The paper considers the concept of a threat model, presents the results of substantiation and development of proposals for building a threat model for asymmetric cryptotransformations such as a promising electronic signature (ES), which can be used in the post-quantum period. The generalized models of threats concerning perspective ES are stated in detail and their estimation is given. Threat models for promising ES using classical and quantum cryptanalysis methods and tools, threat models for synthesis and application of ES in general, as well as threat models for synthesis and application of ES in the post-quantum period are proposed. A list of threats is identified based on the results of the analysis of the methods of synthesis and application of known and promising ES. Proposals are formulated for a list of threats for which protection should be provided. The list of threats is determined using the IT-Grundschutz Catalogues of the German database, and based on this a threat model is formed. It is determined that the threats to the use of classical cryptanalysis in the synthesis and application of EP must be identified in detail unconditionally. The main threats (methods) of classical cryptanalysis that must be taken into account are identified. Possible variants of side channel attacks are considered. The main threats (attacks) using quantum mathematical methods that can be implemented on a quantum computer (of course, if it is built). A comparative analysis of the complexity of factorization for classical and quantum algorithms, as well as a comparative analysis of the complexity of the algorithm of discrete logarithm in a finite field based on the sieve of a numerical field and the Shore algorithm are given. Threats (attacks) are considered on the example of the problem of stability of cryptotransformations based on learning with errors (LWE). In general, attacks on LWE can be divided into 2 major classes – attacks based on bust and attacks based on lattice reduce. Preliminary analysis allows us to conclude that modern versions of LWE mechanisms are based on polynomial rings.