Risk Scoring
Cerebion Rivet produces a unified 0–100 Quantum Risk Score for every scan.
Score Components
| Component | Weight | Description |
|---|---|---|
| Algorithm Scoring | 40% | RSA/ECC/DH vulnerability severity |
| Timeline Assessment | 25% | When quantum computers will break this algorithm |
| Business Impact | 20% | Criticality and compliance requirements |
| PQC Readiness | 15% | Post-quantum migration status |
Score Ranges
| Score | Level | Recommended Action |
|---|---|---|
| 0–14 | Minimal | Quantum-resistant or no vulnerable algorithms detected |
| 15–39 | Low | Monitor — long-term threat (10+ years) |
| 40–59 | Medium | Plan migration — medium-term threat (5–10 years) |
| 60–79 | High | Prioritize migration — near-term threat (2–5 years) |
| 80–100 | Critical | Immediate action required — algorithm is quantum-broken |
Algorithm Risk Reference
| Algorithm | Base Risk Score | Notes |
|---|---|---|
| RSA-1024 | 95 | Broken by classical computers today |
| RSA-2048 | 88 | Broken by quantum computers |
| RSA-4096 | 78 | Broken by quantum computers |
| ECC P-256 | 90 | Broken by Shor's algorithm |
| ECC P-384 | 80 | Broken by Shor's algorithm |
| DSA / DH (any key size) | 95 | No quantum-safe interim step exists |
| AES-128 | 30 | Weakened but not broken by Grover's algorithm |
| AES-256 | 15 | Quantum-safe with current estimates |
| ML-KEM | 5 | NIST PQC standard — quantum-safe |
| ML-DSA | 5 | NIST PQC standard — quantum-safe |