← cd ../projects

file_03 · QUANTUM-RISK

T4SKFORCE Enterprise

● WORKING PROTOTYPE · POST-QUANTUM

A quantum-security scanner that discovers cryptographic assets in banking systems and scores their vulnerability to quantum attacks.

problem

Banking infrastructure runs on classical cryptography — RSA, ECC, TLS — all of which quantum algorithms like Shor’s can eventually break. Harvest-Now-Decrypt-Later attacks mean encrypted financial data captured today can be decrypted in the future. Yet banks have no automated way to even discover their cryptographic assets, let alone assess quantum readiness.

architecture

Post-quantum risk pipeline
Target endpoint 01 Crypto scanner → CB… 02 Quantum risk engine 03 ML prediction (HNDL) 04 PQC recommendations 05 Dashboard 06

approach

  • 01 Built a cryptographic discovery scanner that performs TLS handshake analysis across web servers, APIs, and endpoints — extracting cipher suites, key-exchange algorithms, and certificate metadata into a Cryptographic Bill of Materials (CBOM).
  • 02 Designed a quantum risk engine that evaluates discovered algorithms against quantum attack models (Shor’s, Grover’s) and computes a quantum-readiness score per asset.
  • 03 Added an ML prediction layer — a Random Forest trained on cryptographic parameters (TLS version, key sizes, cipher strength) — that estimates HNDL exposure and migration priority, then recommends NIST post-quantum standards (ML-KEM, ML-DSA) and hybrid TLS strategies through a real-time dashboard.

stack

Python FastAPI scikit-learn TLS analysis Next.js / React NIST PQC standards

impact

  • A unified platform combining cryptographic scanning, quantum threat modeling, ML risk prediction, and visual security monitoring — a tool category most banks do not yet have.
  • Anchors my quantum-computing interest in shipped engineering: post-quantum cryptography applied to real financial infrastructure.

key learnings

  • Quantum threat modeling is tractable today — the hard problem is asset discovery, because you cannot migrate cryptography you cannot see.
  • Risk scoring must be explainable to compliance teams: a number without the contributing TLS parameters behind it is unusable in a regulated industry.
next file MedPath →