Citation rules
- Every specific quantitative claim (key size, security level, timeline year, standardization step) links to its primary source.
- Where a claim is directly derived from a scoring rubric, we link to methodology instead of duplicating it.
- News articles and vendor blogs are used only to add context. Security-relevant claims are always backed by a Tier 1 or Tier 2 source per the fact-checking policy.
- Screenshots and quoted text carry the access date so anyone can reproduce them.
- When a source is paywalled or gated, we say so and describe how to obtain it.
Primary references
These are the sources we return to most often. New pages typically cite one or more of them.
- NIST FIPS 203 — Module-Lattice-Based KEM (ML-KEM)
- NIST FIPS 204 — Module-Lattice-Based Digital Signature (ML-DSA)
- NIST FIPS 205 — Stateless Hash-Based Digital Signature (SLH-DSA)
- NIST SP 800-227 — Recommendations for Key-Encapsulation Mechanisms
- NIST PQC Standardization project
- NSA CNSA 2.0 quantum-resistant algorithm suite
- IETF PQUIP working group
- IETF hybrid key exchange for TLS 1.3 (draft-ietf-tls-hybrid-design)
- Cloud Security Alliance — Quantum-Safe Security Working Group
- ENISA Post-Quantum Cryptography reports
How to reproduce a claim
- Find the inline citation nearest the sentence you want to verify.
- Open the primary source. If it is a NIST or IETF document, use the section number cited in the link text.
- If the citation is a scoring output rather than an external source, open methodology and follow the rubric.
- Disagree? Email support@quantumcryptorisk.com with the alternative source. See the fact-checking policy.
Where we have known gaps
We do not run adversarial cryptography testing, we do not have visibility into private keys or wallet ownership, and our timeline forecasts inherit the uncertainty of the underlying academic sources. Every affected page states this in-context; this section is the sitewide summary.