ā† Back to ProteQC.com
ProteQC

PQC Business Risk Evaluator

Learned Hand Formula Applied to HNDL and Mosca's Theorem

šŸŽ“ Educational Tool ā€” This calculator is provided for informational purposes only

āš ļø The Legal Risk of Post-Quantum Delay
The Learned Hand Formula (from U.S. v. Carroll Towing Co., 1947) states that negligence occurs when B < PL, where B is the burden (cost) of prevention, P is the probability of harm, and L is the magnitude of loss. In the context of Post-Quantum Cryptography and the "Harvest Now, Decrypt Later" (HNDL) threat, this means: if the cost of implementing PQC now is less than the expected loss from quantum decryption (probability Ɨ damages), delaying PQC migration could create legal exposure.
Select an industry scenario to load typical values for that sector, or choose "Custom" to set your own parameters.
Step 1: Mosca's Theorem - Assess Your Timeline
šŸ“Š Mosca's Quantum Threat Probabilities
Based on Dr. Michele Mosca's 2015 analysis: ~14% probability by 2026 (1 in 7 chance), ~50% by 2031 (1 in 2 chance), with projections of ~70% by 2035 and ~85% by 2040. Note: These are estimates with significant uncertainty; actual timelines may vary.
āŸ¦ X = Data Security Requirement 5 years
How long does your sensitive data need to remain confidential?
05101520
āŸ¦ Y = PQC Migration Time 3 years
How long will it take to complete your migration to quantum-safe cryptography?
03691215
X
Y
X+Y: 8 years
Probability Calculation (P):
Your data needs protection for 5 years, and migration will take 3 years.
Total exposure window: 8 years (until year 2033)

Based on Mosca's probability curve, the estimated chance that Q-Day arrives before 2033 is:
60% (Ā±10-15%)

Mosca's Theorem: Quantum Security Preparedness

Mosca's Theorem provides a framework for determining when organizations must act to protect against quantum computing threats. The inequality (X + Y) > Z helps assess quantum readiness.

Quantum Threat Probability (Mosca 2015)

"There is a 1 in 7 chance that some fundamental public-key crypto will be broken by quantum by 2026, and a 1 in 2 chance of the same by 2031." ā€” Dr. Michele Mosca

~14%
by 2026
(1 in 7)
~50%
by 2031
(1 in 2)
~70%
by 2035
(projected)
~85%
by 2040
(projected)
āš ļø Uncertainty Note
These probabilities are estimates based on 2015 analysis and carry significant uncertainty. Quantum computing development timelines remain unpredictable. Recent advances (or setbacks) may shift these probabilities. Use these as general guidance, not precise predictions.
šŸ“Œ Why X + Y Are Cumulative: The "Harvest Now, Decrypt Later" (HNDL) Threat
For HNDL-sensitive data, X and Y don't overlap because adversaries can steal encrypted data today and store it until quantum computers become available to decrypt it. Even if you start migrating to quantum-safe cryptography immediately, any HNDL-sensitive data encrypted with current algorithms during the Y-year migration period remains at risk. If your data needs to stay secret for X years, and migration takes Y years, you need X + Y years total before all at-risk data's confidentiality requirement expires.

Interactive Timeline Visualization

X: Data Security Period
Y: Migration Time
Z: Quantum Threat
X
Y
āš ļø Q-Day (Z)
āŸ¦ Z = Quantum Computer Arrival 9 years
When will quantum computers be able to break current encryption?
03691215
8 ā‰¤ 9
Step 2: Learned Hand Formula - Risk Analysis
B < PL
B = Burden of PQC Migration $500,000
Total cost to implement post-quantum cryptography (technology, labor, consulting, testing)
100K250M500M1B
P = Probability of Quantum Breach 60% (Ā±10-15%)
Calculated from Mosca's probabilities based on your X+Y timeline above
This probability is automatically calculated based on your data security requirement (X) and migration time (Y). It represents the estimated likelihood that quantum computers will be able to decrypt data harvested today before your data's confidentiality requirement expires. Note: This is an estimate with significant uncertainty.
L = Magnitude of Loss $10,000,000
Total damages if sensitive data is decrypted (regulatory fines, litigation, reputation damage, IP theft, competitive harm)
1M2.5B5B10B

Risk Comparison

$500,000
B
Burden of
Prevention
<
$6,000,000
P Ɨ L
Expected
Loss
$500K
Cost to Prevent
$6.0M
Expected Loss (PƗL)
12.0x
Risk/Cost Ratio

What This Tool Does NOT Assess

This tool provides an educational framework for understanding post-quantum risk through Mosca's Theorem and the Learned Hand Formula. However, it has important limitations.

Factors Not Modeled:

  • Regulatory compliance requirements ā€“ NIST, NSA, industry-specific mandates
  • Industry standards and peer behavior ā€“ what competitors are doing
  • Insurance coverage and availability ā€“ cyber insurance requirements
  • Vendor readiness ā€“ supply chain and ecosystem maturity
  • Technical feasibility ā€“ system compatibility and migration complexity
  • Data classification nuances ā€“ different data types may need different timelines
  • Operational impacts ā€“ business continuity during migration

Recommended Next Steps:

  1. Consult with legal counsel about your specific risk profile
  2. Engage cybersecurity experts for technical feasibility assessment
  3. Review regulatory requirements applicable to your industry
  4. Conduct comprehensive data classification to identify HNDL-sensitive information
  5. Document your decision-making process regardless of chosen timeline

šŸ“š Learn More: Resources & References

āš–ļø Legal Disclaimer
This tool is provided for educational and informational purposes only and does not constitute legal advice, professional consultation, or a guarantee of legal outcomes. Consult with qualified legal counsel before making decisions based on this analysis. No attorney-client relationship is created by use of this tool.
ProteQC Limited
šŸ“œ LICENSE TERMS
Ā© 2025 ProteQC Limited. All rights reserved.

āœ“ FREE USE PERMITTED:
ā€¢ Educational and academic purposes
ā€¢ Research and non-commercial analysis
ā€¢ Personal risk assessment
ā€¢ Sharing with proper attribution

āœ— PERMISSION REQUIRED:
ā€¢ Commercial use or paid services
ā€¢ White-labeling or rebranding
ā€¢ Removal of attribution

ATTRIBUTION: "Developed by ProteQC Limited (ProteQC.com)"

NO WARRANTY: Provided "AS IS" for educational purposes.
For commercial licensing: [email protected]
Website: ProteQC.com