the adversary. This assumption has a documented expiration date that is visible on the horizon and for data with long-term confidentiality requirements, that horizon is now.

Attack Surfaces in the Quantum Era

An attack surface is the set of ways an adversary can interact with and compromise a system. The quantum era adds a new dimension: the cryptographic layer itself becomes an attack surface when its underlying mathematical assumptions expire.

Network interfaces and TLS sessions All connections encrypted with RSA or ECDHE are retroactively attackable via harvest-now-decrypt-later collection
Authentication mechanisms RSA and ECDSA digital signatures enable identity spoofing once Shor's algorithm runs at scale
Key management infrastructure RSA-wrapped symmetric keys, ECDH key exchange both broken by Shor's algorithm regardless of key length
Certificate and PKI infrastructure X.509 certificate chains signed with RSA or ECDSA algorithms will require complete reissuance
Cryptographic library supply chain OpenSSL, NSS, BouncyCastle and their distribution mechanisms are attack surfaces
Long-lived encrypted archives Stored ciphertext with multi-year sensitivity is the primary HNDL target; its attack surface is the algorithm that protects it, not any operational system

Adversary Models for the Quantum Era

Threat modeling requires understanding who might attack and what they want. The quantum era adds a new adversary tier:

Script kiddies Opportunistic, using available tools. Classical threat. Low quantum relevance.
Organized cybercriminals Profit-motivated, sophisticated. Classical threat today; will acquire quantum access when commercially available.
Nation-state actors High resources, long-term persistence, geopolitical motivations. Already running HNDL collection operations. Primary quantum threat today.
Quantum-capable adversaries (2026 onward) Will have access to cryptographically relevant quantum computers capable of running Shor's algorithm at scale. This adversary will exist within the current planning horizon.
Insider threats May facilitate HNDL exfiltration or key compromise. Less directly affected by quantum but remain critical in any model.

Key Insight: Nation-state actors are the primary quantum-era threat today because they already have the infrastructure to collect data and the patience to store it for future decryption. Your threat model must account for an adversary who may already hold copies of your historically encrypted communications.

Failure Modes and Broken Assumptions

Threat modeling reveals false assumptions. Quantum-era examples that must be corrected in every active threat model:

"Our RSA-2048 is secure" Shor's algorithm breaks RSA regardless of key size. There is no RSA key length that provides quantum resistance.
"Our TLS 1.3 is quantum-safe" TLS 1.3 uses ECDHE for key exchange, broken by Shor's algorithm. Hybrid PQC key exchange (ML-KEM) is required.
"We will upgrade when quantum computers arrive" HNDL attacks make the effective threat horizon NOW for sensitive long-lived data. Cryptographic migration takes years.
"Post-quantum migration is simple" Large-scale migration requires cryptographic inventory, dependency mapping, protocol testing, and coordinated rollout. Without a C-BOM, the starting point does not exist.
"Our VPN protects our communications" VPN traffic encrypted with classical algorithms is an active HNDL target. Quantum-safe VPN configurations must be deployed.

Threat Modeling as an Ongoing Practice

Effective threat modeling is not a one-time exercise. It must be:

Continuous As systems change and quantum timelines compress, threat models become stale if not maintained
Collaborative Architecture, development, security, and operations teams each see different parts of the attack surface
Grounded in inventory Threat modeling against an incomplete asset inventory produces an incomplete threat model
Prioritised by impact Not all threats are equal. Data lifetime, algorithm vulnerability, and adversary model together determine priority
Actionable Threat modeling must produce concrete decisions: migrate this algorithm, rotate this key, replace this library

Your threat model has a cryptographic blind spot.

The Y2Q C-BOM Tool gives you the cryptographic inventory that quantum-era threat modeling requires every algorithm, key, certificate, and library, with quantum risk scoring.

INVENTORY YOUR CRYPTOGRAPHIC SURFACE

Research Status: Threat modeling frameworks are actively being updated for the quantum era. NIST NCCoE Post-Quantum Cryptography Migration Project provides guidance on integrating post-quantum risk into existing threat models and enterprise security programs. Y2Q applies these principles with focus on cryptographic attack surfaces, adversary model evolution, and the survivability of systems across the quantum transition.

Threat Modelingin the Quantum Era