Post-quantum cryptography: The path to becoming quantum safe

Humanity has achieved significant advances in semiconductor technology, ushering in an era where quantum computing is becoming increasingly feasible. Quantum computers, which operate based on the principles of quantum mechanics, have the potential to solve certain complex problems much faster than traditional computers. However, despite rapid progress, building large-scale, practical quantum computers remains a challenge due to ongoing engineering and scientific hurdles.

Post-quantum cryptography (PQC) is an emerging concern for all encrypted traffic on the Internet. But why should this matter to you? Through a real-world lens we’ll explore why PQC is relevant and what you can do to stay secure.

What do quantum computers mean for the future?

Quantum computers have a wide range of applications, from healthcare to finance, and are theoretically capable of decrypting the most complex encryption used on today’s Internet. Thanks to their quantum nature, they can explore all possible solutions simultaneously and stand to revolutionize everything from drug discovery to security risks.

This means that the cryptography used in initial handshake — where Transport Layer Security (TLS) establishes a secure connection and comprises almost all of the secure internet traffic today — could be decrypted by a quantum computer in a matter of minutes or hours. This can potentially allow any bad actors to gain access to encrypted data anywhere.

To avoid this data leak several players in technology have started to incorporate PQC in real-world scenarios:

• Telecom and mobile: SK Telecom’s Galaxy Quantum2 and Verizon’s QKD trials show PQC and quantum encryption moving into mainstream networks.
• Messaging apps: Apple iMessage (PQ3) and Signal now use hybrid post‑quantum protocols to secure chats.
• Cloud and network security: AWS and Google are piloting PQC algorithms aligned with the National Institute of Standards and Technology (NIST) standards for future‑safe encryption.
• Government and defense: Defense agencies and industry alliances (e.g., PQC Alliance) are deploying PQC to protect national security and critical systems.

Post-quantum cryptography: Why does PQC matter?

While we don’t yet have fully functional quantum computers capable of decrypting Internet traffic, we should still be concerned and prepare for the future. This is due to the well-known principle: Harvest now, decrypt later (HNDL).

Any communication conducted today can be stored and in the future — once quantum computers become widely available — those stored encrypted communications could be decrypted.

Types of data stored by attackers in HNDL scenarios include highly sensitive and long-lasting information such as personal identifiers (e.g., social security numbers), financial records, government secrets, military communications, corporate intellectual property, and confidential emails. This data is especially valuable because it retains its importance and usefulness over many years, unlike more transient data like credit card numbers, which expire or change quickly. 

Where are quantum computers a real threat?

Most Internet traffic uses TLS connections, such as HTTPS. These connections are established using symmetric keys generated on both the client and server sides. To generate these symmetric keys, participants first exchange information using asymmetric encryption. This initial asymmetric exchange is where quantum computers pose the greatest threat.

Once the handshake is complete, application data is encrypted using symmetric keys. Generally, symmetric encryption is considered quantum-safe if the key length is sufficiently large (for example, AES-256 is PQC-safe, while AES-128 is not). Increasing the key size of current encryption methods can help protect application data.

However, asymmetric keys (such as RSA and ECDH) can be easily broken by quantum computers. As of today, quantum computers lack the power and stability (due to limited qubits and error rates) to break these keys, but this will likely change in the future.

TLS 1.3: How can companies become quantum-secure?

The National Institute of Standards and Technology (NIST) has released new standards (FIPS 203, 204, 205) to help companies adopt modern algorithms that are resistant to quantum attacks. These standards include lattice-based encryption algorithms, which become increasingly difficult to break as their variables grow.

These new Federal Information Processing Standard (FIPS)-approved algorithms are implemented in TLS 1.3 — but not in TLS 1.2, as it is not optimized for PQC and faces significant challenges. TLS 1.2’s encryption methods (RSA and ECDH) can be broken by quantum computers, supports weak encryption options that could be exploited, and can be forced to use less secure settings – making quantum-safe security difficult to guarantee. With this in mind, TLS1.2 is being deprecated, and all the handshake protocols are being upgraded to 1.3. 

TLS 1.3 brings several improvements:

• ~33% faster handshakes
• Stronger security
• Simplified protocols
• Support for PQC encryption algorithms
• Protection against downgrade attacks (elimination of vulnerable features)
• Reduced computational overhead

PQC-safe handshake algorithms

The PQC-safe handshakes differ from conventional TLS 1.3 handshakes in key exchange and authentication. While TLS 1.3 natively uses algorithms like Elliptic Curve Diffie–Hellman (ECDHE) for key exchange and Elliptic Curve Digital Signature Algorithm (ECDSA) for authentication, PQC-safe versions replace or—more commonly in the current transition—combine these with PQC algorithms in a “hybrid” handshake. In hybrid handshakes, both a classical ECDHE and a PQC algorithm (such as ML-KEM) are performed, ensuring security even if one method is broken. 

Some practical ways to ensure PQC-safe connections:

• Using the Chrome browser, try PQC-safe handshakes at Cloudflare PQC Demo.

We can see that the supported algorithms as of today are “X25519MLKEM768” and “X25519Kyber768Draft00” (the latter algo is planned to be obsolete) which are known to be PQC safe algorithms.

• Open Quantum Safe project on GitHub and explore implementations.
• Check to see if the currently open website is secure against quantum computing attacks (PQC safe) with PQC Sentinel.

Future-proof your network against quantum threats

Adhering to the four parameters below will also help future-proof your network against emerging quantum threats while improving current cryptographic resilience.

Four parameters to check for PQC-safety of your network:

1. The connection must use TLS 1.3.
2. Both client and server must support post-quantum hybrid key agreement.
3. The connection must successfully negotiate one of the supported hybrid key agreements, specifically:
   1. X25519MLKEM768
   2. X25519Kyber768Draft00
4. The connection should use PQC-safe symmetric encryption, such as AES-256 or higher.

Outshift and Cisco Research: Working against future quantum threats

Outshift by Cisco and Cisco Research are partnering to drive quantum innovations like Cisco’s Quantum Network Entanglement Chip and Outshift’s Quantum Random Number Generator (QRNG) to enable practical, and safe quantum computing. By equipping companies with quantum networking and security tools to meet today’s needs and future challenges, we’re advancing secure data transmission and laying the foundation for the next generation of quantum-secure networks.

Being prepared for threats and potential losses will help us navigate towards a secure future more easily. This is why we build solutions to identify and aid our customers on their post-quantum cryptography safe journey. Stay ahead of the curve and start preparing for the post-quantum era today! Reach us to learn more on Cisco Quantum.