CryptoSweep: measuring post-quantum readiness on the open web
A free instrument that reads a website's encryption off the wire and tells you, in plain language, whether it can survive the arrival of quantum computers.
01Summary
CryptoSweep answers one question: is this website ready for quantum computers, or not. You type a domain, and within a second or two you get a clear verdict and the evidence behind it. Any host you enter is measured live, from a real connection to the site at the moment you ask, not from a marketing claim. A few clearly labeled demo hosts on the home page replay a saved result so the page works offline; everything else is a live measurement.
Today most of the internet still protects its traffic with encryption that a sufficiently powerful quantum computer is expected to break. A smaller but fast growing share has already upgraded to a newer kind that resists that attack. CryptoSweep makes the difference visible to anyone, whether you are a security engineer planning a migration or a crypto user wondering if your exchange has done its homework.
Paste a site. We open a real connection to it, look at how it scrambles data, and tell you whether a future quantum computer could one day unscramble it. Green means future proof. Red means crackable later. No signup, nothing to install.
02Why this matters
When you visit a secure website, your browser and that site perform a quick negotiation and agree on a secret key. Everything after that is scrambled with that key so that anyone watching the connection sees only noise. The security of the whole conversation rests on how that secret key is agreed.
The methods used for that agreement across most of the web today were designed decades ago. They are excellent against ordinary computers. They are not designed to withstand a large quantum computer, a machine that does not yet exist at the needed scale but that serious researchers and governments expect to arrive within the next ten to fifteen years.
Harvest now, decrypt later
Here is the part that makes this urgent rather than theoretical. An attacker does not need a quantum computer today to benefit from one tomorrow. They can record encrypted traffic now, store it cheaply, and wait. The day a capable quantum computer exists, they unlock everything they saved. Anything with a long secrecy lifetime, medical records, legal files, financial history, private messages, is exposed on a delay you cannot see.
Think of it as screenshot now, crack later. Data captured today has a hidden expiration date on its privacy. Upgrading the encryption now is the only way to close that window before it opens.
03The threat, in technical detail
The relevant attack is Shor's algorithm. On a large, error corrected quantum computer it solves the integer factorization and discrete logarithm problems efficiently. Those two problems are exactly what RSA and elliptic curve cryptography rely on for both key exchange and signatures. When they fall, the classical key agreement used in most current TLS connections falls with them.
Two clarifications matter, because they shape what CryptoSweep does and does not warn you about:
- Key exchange is the urgent risk. The ephemeral key agreement (for example X25519) is what protects the confidentiality of your traffic. It is the part exposed to harvest now, decrypt later, so it carries the loudest warning.
- Symmetric encryption is mostly fine. The bulk cipher that scrambles the actual bytes (for example AES-256-GCM) is only weakened by a different quantum algorithm, Grover's, which at most halves its effective strength. A 256 bit cipher remains comfortably out of reach. This is not the exposure, and CryptoSweep does not pretend it is.
- Certificate signatures are a separate axis. A site's certificate is signed with a classical algorithm such as ECDSA. A future quantum computer could forge such a signature going forward, which is an authenticity concern, but it cannot retroactively break a recorded session the way a broken key exchange can. CryptoSweep flags it honestly and separately, without fear mongering.
The defense is post-quantum cryptography. The United States National Institute of Standards and Technology has standardized the first algorithms: ML-KEM (FIPS 203) for key encapsulation, ML-DSA (FIPS 204) and SLH-DSA (FIPS 205) for signatures. In practice the web is deploying ML-KEM in a hybrid construction, pairing the classical X25519 with ML-KEM-768 so that a connection is safe if either component holds. That hybrid group is named X25519MLKEM768, and recognizing it is the heart of what CryptoSweep measures.
A hybrid key exchange combines a well understood classical algorithm with a newer post-quantum one. If the new algorithm turns out to have a flaw, the classical half still protects you. If the classical half is broken by a quantum computer, the post-quantum half still protects you. You only lose if both fall, which is the safest available posture today.
04What a scan measures
When you scan a host, CryptoSweep reads the values that the site actually negotiates on a live connection. These are facts read from the wire, not estimates:
| Value | What it is |
|---|---|
| key_exchange | The negotiated key agreement group. This is the load bearing result. X25519MLKEM768 is quantum safe; X25519 alone is not. |
| tls_version | The protocol version. Modern sites use TLS 1.3, which provides forward secrecy. |
| cipher | The symmetric cipher suite that scrambles the traffic, for example TLS_AES_256_GCM_SHA384. |
| cert signature | The algorithm that signed the site's certificate, an authenticity signal reported separately. |
| cert key | The certificate's public key type and size, for example EC P-256 or RSA 2048-bit. |
| rtt and resolved ip | The round trip time of the handshake and the address that answered, so the reading is traceable. |
05How the method works
CryptoSweep does not read your traffic and it does not decrypt anything. It performs its own fresh handshakes with the target and inspects the public negotiation. The clever part is how it determines quantum safety reliably, because the negotiated group is not always exposed by a single connection.
It opens two real handshakes in parallel:
- A default handshake. The scanner offers a normal modern list of groups and records what the server chooses, along with the cipher, protocol version, certificate, round trip time, and address.
- A hybrid only handshake. The scanner offers a list containing only the post-quantum hybrid group X25519MLKEM768. If this handshake succeeds, the server genuinely supports post-quantum key exchange. If it fails, the server cannot do it.
This second probe is the discriminator. It turns a fuzzy question into a definite yes or no, because a handshake either completes or it does not. The classification then follows directly:
| Observation | Verdict |
|---|---|
| Hybrid handshake succeeds and the default negotiation also chose it | SAFE |
| Hybrid is supported but the default negotiation fell back to a classical group | AMBER |
| Hybrid handshake fails, only classical key exchange is available | VULNERABLE |
Some values are directly readable and some require this kind of inference. The negotiated classical group, cipher suite, protocol version, and certificate details are read straight from the connection. Whether a server supports the hybrid group is determined by the success or failure of the hybrid only handshake. CryptoSweep treats the wire as the source of truth, and where it infers, it infers from a real connection result rather than a guess.
06Reading your result
Every scan presents two layers at once, so the same result serves a security engineer and a newcomer.
The technical layer shows the raw negotiated values in monospace, a deliberate choice: anything the machine measured is set in a fixed width font, and anything written by a human to explain it is set in the normal typeface. That visual rule keeps measured fact separate from interpretation.
The plain layer is a short, color coded card that answers the only question most people have, which is what this means for me:
- SAFE Future proof. The site already uses quantum resistant encryption, so traffic recorded today cannot be unscrambled by a future quantum computer.
- AMBER Half protected. The site can do quantum resistant encryption but did not use it for this connection, leaving a downgrade path open.
- VULNERABLE Crackable later. The site still uses classical encryption that a future quantum computer is expected to break.
Each result also offers a one click glossary that defines the terms on screen, such as key exchange and harvest now, decrypt later, in everyday language. You can read the verdict at a glance, then go as deep as you like.
07The fleet view
One scan is a snapshot. A fleet is a posture over time. CryptoSweep continuously measures a curated set of well known hosts across categories such as big technology, crypto exchanges, banks, government, and privacy tools, and shows the aggregate picture: how many are quantum safe, how many are not, and how that mix is changing.
The fleet is useful for two reasons. It demonstrates that the measurement is real, because you can recognize the names and check them yourself, and it tells a genuine story about the state of the web. As of this writing, a large share of the sites behind major content networks have adopted hybrid post-quantum key exchange, while many banks, several large technology platforms, and even some government sites still rely on classical encryption alone.
It is a live scoreboard of who has future proofed their encryption and who has not, scanned for real on a schedule rather than copied from a list.
08The CBOM
Every measurement can be exported as a Cryptographic Bill of Materials, or CBOM, in the CycloneDX 1.6 format. A CBOM is a structured, machine readable inventory of the cryptography a system uses. Just as a software bill of materials lists the libraries in an application, a CBOM lists the cryptographic assets, their parameters, and their quantum security level.
This matters because regulators and large organizations increasingly require a cryptographic inventory as the first step of any migration. You cannot upgrade what you have not catalogued. A CBOM turns a verdict into an auditable artifact that can be compared over time and handed to a compliance team.
{
"bomFormat": "CycloneDX",
"specVersion": "1.6",
"components": [{
"name": "X25519",
"cryptoProperties": {
"assetType": "algorithm",
"algorithmProperties": {
"primitive": "key-agree",
"nistQuantumSecurityLevel": 0
}
}
}]
}
The value nistQuantumSecurityLevel: 0 is the machine readable red flag. A tool, not a human, can scan a fleet of CBOM files and find every component that scores zero. A quantum safe asset such as X25519MLKEM768 scores level 3.
10Architecture and privacy
CryptoSweep is built to be simple, fast, and private. The interface is a single page application. The measurement engine is a small server that uses only the standard networking library of its runtime, with no third party scanning services and no paid keys.
The prober
The server opens TLS 1.3 connections to the target on port 443 and reads the negotiated parameters using its built in TLS facilities. The accuracy of post-quantum detection depends on the server's own cryptographic library supporting the hybrid group, which modern versions do. Where that support is absent, the tool degrades gracefully and reports the classical reading, which is the true majority state of the web today.
Privacy by design
The scanner only inspects the public handshake. It never sees your browsing, it sends no credentials or payloads, and by construction it cannot decrypt anything. It records the negotiated parameters of a scan, such as the group and verdict, to power the recent activity feed and the fleet history. It does not record traffic.
Safety controls
- Requests to private or internal addresses are refused, to prevent the scanner from being used to probe internal networks.
- Scans are rate limited per visitor.
- Results are cached briefly so repeated checks do not hammer a target.
- Each handshake has a strict timeout, so an unresponsive host fails cleanly rather than hanging.
11Standards and references
CryptoSweep is grounded in published standards rather than novel claims:
- FIPS 203, ML-KEM. The standardized module lattice key encapsulation mechanism, the post-quantum half of the hybrid group.
- FIPS 204 and FIPS 205, ML-DSA and SLH-DSA. The standardized post-quantum signature schemes, relevant to the certificate authenticity axis.
- RFC 8446, TLS 1.3. The transport protocol whose handshake CryptoSweep reads.
- CycloneDX 1.6. The bill of materials format used for the exported CBOM, including its cryptographic asset model.
- IANA TLS supported groups. The registry that assigns code points such as 0x11EC to X25519MLKEM768 and 0x001D to X25519.
12Limits and honesty
A tool that overstates its certainty cannot be trusted, so here is what CryptoSweep does not claim.
- It measures the key exchange and transport posture of a public endpoint. It does not audit the site's full cryptographic estate, its internal services, or its data at rest.
- A green verdict means the public connection uses hybrid post-quantum key exchange. It is not a blanket statement that the organization is quantum safe everywhere.
- The word used is quantum resistant or hybrid, never quantum proof or unhackable. Calibrated language is a feature, not a hedge.
- The certificate signature line is reported as an authenticity consideration, not as a harvest now, decrypt later exposure, because it is not one.
- A handful of demonstration hosts in the interface use curated results so the demo always works offline. Any host you type yourself is measured live, and if the live measurement is unavailable the interface says so rather than inventing a result.
13Roadmap
CryptoSweep began as a single instrument. It measures the key exchange and transport posture of a public endpoint, and it answers one question: is this website ready for quantum computers, or not. That instrument does one thing, measures a real signal, and labels the result honestly.
The roadmap extends that instrument into a family of instruments. The subject widens, from a live TLS handshake to fleets of hosts, to source repositories, to the free public market data that surrounds the quantum era. The discipline does not change. Every instrument measures a real, freely available signal. Every instrument keeps measured fact separate from human interpretation. Nothing here is financial advice.
Because these instruments differ in what actually stands behind them, each one carries an honesty tier, stated in plain sight, that says exactly what kind of claim it makes. The tier is the first thing to read about any feature below.
| Tier | What backs it |
|---|---|
| GENUINE | Real physics. Either a real post-quantum handshake using ML-KEM, or real quantum-random entropy, measured vacuum fluctuations from the ANU beacon. |
| QUANTUM-INSPIRED | Published classical mathematics that borrows quantum ideas, such as amplitude encoding, Grover search, hyperdimensional similarity, spectral (eigenvector) decomposition, and QUBO annealing. Named honestly. No quantum computer is involved; it is ordinary math on ordinary hardware. |
| METAPHOR | An intuitive picture of ordinary classical signals. Drawn as a visualization, labeled as one, and never presented as a measurement. |
Genuine means real physics did the work. Quantum-inspired means the maths is real and the idea comes from quantum computing, but the computer is an ordinary one. Metaphor means a picture drawn to help you see, not a number we measured. The tier is printed next to every instrument, so the distinction is never lost.
Phase 1 — Near term
The first phase extends the instrument that already exists. It keeps the scanner at the centre and builds outward from the handshake receipts it already produces, then adds one new reading built on free public market data.
| Instrument | What it does | Tier |
|---|---|---|
| Quantum Readiness Leaderboard | Ranks the full trusted-host fleet, roughly forty-two sites, live by real ML-KEM posture, with movement over time and a shareable card when an exchange falls behind. Every row is a real handshake receipt. | GENUINE |
| Decoherence view of a scan | Renders the two real TLS handshakes as interfering waves, so a silent downgrade visibly de-coheres. The byte-level trace stays one tap away. | GENUINE |
| User-defined fleets | Monitor your own set of domains and alert when a host's posture changes or quietly downgrades. | Scanner extension |
| Signed CBOM exports | A tamper-evident cryptographic bill of materials for audit trails. | Scanner extension |
| Interference Feed | Takes the trending-token firehose and collapses forty near-identical copies of one meme to a single representative, through amplitude encoding and a destructive-interference de-duplication, so you see distinct ideas rather than echoes. Free public market data only. | QUANTUM-INSPIRED |
Phase 2 — Next
The second phase introduces a shared analysis engine and reads several instruments off it. These describe how tokens move together, from free public market data. Here the honesty tier is applied line by line: an ordinary classical correlation is labeled classical, and only the spectral step carries the quantum-inspired label.
| Instrument | What it measures | Tier |
|---|---|---|
| Entanglement Web | Paste a basket of tokens and see which actually move together, drawn as a graph. The plain correlation is labeled classical; only the leading eigenvector, the principal mode, is quantum-inspired. | QUANTUM-INSPIRED, carefully labeled |
| Principal Mode | How much of a basket is one shared trade versus genuine diversification, by eigen-decomposition of the correlation matrix. | QUANTUM-INSPIRED |
| Rhyme Radar | Given one token, the live tokens whose behaviour rhymes with it most, by hyperdimensional amplitude-encoded similarity. Flags honest correlated plays and suspicious clone-factory twins alike. | QUANTUM-INSPIRED |
| Bloch Risk-State | A token's free risk signals, such as sellability, owner control, and holder concentration, drawn as a point on a Bloch sphere. A picture of classical signals, explicitly not a measured qubit. | METAPHOR, hard-labeled |
Phase 3 — The horizon
The third phase is the more ambitious vision. It carries the post-quantum question off the live endpoint and into source code, and it puts the genuine tier's real quantum entropy to work in the open.
| Instrument | What it does | Tier |
|---|---|---|
| Repository and dependency scanning, with a CI gate | Extends post-quantum classification from a live endpoint to the cryptography declared in source and build manifests, and fails a build when a quantum-vulnerable dependency appears. | Scanner extension |
| Amplify / Superposition Scan | A faithful CPU simulation of Grover's search that amplifies a large candidate set toward a transparent quality target and reads out a short shortlist. | QUANTUM-INSPIRED |
| Quantum Pick of the Day | One provably-fair daily pick drawn from a quality-gated pool using real ANU quantum entropy, published commit-then-reveal so anyone can recompute it. A fairness demonstration, never a recommendation. | GENUINE entropy |
| Provably-fair primitives | The same quantum-entropy and public-beacon machinery, offered for community draws and allowlists. | GENUINE entropy |
The quantum-inspired tier is classical mathematics run on ordinary computers; the name credits the idea it borrows and claims nothing more. The metaphor tier is a picture, not a measurement, and it is never read as one. None of these instruments is financial advice. Across every one of them, the word used stays calibrated, quantum resistant or hybrid, never quantum proof, and the line between measured fact and human interpretation is preserved, the same rule that governs a scan today.
14Glossary
| Term | Plain meaning |
|---|---|
| Key exchange | The secret handshake your browser and a site do to agree on an encryption key. If this step is weak, everything built on it is weak. |
| X25519 | Today's common key exchange. Strong against ordinary computers, expected to fall to a quantum computer. |
| X25519MLKEM768 | A hybrid that adds a quantum resistant layer (ML-KEM) on top of X25519. Same speed in practice, and future proof. |
| ML-KEM | The standardized post-quantum key encapsulation mechanism (FIPS 203), based on hard lattice problems with no known shortcut. |
| Harvest now, decrypt later | Recording encrypted data today to decrypt it years from now once quantum computers exist. |
| CRQC | Cryptographically relevant quantum computer, a machine large and reliable enough to break classical key exchange. |
| CBOM | A cryptographic bill of materials, a structured inventory of the cryptography a system uses. |
| TLS 1.3 | The current version of the protocol that secures web traffic, providing forward secrecy. |