Reference
Assessment methodology
Version 1.0 · last updated 15 July 2026
This document describes exactly how a LatticeScan assessment is produced and how the grade is derived. It is published so that any result can be checked, reproduced, and defended.
Scope
A LatticeScan assessment measures the post-quantum posture of a domain’s public, internet-facing endpoints. It uses only information that is already public and performs the same kind of connection a web browser makes. It does not authenticate, does not use credentials, and does not access internal systems. The limits of this scope are stated in full below.
1. Discovery
Since 2018, publicly trusted certificates must be logged to public Certificate Transparency (CT) logs. LatticeScan queries those logs to enumerate the hostnames a domain has issued certificates for, including hostnames that are no longer actively advertised. Hostnames that do not resolve, or that resolve to private or reserved addresses, are excluded.
2. Probing
Each reachable hostname is contacted over TLS 1.3. LatticeScan offers the endpoint only hybrid post-quantum key exchange groups (for example X25519MLKEM768, which combines the classical X25519 exchange with ML-KEM as standardized in NIST FIPS 203). If the handshake completes, the endpoint supports post-quantum key exchange. If it is refused, it does not. This is a positive test: support is confirmed by a completed handshake, not inferred.
The protocol version, negotiated cipher, and the certificate’s public-key algorithm and validity are recorded for each endpoint.
3. Scoring criteria
Each assessment evaluates the following, and reports the result of each:
- Post-quantum key exchange.The share of reachable endpoints that negotiate a hybrid ML-KEM key exchange. This is the criterion most weighted, because key exchange is the only part of a TLS session exposed to “harvest now, decrypt later.”
- Obsolete TLS (1.0 / 1.1). The presence of deprecated protocol versions, which are insecure independent of quantum considerations.
- TLS 1.3 support. Post-quantum key exchange requires TLS 1.3; endpoints that cannot negotiate it cannot be made quantum-safe without an upgrade.
- Certificate signature algorithm. Reported for completeness. Certificate signatures are not yet actionable, because no publicly trusted certificate authority issues post-quantum (ML-DSA) certificates.
- Certificate validity. Certificates that are expired or expiring shortly.
4. Grade scale
The grade reflects post-quantum key exchange coverage across reachable public endpoints:
- A · every reachable endpoint uses post-quantum key exchange
- B · a majority of endpoints do
- C · modern TLS, but classical key exchange on some or all endpoints
- D · one or more endpoints cannot support TLS 1.3
- F · obsolete TLS (1.0 / 1.1) is present, which overrides other results
- ? · no endpoints were reachable; the domain could not be assessed
Every report states, in its “basis for grade,” what was and was not found, so the grade can be traced to the underlying observations.
5. Reproducibility
Each report carries a reference number and can be regenerated at any time by re-running the assessment for the same domain. Because the method relies only on public data and a standard TLS handshake, an independent party can reproduce and verify the result without our involvement.
Limits of an external assessment
This assessment covers external, internet-facing endpoints only. It does not evaluate the cryptography inside an organization: internal PKI and private certificate authorities; cloud key management (AWS KMS, Azure Key Vault, Google Cloud KMS); VPNs; databases and backups; code signing; SSH and machine identities; hardware security modules; application secrets; email certificates; or identity systems. A complete cryptographic inventory must cover those as well. A grade here reflects external posture only, and is a starting point for a full inventory, not a completed migration.
Standards referenced
NIST FIPS 203 (ML-KEM) for the key-establishment mechanism tested; the IETF TLS working group for hybrid key exchange in TLS 1.3. See standards alignment for the full mapping.
Sources: NIST FIPS 203 · IETF TLS working group