Quantum computers will eventually break current public-key cryptography (RSA, ECC). Post-quantum cryptography (PQC) uses algorithms resistant to both classical and quantum attacks. Our free PQC scanner evaluates your domain's cryptographic setup against NIST's post-quantum standards (ML-DSA, ML-KEM, SLH-DSA) and provides a migration roadmap.
Comprehensive analysis powered by Vysiro's scanning engines
Current cryptographic algorithm inventory
NIST PQC standard compatibility check
ML-DSA (Dilithium) readiness assessment
ML-KEM (Kyber) key exchange evaluation
SLH-DSA (SPHINCS+) signature analysis
Hybrid mode support detection
Certificate authority PQC readiness
Migration priority scoring and roadmap
Get results in seconds with our automated scanning process
Enter your domain name in the scanner
We analyze your current TLS certificate algorithms
Key exchange mechanisms are tested for PQC support
We check for hybrid (classical + PQC) mode availability
Your CA's PQC readiness is evaluated
You receive a scored PQC readiness report with migration steps
Everything you need to know about post-quantum cryptography scanner
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by quantum computers. Current public-key algorithms like RSA and ECC will be vulnerable to quantum attacks. NIST has standardized PQC algorithms including ML-DSA, ML-KEM, and SLH-DSA.
Experts estimate cryptographically relevant quantum computers could emerge between 2030 and 2040. However, 'harvest now, decrypt later' attacks mean adversaries may already be collecting encrypted data to decrypt later. Starting PQC migration now is essential to protect long-lived data.
NIST has finalized three PQC standards: ML-DSA (FIPS 204) for digital signatures based on Dilithium, ML-KEM (FIPS 203) for key encapsulation based on Kyber, and SLH-DSA (FIPS 205) for hash-based signatures based on SPHINCS+. ML-KEM for key exchange and ML-DSA for signatures are the priority.
Start with a cryptographic inventory using our scanner. Then prioritize: 1) Enable hybrid PQC key exchange in TLS, 2) Update certificate infrastructure, 3) Migrate signing algorithms, 4) Update stored data encryption. Vysiro provides automated PQC migration support.
Hybrid mode combines a traditional algorithm (like RSA or ECC) with a PQC algorithm. This provides security against both classical and quantum attacks during the transition period. If either algorithm is broken, the other still provides protection.
Chrome 124+ and Firefox support ML-KEM (Kyber) hybrid key exchange. This means TLS connections to compatible servers already use quantum-resistant key exchange. Server-side support is the remaining piece that our scanner checks for your domain.
Continue your domain security analysis
Analyze SSL/TLS certificates, expiration, and security configuration.
Use toolFull DNS configuration analysis and health scoring.
Use toolGet an instant composite trust score (0-1000) across 29 security categories.
Use toolCheck DKIM key existence, configuration, and selector validation.
Use toolGet continuous monitoring, automated fixes, proof packs, and API access. Protect your domains with Vysiro's agentless attack-surface monitor.