What changed
FACT (sources): Swift launched a blockchain ledger with a 17-bank tokenized-deposit pilot and 24/7 settlement (Cointelegraph, CoinDesk, 2026-07-09), and a White House executive order set a 2030 post-quantum cryptography migration deadline (Cloudflare blog). HYPOTHESIS: these bank chains default to quantum-vulnerable ECDSA/EdDSA β plausible given industry norms but not stated in the provided sources.
Why now
FACT: the EO creates a dated compliance obligation. HYPOTHESIS: 2026 architecture decisions are the cheapest moment to influence, and compliance officers now have a clock. But 2030 is 4 years out β for most bank compliance teams that is next-fiscal-year planning, not this-quarter spend, which undercuts the 30-90 day revenue requirement.
Converging signals
Regulation (PQC EO with 2030 deadline) x crypto infrastructure (Swift ledger + 17-bank tokenized-deposit pilot with 24/7 settlement). The convergence is real and well-timed at the macro level; the mismatch is between the buyer class it implies and this founder's constraints.
Customer pain
HYPOTHESIS: banks integrating tokenized deposits are accruing cryptographic debt they will have to inventory and remediate before 2030, and regulators will ask for a migration plan. No source in the input shows a bank actively shopping for this today; pain is future-dated and currently absorbed by internal security teams and incumbent consultancies.
Who pays
In theory: banks in the Swift pilot orbit, tokenization-infrastructure vendors, and their compliance/audit departments. In practice these are enterprise buyers who procure security assessments through vendor-risk processes requiring insurance, references, certifications (e.g., recognized audit credentials), and 6-18 month sales cycles β the exact channel this founder has ruled out.
Solved today
Big-4 consultancies, bank-internal cryptography teams, and specialized PQC vendors (SandboxAQ, PQShield, ISARA, Quantinuum) already sell crypptographic inventory / crypto-agility assessments; NIST and vendor tooling for cryptographic bill-of-materials (CBOM) exists and is maturing.
Why current solutions are bad
HYPOTHESIS: incumbents underweight blockchain-specific migration problems (signatures baked into addresses, immutable history, multi-party coordination). Even if true, that gap advantages a credentialed cryptography boutique, not a solo generalist β the buyer cannot verify a solo operator's cryptography claims and will not bet regulatory posture on them.
Proposed product
A crypto-agility inventory tool + PQC-readiness assessment report template targeted at tokenized-asset integrations, producing regulator-facing audit artifacts. A weaker but more solo-shaped variant: an automated scanner/report product that fingerprints a chain integration's signature schemes and outputs a CBOM-style readiness score.
MVP version
A scripted scanner over public chain/repo artifacts plus a report generator producing a 'PQC exposure inventory' PDF for a named tokenization stack. Technically buildable solo in 2-4 weeks. The MVP is not the bottleneck; access and credibility are.
30-day build
If pursued despite the kill case: publish a free teardown ('PQC exposure of tokenized-deposit architectures') as a credibility artifact; build the scanner against 2-3 public tokenization codebases; pitch tokenization-infrastructure VENDORS (smaller, faster buyers than banks) on a white-label readiness report.
60-day build
Convert one vendor into a paid pilot report ($3-8k fixed fee). Vendors could resell the artifact to their bank customers as part of their own due-diligence package β the only path that avoids selling to banks directly.
90-day revenue plan
HYPOTHESIS, low confidence: 1-2 vendor-paid reports = $5-15k. Realistic base case is $0 in 90 days because even mid-size vendor security spend moves on quarterly cycles and demands references this founder lacks in cryptography.
Distribution path
Weakest link. No self-serve channel exists: buyers are compliance/security leaders at banks and their vendors, reached via enterprise sales, analyst relations, and conference credibility β all excluded by the founder profile. Content marketing to this audience is a 12-24 month trust build.
Pricing hypothesis
Assessment engagements in this market run $25k-$250k (incumbent pricing, HYPOTHESIS from market norms, not sourced). A solo-priced $3-8k report signals low credibility to exactly this buyer; underpricing hurts rather than helps in regulated-financial procurement.
Technical difficulty
Moderate for a scanner; high for a defensible audit. Real cryptographic-inventory work requires access inside the bank/vendor perimeter (HSMs, key ceremonies, signing services), which no outsider gets without contracts and clearance β the tool cannot see the assets that matter from outside.
Legal / regulatory risk
Material: issuing 'audit artifacts compliance teams show regulators' creates professional-liability exposure. If a certified-ready system is later breached or fails an exam, the assessor is in the blast radius. E&O insurance for cryptographic attestation as a solo with no credentials is expensive or unobtainable.
Platform dependency
Low technically, but the entire thesis depends on Swift-orbit pilots continuing and the EO deadline holding (a future administration or agency guidance could soften timelines).
Founder fit
Poor, despite superficially matching the regulation-driven pattern. The ELDT edge worked because the regulation forced MANY SMALL buyers (driving schools) to file into ONE portal, enabling productized per-transaction pricing with no enterprise sales. Here the regulation touches FEW HUGE buyers (global banks) with no filing portal to automate against β it inverts every element of the proven playbook. Founder has no cryptography credential, no financial-services network, and explicitly avoids enterprise sales and long trust cycles.
Breakout potential
High for someone else: PQC migration across finance is a decade-long, multi-billion-dollar wave, and CBOM tooling could become category infrastructure. That someone is a credentialed cryptography team or a funded startup, not this founder.
Final recommendation
KILL for this founder. The convergence is real and the macro thesis is sound, but every execution requirement (enterprise sales, credentialed trust, multi-year cycle, liability-bearing attestation) lands in the founder's stated avoid-list, and the ELDT pattern-match is inverted: few large buyers and no portal to automate, instead of many small forced filers and one portal. Park under 'revisit later' only if a future regulation forces many small crypto/fintech firms to FILE PQC attestations into a government portal β that variant would fit the proven playbook.
Next action
Archive with a watch-trigger: monitor for any rule (Treasury/OCC/NIST implementing guidance under the EO) that creates a mandatory PQC filing/registration obligation on small entities; do not spend build time now.