When a user sends a message over a wireless network, the message does not travel as-is. It is encrypted, authenticated, encapsulated, and transformed as it descends the protocol stack from the application layer to the physical medium. Each layer may apply its own cryptographic operations using its own algorithms, and these algorithms differ in their vulnerability to quantum computers. The security of the overall communication depends not on any single layer but on the \emph{composition} of transformations across all layers. We develop a preliminary formal framework for analyzing these cross-layer cryptographic transformations with respect to post-quantum cryptographic (PQC) readiness. We classify every per-layer cryptographic operation into one of four quantum vulnerability categories, define how per-layer PQC statuses compose across the full message transformation chain, and prove that this composition forms a bounded lattice with confidentiality composing via the join (max) operator and authentication via the meet (min). We apply the framework to five communication scenarios spanning Linux and iOS platforms, and identify several research challenges. Among our findings: WPA2-Personal provides strictly better PQC posture than both WPA3-Personal and WPA2-Enterprise; a single post-quantum layer suffices for payload confidentiality but \emph{every} layer must migrate for complete authentication; and metadata protection depends solely on the outermost layer.

翻译：当用户通过无线网络发送消息时，该消息并非原封不动地传输。消息在从应用层下降到物理介质的协议栈过程中会经历加密、认证、封装和变换。每一层可能使用其自身的算法执行密码学操作，而这些算法在面对量子计算机时的脆弱性各不相同。整体通信的安全性并不取决于单一层，而取决于所有层中变换的**组合**。我们建立了一个初步的形式化框架，用于分析这些跨层密码变换的后量子密码（PQC）就绪性。我们将每一层的密码学操作划分为四个量子脆弱性类别之一，定义了各层PQC状态如何在整个消息变换链中组合，并证明这种组合形成了一个有界格，其中机密性通过连接（最大）算子组合，而认证通过交（最小）算子组合。我们将该框架应用于涵盖Linux和iOS平台的五种通信场景，并识别出若干研究挑战。我们的发现包括：WPA2-个人版在PQC防护态势上严格优于WPA3-个人版和WPA2-企业版；单个后量子层足以保护负载机密性，但**每一层**都需要迁移以实现完整的认证；而元数据保护仅依赖于最外层。