Skip to main content
Advances in quantum computing will eventually result in cryptographically-relevant quantum computers (CRQC) that are able to decrypt, retroactively, data that is protected by quantum-weak cryptographic algorithms. As a response, NIST issued guidance on what algorithms to replace until 2035. The Binarly Transparency Platform scans images for quantum-weak cryptographic algorithms and produces a detailed Post-Quantum Compliance report that lists all instances of quantum-weak algorithms, affected image components, and NIST recommendations for which algorithms should replace them and until what date. The PQC Compliance Report provides organizations with comprehensive visibility into their cryptographic posture and readiness for the post-quantum era. This specialized report analyzes binaries to identify cryptographic implementations that may be vulnerable to future quantum attacks and provides actionable guidance for migration to quantum-resistant algorithms.

​
Report Contents

The PQC Compliance Report delivers a structured analysis of cryptographic compliance across multiple sections: The report begins with an executive summary (see below) that provides high-level takeaways including an overview of the analyzed system, overall compliance level assessment, and a strategic migration plan with prioritized recommendations for addressing quantum-weak cryptographic implementations. Report metadata includes creation timestamps and detailed product information about the analyzed binary, including version, build information, and scope of analysis.
Excerpt of the PQC compliance report's executive summary.

Executive summary excerpt.

Next is the current compliance status which delivers a comprehensive breakdown of all detected cryptographic algorithms with their type and parameters, post-quantum compliance status for each implementation, NIST guidance regarding recommended replacements where applicable, and security assessment for each compliant algorithm (see below). The compliance status section concludes with a recommended migration timeline for short, mid and long-term.
Excerpt of the PQC compliance report's compliance summary.

Compliance summary excerpt.

This is followed by an exhaustive list of individual algorithm findings organized by compliance status (see below). The detailed findings section provides comprehensive information about each cryptographic implementation discovered during the analysis, categorized by their quantum resistance status.
Excerpt of the PQC compliance report's finding list.

Detailed findings list.

Each algorithm finding, grouped by compliance status, includes the component name and function addresses for precise identification, detailed algorithm parameters and reachability analysis results, specific NIST guidance with recommended replacement algorithms where applicable. The report concludes with a detailed description of the analysis scope and methodology employed during scanning, an overview of the NIST IR 8547 framework for transition to post-quantum cryptography, limitations and assumptions of the analysis, and references to relevant standards and guidance documents.

​
Generating a Report

The Binarly Transparency Platform provides multiple access points for generating PQC Compliance Reports, enabling users to initiate cryptographic analysis from different contexts within the platform. PQC Compliance reports can be generated through two primary methods: product dashboard (below, left side), where users navigate to the product dashboard and access the report generation functionality through the options menu to obtain a comprehensive view of all cryptographic implementations across the entire product scope, and image dashboard (below, right side), where users utilize the generate button from the cryptographic materials tab on the image dashboard to create reports specific to individual firmware images, enabling targeted analysis of cryptographic implementations within a specific binary or firmware version.
Main dashboard interfaceMain dashboard interface
The platform generates PQC Compliance reports in two distinct formats to accommodate different organizational needs: PDF format, which has been described above, aimed at stakeholder presentations and compliance documentation, and JSON format, which contains all cryptographic algorithm findings present in the PDF while providing additional technical metadata including component SHA-256 hash values, implementation types, and structured data fields to facilitate automated processing. Beyond downloadable reports, the Binarly Transparency Platform provides immediate visibility into PQC compliance status through the cryptographic materials tab. This interface displays findings and compliance overview data directly within the platform.

​
Integration with CBOM

PQC Compliance Reports complement the platform’s Cryptographic Bill of Materials (CBOM) capabilities by providing compliance-focused analysis of identified cryptographic materials. While CBOM catalogs all cryptographic components, the PQC report specifically evaluates their quantum resistance and provides migration guidance aligned with NIST standards.