Aigerim Nurlanova is a cryptographer at a security consulting firm in Seattle. Her practice has shifted over the past three years from general application security to post-quantum readiness assessments. The market for this shift was created by the National Institute of Standards and Technology’s selection of post-quantum cryptographic standards in 2024 and the subsequent federal guidance directing critical infrastructure operators to begin migration planning. Her current engagement is a review of BlueMirror’s cryptographic architecture for a partner doing due diligence ahead of a commercial integration.
The review brief is specific. Her client does not want her opinion on quantum computing hype. Her client wants to know three things: which cryptographic primitives in BlueMirror’s architecture are vulnerable to a future cryptographically relevant quantum computer; what BlueMirror’s migration plan is; and whether the architecture supports the cryptographic agility necessary to migrate without an architectural rebuild.
She has been writing this kind of report for healthcare technology companies for two years. Most of the reports have been short, because most of the companies do not have answers to the second and third questions. BlueMirror’s documentation suggested it might be different. She is verifying.
Three Specific Things Quantum Changes#
Quantum computing is not a general-purpose acceleration over classical computing. A cryptographically relevant quantum computer is a specific kind of machine that runs a specific kind of algorithm to attack a specific kind of cryptographic problem. The three categories of problem that matter for BlueMirror are combinatorial optimization, high-dimensional pattern exploration, and the discrete-log and factoring problems that underlie current public-key cryptography. Each category has a different relevance, a different timeline, and a different posture.
The combinatorial-optimization category is relevant to MoC routing. The Memory of Context hierarchy is queried hundreds of times per subscriber per day. Each query selects a subset of context layers, retrieves the relevant context fragments, and assembles them for the inference task. The routing problem (which context layers to activate, in what order, with what budget) is combinatorial. The current solution is heuristic: a learned router selects context based on historical patterns and the current query. The routing is fast and good enough at current scale. At ten times current scale, the routing is still fast and good enough. At one hundred times current scale, with the marketplace’s compound complexity, the routing becomes a meaningful optimization target. Quantum algorithms for combinatorial optimization (variants of quantum approximate optimization, adiabatic approaches, and others under research) may offer speedup. The timeline for a quantum machine large enough to outperform classical heuristics on a routing problem of BlueMirror’s actual size is five to fifteen years. The current architecture does not depend on quantum acceleration. The routing layer is designed to accept alternative implementations through a plug-in interface. If quantum acceleration becomes practical, the routing layer can adopt it without changes to the surrounding architecture.
The high-dimensional pattern exploration category is relevant to P-RLHF. The Personalized Reinforcement Learning from Human Feedback layer learns the subscriber’s preferences over a high-dimensional space of communication, recommendation, and automation choices. Cold-start (the period when a new subscriber’s preferences are not yet well-modeled) and cross-domain transfer (using preferences learned in one domain to inform another) are both expensive exploration problems. Quantum algorithms for exploring high-dimensional preference spaces (variants of quantum-enhanced reinforcement learning) may offer acceleration. The timeline for practical quantum machines that outperform classical learning on the scales BlueMirror operates is again five to fifteen years. The P-RLHF architecture has a similar plug-in interface for alternative learning backends. The current backends are classical. The path to quantum backends is open if and when the hardware reaches usefulness.
The third category, public-key cryptography, is the one that demands action now regardless of whether BlueMirror ever uses quantum computing offensively.
Post-Quantum Cryptography#
The cryptographic primitives that secure BlueMirror’s audit trail, the membrane’s signatures, the consent assertions, and the partner identity attestations are all variants of public-key cryptography. The specific schemes in use are Ed25519 (signatures) and X25519 (key agreement). Both are elliptic-curve schemes whose security depends on the discrete-log problem on an elliptic curve being intractable. Shor’s algorithm, running on a cryptographically relevant quantum computer, solves the discrete-log problem efficiently. The schemes are not quantum-resistant.
The same is true of RSA, which appears in several places in the integration ecosystem (TLS certificates, partner API signing in some legacy partner integrations, document signatures for medical records exchange). RSA’s security depends on integer factorization being intractable. Shor’s algorithm solves factorization as well. RSA is not quantum-resistant.
The audit trail is the most consequential of the affected primitives. The audit trail is the architectural guarantee that the subscriber can verify what happened: which agent accessed which context, when, for what purpose, with what consequence. The audit trail’s integrity depends on cryptographic signatures that are unforgeable. A quantum computer that can forge an Ed25519 signature can rewrite the audit trail. The subscriber’s ability to verify what happened collapses if the signature scheme is broken.
This is the reason post-quantum cryptography migration is a defensive requirement, not an offensive opportunity. Whether or not BlueMirror ever uses quantum computing for routing or learning, the audit trail must remain verifiable for the lifetime of the data that depends on it. Healthcare data has a long lifetime. A medical record from 2026 has relevance into the 2050s and beyond. The cryptographic signatures protecting that record’s integrity must remain unforgeable for the same duration.
The implication is that the migration to post-quantum primitives must complete before a cryptographically relevant quantum computer exists, not after. The “harvest now, decrypt later” attack pattern (an adversary captures encrypted traffic today and decrypts it when quantum machines mature) applies to any data whose value persists past the quantum threshold. The signed audit trail is in the same category: a subscriber who relies on the audit trail in 2035 to verify a 2026 interaction needs the 2026 signatures to remain unforgeable in 2035. If quantum maturation arrives in 2032 and the migration completes in 2034, the gap is two years during which signatures from 2026 to 2032 are forgeable. The architecture must avoid that gap.
NIST’s first post-quantum standards (FIPS 203, 204, and 205, finalized in 2024) cover key encapsulation (ML-KEM) and digital signatures (ML-DSA and SLH-DSA). These are the migration targets. The architecture’s migration plan is to deploy a hybrid scheme (classical plus post-quantum) in the near term and to retire the classical component on a schedule that depends on quantum-hardware-maturation signals.
Cryptographic Agility#
The migration is feasible because the architecture was designed with cryptographic agility from the start. The signature scheme is not hard-coded into the audit trail format; it is a parameter. The audit record includes a signature_algorithm field that names the scheme used to sign the record. Verification logic dispatches to the algorithm implementation based on the field. Adding a new algorithm is a software update, not an architectural change.
The same is true of the key agreement, the symmetric encryption (which is not affected by quantum but which uses key sizes that are quantum-relevant), and the hash functions (the SHA-2 family currently in use is considered quantum-resistant in its larger variants, but the architecture supports algorithm substitution if guidance changes).
The migration plan is staged. The first stage, in progress now, is to add post-quantum algorithm implementations alongside the classical ones. Signatures will be dual-signed (classical and post-quantum) during a transition period. Key agreement will use a hybrid scheme combining classical and post-quantum to ensure that if either scheme breaks, the other still holds. The second stage, scheduled for 2027-2028, is to make post-quantum the default for new records while continuing to verify the dual signatures for legacy records. The third stage, scheduled for 2029-2030 or earlier if quantum-hardware-maturation signals accelerate, is to make post-quantum the only required signature for new records and to begin re-signing the most consequential legacy records with post-quantum signatures.
Re-signing the legacy records is the most operationally complex element of the migration. The architecture supports it (the audit trail is append-only, but the design allows for post-quantum-signed attestations that bind to the legacy records without rewriting them). The execution is bounded by compute capacity, by the volume of records to re-sign, and by the validation cost of verifying that the re-signing was performed correctly. The execution is staged across years to keep operational risk manageable.
Two Timelines, Not One#
Quantum computing’s relevance to BlueMirror’s offensive optimization problems is five to fifteen years out. Quantum computing’s threat to BlueMirror’s defensive cryptographic posture is on a timeline whose lower bound is uncertain and whose upper bound matters more than the lower bound. The defensive posture must be ready before the threat materializes, not after.
This is the temporal asymmetry the migration plan addresses. The offensive opportunities are optional. The defensive requirement is not. The migration’s near-term work is the defensive work. The offensive work waits for the hardware.
Aigerim’s report, when she finished it, was longer than her recent reports on healthcare technology companies. The architecture had answers to her three questions. The cryptographic primitives were enumerated and their post-quantum migration paths were documented. The migration plan was staged with timelines and dependencies. The cryptographic agility was implemented in the architecture’s actual code, not just promised in the documentation. She wrote that her client’s due diligence should consider the company’s post-quantum readiness as a positive, with the residual risk being execution risk on the migration plan rather than architectural risk on the readiness. The execution risk is real but bounded. The architectural risk is the one she was paid to find. She had not found it.
Cross-References#
The Audit Trail (BMT-07.04). The audit architecture whose cryptographic primitives are the central post-quantum migration target.
The Five Layers (BMT-05.01). The Memory of Context hierarchy whose routing is one of the candidate optimization problems for future quantum acceleration.
The Membrane (BMT-03.01). The integration surface whose signature scheme is part of the migration scope.
The Three-Zone Architecture (BMT-09.01). The deployment substrate across which the cryptographic migration runs.
Technical Appendix BMT-12.04-A is available to partners and investors at partners.bluemirror.tech.