NIST is deprecating RSA and ECC by 2030. DORA Article 28-30 requires audit-grade evidence on third-party ICT, quantum included. The board wants reproducible answers, not vendor brochures. Six solutions. Each ships a signed manifest a board can act on.
A board memo dated 2027 needs to point at a record the regulator can re-walk. Every solution in this catalog ships that record. From here forward the page references the audit chain by name; the mechanism is stated once, in this section.
Every shipped artefact carries a `.qapp` manifest. Each input, primitive, transpiler pass, basis-gate set, mitigation primitive, seed, and bias-and-variance bound, recorded. Canonical-JSON SHA-256 in `hash.txt`. The regulator verifies the hash before trusting the file.
When a tool reaches Gate 5, the hardware-run block carries vendor, backend, job_id, and a vendor-side log URL or API query. The regulator opens the URL and confirms the job ran with the recorded shots, calibration timestamp, and basis gates.
Every gate transition is hash-chained into a per-tool ledger. A modification after signing breaks the chain. An EU FS-PQC examiner can re-walk the ledger byte-for-byte and confirm the manifest was not edited after the gate closed.
Classical pre and post scripts ship with their own SHA-256s. Two runs of the tool with the same envelope (seed, optimization level, basis gates, transpiler-pass order, SDK version, calibration timestamp) produce byte-equal artefacts. The buyer's external reviewer re-runs the pipeline and confirms.
A quantum vendor showed pretty charts. The board wants a budget answer. Most teams have nothing defensible to point at. The Audit derives a best-case quantum runtime under stated assumptions, then runs the proposed algorithm against the strongest classical baseline. If even the best-case quantum runtime loses, the real implementation cannot beat it.
Four verdicts. Reformulation review precedes every one. The buyer leaves with a signed Manifest, a two-page board memo, a redirect path where the current candidate fails, and a citation block that names every source the analysis relied on.
A regulated bank's audit window for post-quantum migration starts now. Most CISOs have nothing concrete to file under DORA Art. 28-30 beyond a vendor's marketing PDF. This tool produces what the CISO files instead: for each public-key asset the buyer supplies (RSA modulus, ECC curve, or DH-FFC group), the tool emits a single signed `.qapp` manifest. Inside it: the compiled Shor-family attack circuit in three decomposition variants, the per-vendor T-count and physical-qubit budget under each vendor's published roadmap, and the signed disambiguation field stating verbatim what was demonstrated and what was not.
Paired with the X+Y vs Z migration calculator (the buyer supplies shelf-life X and migration time Y; we anchor Z to the published expert-survey distribution), a hybrid-cipher recommendation anchored to FIPS 203 (ML-KEM-768), FIPS 204 (ML-DSA-65), and FIPS 205 (SLH-DSA-128s), and a KAT-verified test-vector circuit pack the buyer runs inside the HSM. The manifest is what the buyer files as DORA Art. 28-30 evidence of post-quantum migration position.
What you bring to start: an RSA modulus, ECC curve, or DH-FFC group plus a signed asset-ownership attestation.
A vendor brochure quotes a fidelity number. The buyer cannot tell whether the number was measured under conditions that match the buyer's workload, modelled from a separate calibration window, or framed for marketing. A VC technical-due-diligence partner reading the brochure cannot independently verify it; a procurement lead checking a vendor claim has no document to compare against. This tool produces the comparison document. Four benchmark protocols, all on a common discipline: randomized benchmarking + cycle benchmarking + linear cross-entropy benchmarking + Forrelation oracle.
Each fidelity number ships with a 95% bootstrap CI. An XEB number ships with a dated spoof-hardness witness naming defeated and not-defeated classical attacks AS OF the witness reference date. If the spoofing frontier moves on Tuesday, the registry updates on Wednesday and the affected scorecards demote with a dated reference. The buyer is buying a measurement, not a frozen number.
What you bring to start: a vendor scorecard claim, fidelity number, or XEB result you cannot independently verify.
The buyer hands over one circuit in OpenQASM 3 or as a Qiskit object. The tool returns four side-by-side artefacts the buyer can submit to four vendors, each with a deterministic cost manifest reporting depth, T-count, 2Q-gate count, SWAP overhead per the vendor coupling-map family, idle-time fraction, and predicted total infidelity with a bootstrap 95% CI.
Heavy-hex (IBM Heron r2). All-to-all trapped-ion (IonQ Tempo). Zoned-racetrack trapped-ion (Quantinuum H3). Neutral-atom Rydberg (Pasqal Orion β). Where a vendor is genuinely worse for a workload, the manifest says so. The 156-physical-qubit number is not a logical-qubit number and the registry row carries `logical_qubit_count: 0` to make the distinction unambiguous. Manifest SHA-256: `aa69456755e2027fda5ec65cc650683babd3af8e89623cc561ea3545b3dab738`.
What you bring to start: one OpenQASM 3 circuit and a target accuracy.
VP R&D at a battery-cell company (Samsung SDI / CATL / LG Energy / BASF Battery Materials) reads a DFT-PBE prediction for Li-intercalation voltage on a candidate cathode. The customer chemist team cannot easily benchmark that prediction against a quantum-grade method without standing up an in-house quantum chemistry program. This tool returns the comparison: for a sample cathode (LiNiO2, LiCoO2, Li-rich-NMC, or a customer-supplied variant), the tool returns a predicted Li-intercalation voltage in volts with a 95% CI and a delta to the customer's in-house DFT-PBE reference in meV. Target accuracy: within 25 to 50 meV of reference, the operative window for cell-grade voltage prediction.
No H2 or LiH trivial-pass. CCSD(T) is exact for those systems and a passing run on H2 demonstrates only that the compiler emits a syntactically valid circuit. The discriminator system is one where the classical method genuinely struggles (static correlation in stretched H4, or open-shell multireference in [2Fe-2S]). The classical baseline is keyed off `system_class` via an explicit handler matrix. CCSD(T) is rejected for periodic battery cathodes; AFQMC + DMET is the default; DFT-PBE / HSE06 is the customer-facing comparison anchor.
What you bring to start: a CIF (crystal structure) and a DFT-PBE reference voltage from your in-house workflow.
Zero-noise extrapolation (ZNE) with pulse-stretching or gate-folding noise families, an analyticity diagnostic gating the bias bound, and Lindblad-truncation-derived bias certificates. Classical shadows (Clifford, Pauli, derandomised) with shadow sample-complexity certificates per prediction. Cycle benchmarking and randomized benchmarking emit the noise profile that downstream estimators consume.
On a 4-qubit GHZ Z-parity reference circuit under injected per-2Q-gate depolarising noise of rate 0.005 to 0.01, the ZNE-mitigated estimator CI overlaps the closed-form ideal value 1.0 within the bias bound. The Pauli-shadow predictor estimates ⟨Z⊗⁴⟩ within the shadow sample-complexity bound when N ≥ shadow_bound. The spine is what the other tools plug into: the cryptanalysis hardware run consumes its certificate hash, benchmarking consumes its noise profile, the transpiler infidelity prediction consumes its bias bound, and the chemistry voltage CI consumes its mitigated estimator.
Mitigation is the hub. Every other tool plugs into it. Arrows name the artifact each tool emits to the next. Feasibility gates the engagement; the board memo is the destination.
Amber arrows touch the mitigation hub. Dark arrows reach the board memo. The diagram is the catalog's connective tissue stated once.
Posture inherited from the FeasibilityQu engagement and applied across the catalog. Specific pricing surfaced at the scoping call.
Software triage, free where applicable
A short-form diagnostic the buyer runs against a candidate workload. Output is a one-page read on whether the candidate is worth a Standard engagement. Available for FeasibilityQu via the live triage; equivalent diagnostics shipping for the cryptanalysis and benchmarking solutions.
15,000 EUR flat
A bounded engagement on one asset, one circuit, one cathode, or one workload. Buyer supplies the input, signs the per-asset attestation where applicable, receives the signed manifest, the deliverables list above for the chosen solution, and a thirty-minute read-out call.
40,000 EUR flat
A larger engagement on a confidential asset class or a buyer-specific extension to the chassis. Includes NDA reference recorded in `release_gate.nda_reference`, customer-asset-ownership attestation hashed into the manifest, dedicated work on the specific asset class, and a board-level read-out.
The brochures look the same. The manifests do not. Book a 30-minute catalog walkthrough; we line the buyer's asset against the closest solution and quote scope on the call.