Securing the future: Insights from the Cisco Research Quantum Resistant Security Summit

The Cisco Post-Quantum Security Summit held in April 2025 highlighted that true readiness for quantum threats goes beyond adopting new algorithms—it requires system-wide resilience, agile cryptographic infrastructure, and disciplined implementation. 

Speakers warned of real-world risks like “harvest now, decrypt later” attacks, timing-based leakage in software-defined networks (SDN), and side-channel profiling of post-quantum cryptography (PQC) libraries. Lightweight, symmetric-key-based multi-party computation (MPC) protocols were presented as practical post-quantum alternatives. The panel emphasized that vulnerabilities in runtimes, embedded systems, and implementation details could undermine even the strongest algorithms—making post-quantum security a complex architectural challenge, not just a cryptographic one.

Quantum threats of now and the future, and their remediation

The Cisco Post-Quantum Security Summit brought together leading cryptographers, industry experts, and security and network researchers to assess the current state of post-quantum security. Through two technical talks and a focused panel discussion, the event drilled into what it will truly take to secure critical digital infrastructure against emerging quantum threats.

The summit opened with Ramana Kompella, Ph.D., Cisco Fellow and Head of Research at Cisco, emphasizing that the risk posed by quantum computing is not speculative but immediate. He pointed to “harvest now, decrypt later” (HNDL) attacks as a tangible threat vector where adversaries today can capture encrypted data with the intent to decrypt it once large-scale quantum computers become viable. This looming reality makes reliance on standardization alone insufficient.

Post-quantum readiness demands more than new algorithms. It requires cryptographic agility, meaning we need the operational capacity to upgrade or switch primitives without wholesale infrastructure overhauls. He stressed that the security stack must evolve with provable correctness, scalable resilience, and hardware-awareness. PQC isn’t merely a cryptographic problem; it is a systemic one.

Cautionary tales about practical aspects of quantum resistant protocols

Cristina Nita-Rotaru, a professor from Northeastern University Khoury College of Computer Sciences, explored the often-overlooked implementation risks that emerge when post-quantum cryptographic primitives are embedded in real-world systems. Her talk, split into two parts, offered both a cautionary empirical study and a call for a systems-aware mindset in PQC deployment.

In the first half, Nita-Rotaru discussed a multi-path information-theoretic communication scheme based on secret sharing. While the scheme was provably secure in the abstract wiretap model, implementation over SDNs exposed a new timing-based side channel she termed “network data remanence (NDR).” 

Due to heterogeneous path latencies and persistent packet buffering, an attacker capable of observing a subset of nodes could probabilistically reconstruct messages. Her group demonstrated three attacks, including a novel “NDR-planned” strategy that adaptively tracks packet shares across hops. Even partial success in these attacks translated to full message recovery under realistic latency models. Mitigation using temporal and spatial redundancy improved security but came at significant throughput cost.

The second part shifted focus to side-channel leakage from resource usage during cryptographic operations. Her team fingerprinted cryptographic primitives by analyzing CPU cycles and memory access patterns. Using an XGBoost classifier, they successfully distinguished between classical and PQC primitives, and even between different PQC schemes and libraries (e.g., liboqs vs CIRCL). 

This work revealed that resource-based side channels, even in local execution contexts, could act as reliable classifiers—raising concerns about metadata leakage, adversarial profiling, and attack surface expansion. Furthermore, in networking protocols like Transport Layer Security ( TLS), key size fields in ClientHello and ServerHello messages were shown to expose the PQC algorithm being used.

Building giant MPC systems with lightweight cryptography

Aniket Kate, a professor at Purdue University, presented a roadmap for scaling secure multi-party computation (MPC) with post-quantum security by leveraging lightweight cryptographic primitives. 

He began by critiquing the two dominant paradigms in MPC: information-theoretic constructions, which provide strong security guarantees but incur extremely high communication complexity (often on the order of O(n14)), and computationally secure protocols, which depend heavily on expensive public-key cryptographic operations. 

As the number of participating parties (n) increases, these public-key-based approaches quickly become impractical due to their escalating computational cost. Instead, Kate’s group developed MPC protocols based entirely on symmetric-key primitives such as hash functions and MACs, modeling them in the Quantum Random Oracle Model (QROM). 

These primitives are not only quantum-resistant but offer several orders of magnitude performance improvements. Their protocols—ranging from fair and guaranteed-output MPC to distributed random beacons (HashRand) and dynamic proactive secret sharing—exhibited cubic or sub-cubic complexity and were implemented at scale with empirical benchmarks on 40+ node configurations.

Aniket also discussed the architectural viability of anonymous broadcast systems like RPM and OrgAn that offer robust, scalable anonymity for organizational settings using only post-quantum primitives like lattice-based key sharing and homomorphic pseudo-random function (PRFs). His most recent work flips the paradigm entirely: using anonymous communication channels to bootstrap cryptographic protocols, thereby achieving information-theoretic privacy with negligible cryptographic assumptions.

Panel discussion: Post-quantum transition risks and systemic security challenges

After the technical talks, the summit transitioned to a panel discussion moderated by Ashish Kundu, Cisco’s Head of Cybersecurity Research. The panel featured Cristina Nita-Rotaru from Northeastern University, Daniel Genkin from Georgia Tech, Alexander Nelson from the University of Arkansas, and Kompella from Cisco. The panel dissected several fundamental themes, with recurring emphasis on implementation maturity and ecosystem-wide fragility.

A key concern was that transitioning to PQC may reduce cryptanalytic risk but increase systemic vulnerability if immature libraries or protocols are deployed. For example, Genkin noted that PQC algorithms often exhibit non-deterministic behavior, with inherent failure modes (e.g., decoding failure in lattice schemes) that blur the line between benign noise and exploitable faults. Unlike Rivest–Shamir–Adleman (RSA) where a fault during execution may produce invalid ciphertexts, PQC schemes can silently degrade—enabling subtle but catastrophic backdoors.

Genkin also highlighted the relevance of side-channel attacks in PQC contexts. He stressed that timing channels, power side channels, and Rowhammer-style fault injections are more potent against PQC primitives due to larger keys, heavier computation, and broader error margins. These attacks do not require quantum adversaries—they are viable today and may outpace quantum threats in practical risk.

Nelson added that embedded systems, particularly those with firmware lifespans of decades, pose unique risks. Even if quantum computers capable of breaking RSA are a decade away, firmware deployed today must be quantum-hardened pre-emptively, or it will become a long-term liability.

Kompella pointed out that once an attacker gains control over a node or breaks the integrity of the OS layer, it does not matter whether the cryptographic protocol uses Kyber, Frodo, or classical elliptic curves. At that point, the guarantees are moot.

He said, "Compromise the node and compromise the implementation at the operating system level—there’s no guarantee for any security,” which encapsulated a theme that ran throughout the panel: Cryptographic strength does not translate to system security without implementation discipline.

The panel warned that crypto-agility—while necessary for future-proofing—also amplifies the attack surface by introducing unvetted, experimental cryptography into production. As Nita-Rotaru noted, many post-quantum libraries lack the maturity and scrutiny of OpenSSL. A rushed migration could merely replace known, mitigated vulnerabilities with unknown, exploitable ones.

Throughout the panel, Kundu wove the technical themes together with a systems-level framing. He emphasized that the transition to PQC is not simply a cryptographic challenge but a distributed, architectural one—touching the protocol stack, firmware, implementation correctness, and long-term maintainability. His moderation helped anchor the discussion in the real-world stakes of rolling out cryptographic change across global infrastructure.

Cryptographic evolution requires systemic rigor

The Cisco Post-Quantum Security Summit delivered a clear message that readiness is not algorithmic—it is architectural. Securing the post-quantum future demands more than adopting National Institute of Standards and Technology (NIST) standards.

It requires hardening implementations, enforcing disciplined deployment practices, auditing system interactions, and building fault-tolerant infrastructure capable of absorbing future transitions. Both speakers and panelists echoed a singular conclusion: The real challenge is not the arrival of quantum computers—but our preparedness for their inevitability.

Catch up on the full Cisco Research Quantum Resistant Security Summit 2025 on YouTube and subscribe to stay notified on future summits!