Free Tool · Quantum Security
Q-Day Timeline Comparator
Three inputs. A calculated margin showing how much time your organisation has to complete a PQC migration before the expert-estimated CRQC threat window opens. No account required. Results appear on this page.
- Runs entirely in your browser: nothing is stored or transmitted
- Based on published expert and institutional CRQC timeline estimates
- Applies the Mosca inequality framework to your migration duration
Your answers are used only to calculate your timeline margin. No email address, company name, or IP address is collected as part of this assessment. All calculation happens in your browser.
What this tool collects
Your three inputs (planning scenario, migration duration, sector) are processed client-side. They are not sent to any server.
What is not collected
Your IP address is not collected or stored. Your email address is not collected unless you choose to provide it in the newsletter form.
Third parties
Your data is not sold to third parties or shared with advertising networks.
How this tool works
The Q-Day Timeline Comparator applies the Mosca inequality to your migration estimate. You select a planning scenario (which CRQC year range to plan against), an estimated migration duration, and an optional sector. The tool calculates the margin between your projected migration completion date and the start of the threat window you selected.
The result is not a risk score. It is a calculated margin: a concrete number of years (positive or negative) that anchors a migration business case. A positive margin means your migration can complete before the threat window opens under the chosen scenario. A negative margin means you cannot, and should start now and prioritise highest-risk assets.
Expert estimates for CRQC timelines span more than a decade. This tool does not present any single estimate as authoritative. The scenario you choose is a risk management decision, not a prediction.
Which planning assumption do you want to use?
A Cryptographically Relevant Quantum Computer (CRQC) is one capable of running Shor's algorithm at scale to break RSA and elliptic-curve cryptography. No such machine exists today. Expert estimates for when one will arrive vary significantly. Choose a planning assumption that matches your organisation's risk appetite.
The year must be in the future. Enter a year from 2026 onwards.
Nothing is transmitted from your browser.
How long do you estimate your PQC migration will take?
Migration duration is the time from when you begin active migration to when your critical cryptographic systems have been migrated. Published evidence suggests PKI migrations alone take 5-7 years for complex environments. The duration depends on the size and complexity of your cryptographic estate, the presence of legacy or embedded systems, and your supply chain dependencies. If you are unsure, 4 years is a reasonable mid-range estimate for a moderately complex enterprise.
The tool uses the worst-case (longest) duration in each range. Planning against 4 years is more prudent than 2.
What sector does your organisation operate in?
Your sector helps the tool provide relevant context about regulatory pressures and typical migration timelines. This field is optional.
Sector is used for contextual text on the results page only. It does not change the margin calculation.
Need a full quantum security assessment?
This tool calculates your planning margin. For a comprehensive assessment of your organisation's PQC readiness, exposure, and regulatory obligations, engage directly.
Discuss your situation