A Formal Basis for Quantum Cryptographic Exposure Measurement under HNDL Threat

TL;DR

This paper develops a formal, structurally justified model for measuring quantum cryptographic exposure over time, considering adversarial dynamics and operational factors.

Contribution

It introduces a novel mathematical framework that captures the interaction between cryptographic vulnerability and operational exposure in quantum threat scenarios.

Findings

The exposure probability factorizes into hazard, vulnerability, and saturation components.

Additive scoring frameworks cannot replicate the interaction structure of the proposed model.

The framework enables prioritization of operational security measures under partial observability.

Abstract

An adversary copies your encrypted traffic today and waits for a quantum computer to decrypt it later. How exposed are you? We show that the functional form of the answer is not merely a calibration choice -- it is structurally justified by three assumptions about adversarial production and value-decay dynamics. Under those assumptions, the HNDL compromise probability factorises into a temporal hazard, a multiplicative cryptographic-vulnerability and operational-exposure term, and a saturation denominator governed by the defense-attack intensity ratio; the marginal sensitivity to each dimension is endogenous to the organisation's position in the vulnerability-exposure plane, not a fixed global constant. Additive scoring frameworks cannot reproduce this structure because the interaction between cryptographic vulnerability and operational exposure is absent by construction, regardless of calibration. The resulting framework provides a structurally grounded basis for operational HNDL exposure prioritisation under partial observability.