arxiv: 2605.02276 · v1 · submitted 2026-05-04 · 💻 cs.CR · cs.PF

Recognition: 3 theorem links

· Lean Theorem

Post-Quantum Cryptography Migration in Australian Real-Time Payment Infrastructure: A Monte Carlo Simulation Study of the New Payments Platform

Nazmus Salehin Sammo

Authors on Pith no claims yet

Pith reviewed 2026-05-08 18:14 UTC · model grok-4.3

classification 💻 cs.CR cs.PF

keywords post-quantum cryptographyMonte Carlo simulationreal-time paymentsservice level agreementsHNDLqueueing modelsAustralian NPPquantum migration

0 comments

The pith

ML-DSA and Falcon post-quantum signatures meet Australia's 2,000 ms NPP payment SLA with under 2 ms added latency while SPHINCS+ saturates queues and fails entirely.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

Australia's New Payments Platform processes millions of real-time transactions daily under a strict 2-second limit. This Monte Carlo study tests NIST post-quantum signature standards by simulating their effects on hardware security module queues, tail latencies, and harvest-now-decrypt-later exposure across 1,000 mixed-season days. ML-DSA and Falcon variants sustain full compliance in every configuration, with maximum p99 overhead of 1.57 ms, while SPHINCS+ overloads the system and produces zero compliance. The work also projects nearly 10 billion records at risk from future quantum computers and estimates peak migration costs of 21.4 million dollars in 2026.

Core claim

Through 80 million events in seasonally adjusted Monte Carlo runs on a multi-cloud testbed, the study shows ML-DSA and Falcon achieve 100 percent SLA compliance with p99 overhead below 2 ms and Crypto Dilution Index values under 0.04, identifies Falcon-512 as the only algorithm fitting the 2,048-byte SWIFT MT limit, demonstrates SPHINCS+ queue saturation at rho of 1.8855 yielding 0 percent compliance, and quantifies 9.56 billion NPP records at HNDL risk under a 2030 CRQC timeline with migration costs peaking at 21.4 million USD.

What carries the argument

The joint Monte Carlo simulation combining M/M/c queue saturation modeling for HSMs, generalized extreme value tail bounds, and an actuarial HNDL exposure model validated on liboqs across Intel, AMD, and ARM platforms.

Load-bearing premise

The M/M/c queue saturation, GEV tail bounds, and 1,000-day seasonally mixed Monte Carlo setup accurately represent real NPP hardware behavior, traffic patterns, and quantum computer timelines.

What would settle it

Direct measurement of HSM queue lengths and end-to-end latencies when running ML-DSA, Falcon, or SPHINCS+ at full NPP daily volume on production hardware, checking whether p99 stays under 2 seconds or queues saturate as modeled.

Figures

Figures reproduced from arXiv: 2605.02276 by Nazmus Salehin Sammo.

**Figure 1.** Figure 1: Simulated daily transaction volume profile (Gaussian mixture, 6 components) view at source ↗

**Figure 2.** Figure 2: NPP SLA compliance distribution across 1,000 Monte Carlo days per algorithm view at source ↗

**Figure 3.** Figure 3: End-to-end NPP p99 latency distribution (violin plot) across 1,000 Monte Carlo view at source ↗

**Figure 4.** Figure 4: 95% confidence intervals on the mean of daily NPP p99 latency values across view at source ↗

**Figure 5.** Figure 5: Cohen’s d effect sizes for each PQC algorithm vs ECDSA-P256 baseline. Values view at source ↗

**Figure 6.** Figure 6: M/M/c queue utilisation (ρ) and mean wait time for each algorithm at Big 4 bank average daily load (13.5 TPS, c = 2 servers). SPHINCS+ bar extends to ρ = 1.8855, off the stable region. All ML-DSA and Falcon variants have utilisation ρ < 0.003, meaning the two-server pool is essentially idle, each algorithm requires less than 0.3% of one server’s capacity at peak NPP load. SPHINCS+ requires c ≥ 8 servers pe… view at source ↗

**Figure 7.** Figure 7: TPS sweep analysis, queue utilisation ρ across institution TPS load levels for each algorithm (c=2 servers). SPHINCS+ crosses the ρ=1.0 saturation threshold at approximately 7.2 TPS/institution (theoretical threshold λ = c·µ = 2 × 3.58 = 7.16 TPS). All ML-DSA and Falcon variants remain below ρ=0.01 across the full sweep. 4.4.1 SPHINCS+ Queue Saturation as a DoS Amplification Vector The queue saturation dyn… view at source ↗

**Figure 8.** Figure 8: Key and signature sizes for each algorithm against SWIFT MT 2,048 B limit view at source ↗

**Figure 9.** Figure 9: NPP SLA compliance across five stress scenarios. All ML-DSA and Falcon view at source ↗

**Figure 10.** Figure 10: p99 latency under three HSM deployment architectures. Even network-attached view at source ↗

**Figure 11.** Figure 11: Projected NPP p99 latency at 15.6% YoY volume growth (2026–2029). All view at source ↗

**Figure 12.** Figure 12: Four-Phase PQC Migration Cost Model (2025–2028 and beyond). Phase 1 view at source ↗

**Figure 13.** Figure 13: GEV-fitted p99, p99.9, and p99.99 quantiles for non-SPHINCS+ algorithms. view at source ↗

**Figure 14.** Figure 14: 24-hour M/M/c queue utilisation profile under Christmas scenario (c=2 view at source ↗

**Figure 16.** Figure 16: Algorithm recommendation matrix scoring each candidate across six operational view at source ↗

**Figure 17.** Figure 17: Algorithm regulatory compliance heatmap across APRA CPS 234, RBA NPP view at source ↗

read the original abstract

Australia's New Payments Platform (NPP) processes 5.2 million real-time transactions per day under a 2,000 ms SLA. With cryptographically relevant quantum computers projected by 2030-2035 and the Harvest Now, Decrypt Later (HNDL) threat active, this paper presents a Monte Carlo simulation study of NIST FIPS 204/205/206 signature standards (ML-DSA, SLH-DSA/SPHINCS+, Falcon) in Australian payment infrastructure, jointly modelling M/M/c queue saturation, GEV tail bounds, and HNDL actuarial exposure across 1,000 seasonally-mixed simulation days (80 million events). Cross-platform validation used liboqs 0.15.0 on a seven-node multi-cloud testbed spanning four microarchitectures (Intel Xeon Ice Lake/Cascade Lake, AMD EPYC Milan, ARM Graviton3). ML-DSA and Falcon achieve 100% SLA compliance across all configurations; worst-case NPP p99 overhead is 1.57 ms (ML-DSA-87, 0.079% of SLA budget). We introduce the Crypto Dilution Index (CDI = delta-p99/p99_e2e), showing all non-SPHINCS+ algorithms achieve CDI < 0.04. GEV analysis yields p99.9 bounds below 154 ms (95% CI). Falcon-512 is the only NIST PQC signature fitting within the 2,048-byte SWIFT MT field limit (1,563 bytes combined). SPHINCS+ saturates HSM queues at NPP volumes (rho=1.8855, c=2 servers), achieving 0% NPP SLA compliance, characterised as a DoS amplification surface in hybrid deployments (utilisation ratio ~9,428x ECDSA). An HNDL actuarial model estimates 9.56 billion NPP records at risk under CRQC-2030. Migration costs peak at USD 21.4M in 2026, declining to USD 1.5M/year by 2028.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

The simulation finds ML-DSA and Falcon meet NPP SLAs with low overhead while SPHINCS+ saturates queues, but the M/M/c and GEV assumptions need verification against real traffic.

read the letter

This paper runs Monte Carlo simulations of NIST post-quantum signatures on Australia's New Payments Platform and reports that ML-DSA and Falcon stay well inside the 2-second SLA while SPHINCS+ overloads the HSMs and fails compliance entirely. It adds a Crypto Dilution Index to show relative overhead and an HNDL actuarial estimate of 9.56 billion records at risk by 2030, plus a cost timeline that peaks at 21.4 million USD in 2026 before falling sharply. The liboqs benchmarks across Intel, AMD, and ARM nodes give the latency numbers some grounding beyond pure theory, and the 1,000-day seasonally mixed runs produce concrete p99 and p99.9 figures that planners can reference directly. The work is a straightforward extension of existing queueing and PQC performance models to one national system, but the specific combination of NPP volume, CDI metric, and cross-architecture validation is new enough to be useful on its own terms. The main soft spot is the reliance on M/M/c queueing plus GEV tails. Real NPP traffic shows diurnal bursts and batching rather than pure Poisson arrivals, and HSM signature times are closer to deterministic or log-normal than exponential. If those distributional choices do not match the actual hardware and load patterns, the 100% compliance claim and the rho=1.8855 saturation for SPHINCS+ can move. The abstract gives no visible sensitivity checks or parameter sourcing details, so the exact overhead numbers rest on untested assumptions. This is aimed at infrastructure teams and standards bodies handling PQC migration in high-volume finance. Readers who need ballpark overheads and cost ranges for similar real-time systems will find usable numbers here. It deserves peer review so referees can examine the simulation code, validation steps, and traffic model fit.

Referee Report

2 major / 2 minor

Summary. The manuscript reports a Monte Carlo simulation study of migrating Australia's New Payments Platform (NPP, 5.2M daily transactions, 2000 ms SLA) to NIST PQC signatures (ML-DSA, SPHINCS+, Falcon). It jointly models M/M/c queue saturation, GEV tail bounds, and HNDL actuarial exposure over 1000 seasonally-mixed days (80M events), with liboqs cross-validation on a seven-node multi-cloud testbed. Central claims include 100% SLA compliance and p99 overhead of 1.57 ms for ML-DSA/Falcon (CDI < 0.04), 0% compliance for SPHINCS+ due to saturation (rho=1.8855, c=2), Falcon-512 fitting the 2048-byte SWIFT limit, 9.56B records at HNDL risk under CRQC-2030, and migration costs peaking at USD 21.4M in 2026.

Significance. If the distributional assumptions hold, the work supplies quantitative performance and risk metrics for PQC adoption in high-volume real-time payment systems, including a novel Crypto Dilution Index and actuarial HNDL projections. Strengths include the multi-architecture liboqs validation and the scale of the event-driven simulation. The results could inform infrastructure planning for quantum-safe transitions in financial networks.

major comments (2)

[§4 (Queueing Model)] §4 (Queueing Model): The 0% SLA compliance and DoS-amplification characterization for SPHINCS+ rest on the M/M/c derivation yielding rho=1.8855 (c=2 servers) and the associated utilization ratio of ~9428x ECDSA; the model assumes Poisson arrivals and exponential service times, yet the manuscript provides no empirical calibration or sensitivity checks against documented NPP traffic features (diurnal bursts, batching, heavy tails) or measured HSM latency distributions (often closer to deterministic or log-normal).
[§5.1 (GEV Analysis)] §5.1 (GEV Analysis): The p99.9 bounds <154 ms (95% CI), p99 overhead of 1.57 ms, and CDI values are obtained from GEV fitting to the 80M simulated events generated by the seasonally-mixed 1000-day process; the paper does not report the fitting procedure, shape/scale parameter estimates, goodness-of-fit diagnostics, or robustness tests under alternative generators, leaving the headline compliance figures dependent on unvalidated tail assumptions.

minor comments (2)

[Abstract] The abstract introduces the Crypto Dilution Index (CDI) without a one-sentence definition; a brief parenthetical would improve standalone readability.
[Results tables] Table captions and axis labels should explicitly state the number of Monte Carlo replications and the exact liboqs version used for each latency measurement.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for their constructive and detailed feedback, which has helped us identify opportunities to strengthen the transparency of our modeling sections. We address each major comment point by point below and have prepared corresponding revisions to the manuscript.

read point-by-point responses

Referee: §4 (Queueing Model): The 0% SLA compliance and DoS-amplification characterization for SPHINCS+ rest on the M/M/c derivation yielding rho=1.8855 (c=2 servers) and the associated utilization ratio of ~9428x ECDSA; the model assumes Poisson arrivals and exponential service times, yet the manuscript provides no empirical calibration or sensitivity checks against documented NPP traffic features (diurnal bursts, batching, heavy tails) or measured HSM latency distributions (often closer to deterministic or log-normal).

Authors: We acknowledge that the M/M/c analysis in §4 relies on standard Poisson arrival and exponential service assumptions for tractability and does not include explicit sensitivity checks against NPP-specific features such as diurnal patterns or alternative HSM latency distributions. Our liboqs testbed measurements informed the service time parameters, and the seasonally-mixed simulation already incorporates some daily variation, but we did not report robustness tests under log-normal or deterministic alternatives in the submitted version. In the revision we will expand §4 with a new paragraph on model limitations and add sensitivity results using log-normal service times fitted to our testbed data; these confirm that SPHINCS+ queue saturation (rho > 1) and the associated DoS amplification characterization remain robust under heavier-tailed distributions. revision: yes
Referee: §5.1 (GEV Analysis): The p99.9 bounds <154 ms (95% CI), p99 overhead of 1.57 ms, and CDI values are obtained from GEV fitting to the 80M simulated events generated by the seasonally-mixed 1000-day process; the paper does not report the fitting procedure, shape/scale parameter estimates, goodness-of-fit diagnostics, or robustness tests under alternative generators, leaving the headline compliance figures dependent on unvalidated tail assumptions.

Authors: We agree that §5.1 would be strengthened by explicit reporting of the GEV fitting methodology. The submitted manuscript omitted these details for brevity. We will revise the section to document the maximum-likelihood fitting procedure, the estimated shape (ξ), scale (σ), and location (μ) parameters with standard errors, goodness-of-fit diagnostics (QQ-plots, Kolmogorov-Smirnov and Anderson-Darling statistics), and robustness checks via bootstrap resampling and comparison to Gumbel and log-normal alternatives. These additions will directly support the reported p99.9 bounds, p99 overhead, and CDI values. revision: yes

Circularity Check

0 steps flagged

Monte Carlo simulation driven by external NIST standards, liboqs benchmarks, and published queueing/GEV theory

full rationale

The paper's core results (SLA compliance percentages, p99 overheads, CDI values, queue saturation rho, GEV tail bounds, HNDL exposure estimates, and migration cost projections) are generated by forward simulation of 80 million events over 1,000 days. Inputs are taken from NIST FIPS 204/205/206 specifications, direct liboqs 0.15.0 measurements on external multi-cloud hardware, standard M/M/c formulas, and published GEV theory; no equation or reported figure is shown to equal a parameter fitted from the same run's outputs or to rest on a self-citation chain that itself lacks independent verification. The derivation chain therefore remains self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

2 free parameters · 2 axioms · 2 invented entities

Claims rest on standard M/M/c queueing and GEV distributions plus a newly defined CDI and custom HNDL actuarial model; no independent evidence or machine-checked validation is supplied for the parameter choices or projections.

free parameters (2)

simulation_days
1,000 seasonally-mixed days chosen to generate 80 million events
NPP_daily_volume
5.2 million transactions per day taken as fixed input

axioms (2)

domain assumption M/M/c queue model accurately captures HSM saturation at NPP load
Invoked to derive rho=1.8855 and 0% SLA compliance for SPHINCS+
domain assumption GEV distribution provides valid p99.9 tail bounds for latency
Used to claim bounds below 154 ms with 95% CI

invented entities (2)

Crypto Dilution Index (CDI) no independent evidence
purpose: Quantify p99 overhead relative to end-to-end SLA budget
Newly introduced metric showing CDI < 0.04 for non-SPHINCS+ algorithms
HNDL actuarial exposure model no independent evidence
purpose: Estimate number of NPP records vulnerable to future CRQC
Produces 9.56 billion records at risk under 2030 projection

pith-pipeline@v0.9.0 · 5691 in / 1745 out tokens · 33939 ms · 2026-05-08T18:14:39.842969+00:00 · methodology

discussion (0)

Reference graph

Works this paper leans on

48 extracted references · 1 canonical work pages

[1]

Cybersecurity in an Era with Quantum Computers: Will We Be Ready?

M. Mosca, "Cybersecurity in an Era with Quantum Computers: Will We Be Ready?" IEEE Security & Privacy, vol. 16, no. 5, pp. 38–41, 2018

2018
[2]

Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange,

C. Paquin, D. Stebila, and G. Tamvada, "Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange," IACR Cryptology ePrint Archive, Report 2019/044,

2019
[3]

Available: https://eprint.iacr.org/2019/044 (Predecessor to [28]; cited for hybrid KEM classification framework in Section 2.4.)

[Online]. Available: https://eprint.iacr.org/2019/044 (Predecessor to [28]; cited for hybrid KEM classification framework in Section 2.4.)

2019
[4]

Post-Quantum Cryptography Standards: FIPS 203, 204, 205, 206,

NIST, "Post-Quantum Cryptography Standards: FIPS 203, 204, 205, 206," National Institute of Standards and Technology, Gaithersburg, MD, August 2024

2024
[5]

Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH,

E. Crockett, C. Paquin, and D. Stebila, "Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH," IACR Cryptology ePrint Archive, Report 2019/858, 2019

2019
[6]

Post-quantum cryptography,

D. J. Bernstein and T. Lange, "Post-quantum cryptography," Nature, vol. 549, no. 7671, pp. 188–194, September 2017

2017
[7]

Quantum Computing and Financial System Stability,

European Central Bank, "Quantum Computing and Financial System Stability," ECB Economic Bulletin, Issue 8/2023, Frankfurt am Main, December 2023

2023
[8]

The Bank’s Approach to Operational Resilience in a Post-Quantum World,

Bank of England, "The Bank’s Approach to Operational Resilience in a Post-Quantum World," Bank of England Discussion Paper DP2024/01, London, 2024

2024
[9]

Payments System Board Annual Report 2024,

Reserve Bank of Australia, "Payments System Board Annual Report 2024," RBA, Sydney, 2024

2024
[10]

NPP Technical Standards Version 2.3,

NPP Australia, "NPP Technical Standards Version 2.3," NPPA, Sydney, 2024

2024
[11]

Prudential Standard CPS 234, Information Security,

APRA, "Prudential Standard CPS 234, Information Security," Australian Prudential Regulation Authority, Sydney, 2019 (amended 2022)

2019
[12]

SWIFT Standards MT Message Overview 2024,

SWIFT, "SWIFT Standards MT Message Overview 2024," SWIFT SCRL, La Hulpe, Belgium, 2024

2024
[13]

ISO 20022 Universal financial industry message scheme, pacs.008 FIToFI- CustomerCreditTransfer,

ISO, "ISO 20022 Universal financial industry message scheme, pacs.008 FIToFI- CustomerCreditTransfer," International Organization for Standardization, Geneva, 2023

2023
[14]

Queueing Systems, Volume 1: Theory,

L. Kleinrock, "Queueing Systems, Volume 1: Theory," John Wiley & Sons, New York, NY, 1975. 71

1975
[15]

liboqs version 0.14.0,

Open Quantum Safe Project, "liboqs version 0.14.0," 2024. [Online]. Available: https://github.com/open-quantum-safe/liboqs

2024
[16]

CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM,

J. W. Bos et al., "CRYSTALS-Kyber: A CCA-Secure Module-Lattice-Based KEM," IEEE EuroS&P, pp. 353–367, 2018

2018
[17]

CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme,

L. Ducas et al., "CRYSTALS-Dilithium: A Lattice-Based Digital Signature Scheme," TCHES, vol. 2018, no. 1, pp. 238–268, 2018

2018
[18]

Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU,

P.-A. Fouque et al., "Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU," NIST PQC Round 3 Submission, 2020

2020
[19]

SPHINCS+: Stateless Hash-Based Signatures,

D. J. Bernstein et al., "SPHINCS+: Stateless Hash-Based Signatures," NIST PQC Round 3 Submission, 2022

2022
[20]

The Transport Layer Security (TLS) Protocol Version 1.3,

IETF, "The Transport Layer Security (TLS) Protocol Version 1.3," RFC 8446, August 2018

2018
[21]

Quarterly ADI Statistics, September 2024,

APRA, "Quarterly ADI Statistics, September 2024," Australian Prudential Regulation Authority, Sydney, 2024

2024
[22]

Australian Banking Industry Roadmap: BECS Migration to NPP 2024,

ABA, "Australian Banking Industry Roadmap: BECS Migration to NPP 2024," Australian Banking Association, Sydney, 2024

2024
[23]

Statistical Power Analysis for the Behavioral Sciences,

J. Cohen, "Statistical Power Analysis for the Behavioral Sciences," 2nd ed. Hillsdale, NJ: Lawrence Erlbaum Associates, 1988. (Effect size benchmarks: small d = 0.2, medium d = 0.5, large d = 0.8.)

1988
[24]

Table C6: Direct Entry and NPP Statistics,

Reserve Bank of Australia, "Table C6: Direct Entry and NPP Statistics," RBA Statistical Tables, April 2026

2026
[25]

A fast quantum mechanical algorithm for database search,

L. K. Grover, "A fast quantum mechanical algorithm for database search," Proc. 28th STOC, pp. 212–219, 1996

1996
[26]

Polynomial-time algorithms for prime factorization and discrete loga- rithms on a quantum computer,

P. W. Shor, "Polynomial-time algorithms for prime factorization and discrete loga- rithms on a quantum computer," SIAM J. Comput., vol. 26, no. 5, pp. 1484–1509, 1997

1997
[27]

Post-Quantum Authentication in TLS 1.3: A Performance Study,

D. Sikeridis, P. Kampanakis, and M. Devetsikiotis, "Post-Quantum Authentication in TLS 1.3: A Performance Study," NDSS 2020

2020
[28]

Security of Hybrid Key Encapsulation,

M. J. Campagna and A. Petcher, "Security of Hybrid Key Encapsulation," IETF Internet-Draft draft-campagna-secdispatch-hybrid-kem, 2020

2020
[29]

Benchmarking Post-Quantum Cryptography in TLS,

C. Paquin, D. Stebila, and G. Tamvada, "Benchmarking Post-Quantum Cryptography in TLS," PQCrypto 2020, LNCS vol. 12100, pp. 72–91, 2020. 72

2020
[30]

Central bank digital currencies: foundational principles and core features,

Bank for International Settlements, "Central bank digital currencies: foundational principles and core features," BIS Report No. 1, October 2020

2020
[31]

FSB Report on Cryptographic Agility in Financial Market Infrastructure,

Financial Stability Board, "FSB Report on Cryptographic Agility in Financial Market Infrastructure," FSB, Basel, 2023

2023
[32]

SP 800-131A Rev 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths,

NIST, "SP 800-131A Rev 2: Transitioning the Use of Cryptographic Algorithms and Key Lengths," NIST, Gaithersburg, MD, March 2019

2019
[33]

Monte Carlo Methods in Financial Engineering,

P. Glasserman, "Monte Carlo Methods in Financial Engineering," Springer, New York, NY, 2003

2003
[34]

Probability, Random Variables, and Stochastic Pro- cesses,

A. Papoulis and S. U. Pillai, "Probability, Random Variables, and Stochastic Pro- cesses," 4th ed., McGraw-Hill, 2002

2002
[35]

FIPS 140-3: Security Requirements for Cryptographic Modules,

NIST, "FIPS 140-3: Security Requirements for Cryptographic Modules," NIST, Gaithersburg, MD, 2019

2019
[36]

Information Security Thematic Review: Key Findings and Observations,

APRA, "Information Security Thematic Review: Key Findings and Observations," APRA, Sydney, 2023

2023
[37]

Quantum Computing and Post-Quantum Cryptography,

National Security Agency, "Quantum Computing and Post-Quantum Cryptography," NSA Cybersecurity Information Sheet, August 2021

2021
[38]

An Introduction to Statistical Modeling of Extreme Values,

S. Coles, "An Introduction to Statistical Modeling of Extreme Values," Springer, London, 2001. (GEV block-maxima method, bootstrap CI methodology)

2001
[39]

EDF Statistics for Goodness of Fit and Some Comparisons,

M. A. Stephens, "EDF Statistics for Goodness of Fit and Some Comparisons," J. Am. Stat. Assoc., vol. 69, no. 347, pp. 730–737, 1974. (Anderson-Darling test critical values)

1974
[40]

A new look at the statistical model identification,

H. Akaike, "A new look at the statistical model identification," IEEE Trans. Autom. Control, vol. 19, no. 6, pp. 716–723, 1974. (AIC criterion used in multi-distribution comparison)

1974
[41]

Sizing Up Post-Quantum Signatures,

D. Connolly and J. Westerbaan, "Sizing Up Post-Quantum Signatures," Cloudflare Research Blog, 2024. [Online]. Available: https://blog.cloudflare.com/sizing- up-post-quantum-signatures [Accessed: 16 Apr. 2026]. Archived: https://web.archive.org/web/20240401000000*/https://blog.cloudflare.com/sizing- up-post-quantum-signatures. (Real-world PQC signing overh...

work page arXiv 2024
[42]

Quantum Security for SWIFT: Technical Guidance and Migration Consid- erations,

SWIFT, "Quantum Security for SWIFT: Technical Guidance and Migration Consid- erations," SWIFT Paper, La Hulpe, Belgium, September 2024. 73

2024
[43]

Project Leap: Quantum-proofing the financial system,

Bank for International Settlements Innovation Hub, "Project Leap: Quantum-proofing the financial system," BIS Innovation Hub Working Paper, Basel, 2024

2024
[44]

Quantum-Readiness: Migration to Post-Quantum Cryp- tography, Joint Guidance for Organisations to Plan and Prepare for Migration,

CISA, NSA, and NIST, "Quantum-Readiness: Migration to Post-Quantum Cryp- tography, Joint Guidance for Organisations to Plan and Prepare for Migration," U.S. Cybersecurity and Infrastructure Security Agency / National Security Agency / National Institute of Standards and Technology, August 2023. [Online]. Avail- able: https://www.cisa.gov/resources-tools/r...

2023
[45]

K. P. Burnham and D. R. Anderson, Model Selection and Multimodel Inference: A Practical Information-Theoretic Approach, 2nd ed. New York, NY: Springer, 2002. (∆AIC evidence weight interpretation rubric: <2 substantial support, 4–7 considerably less support, >10 essentially no support for the alternative model, cited for decisive- evidence threshold in Sec...

2002
[46]

Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Cybersecurity Advisory,

National Security Agency, "Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) Cybersecurity Advisory," NSA Cybersecurity Advisory, September
[47]

[Online]. Available: https://media.defense.gov/2022/Sep/07/2003071834/-1/- 1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF (CNSA 2.0 mandates PQC transition for National Security Systems, replacing CNSA 1.0 algorithms including ECDSA-P256, with compliance timelines of 2030–2035 depending on system type.)

2022
[48]

New Effect Size Rules of Thumb,

S. S. Sawilowsky, "New Effect Size Rules of Thumb," Journal of Modern Applied Statistical Methods, vol. 8, no. 2, pp. 597–599, 2009. (Extended Cohen’s d taxonomy: very large d≥1.2, huge d≥2.0, cited for ML-DSA-65 Hybrid d = 2.28 ’ huge’ and SPHINCS+ d = 16,360 ’ extreme/off-scale’ magnitudes in Table 3 and Section 5.2.) 74

2009