Are Modern Networks Ready for Post Quantum Encryption?
Quantum computers are considered a threat to many of the present-day cryptography schemes. There has been a continued interest in building quantum hardware with increasing qubit stability and error correction. While fault-tolerant quantum computers are not here yet, the urgency lies in a harvest now, decrypt later threat model. This “harvest now, decrypt later” threat model means adversaries could record today’s encrypted traffic and decipher it once large-scale quantum machines arrive.
Modern cryptography relies on problems that are computationally hard for classical computers, such as the factoring of large prime numbers or computing discrete logarithms. However, with algorithms like Shor’s and Grover’s, quantum computers threaten to dismantle RSA, ECC, and symmetric encryption at scale.
Shor’s Algorithm: Capable of factoring large integers and solving discrete logarithms in polynomial time breaks RSA, DSA, and ECC.
Grover’s Algorithm: Provides a quadratic speedup for brute-forcing symmetric key cryptography, reducing AES-256’s effective strength to AES-128 levels.
These threats necessitate new standards : Post-Quantum Cryptography (PQC).
NIST PQC Completion and Algorithmic Families
Since 2016 NIST has run a public Post-Quantum Cryptography (PQC) standardization competition. Read this white paper to learn more about PQC competition. Candidates fell into several families: lattice-based (e.g. Kyber, Dilithium, Falcon, NTRU), code-based (Classic McEliece, HQC), multivariate (Rainbow), hash-based (SPHINCS+), and isogeny-based (SIKE). In July 2022 NIST announced its first round winners the CRYSTALS-Kyber key encapsulation mechanism (KEM) for encryption, and three signature schemes – CRYSTALS-Dilithium, FALCON, and SPHINCS+. These represent structured lattice-based solutions (Kyber, Dilithium, Falcon) and a hash-based signature (SPHINCS+). NIST published final FIPS standards (FIPS 203/204/205) for Kyber (ML-KEM), Dilithium (ML-DSA), and SPHINCS+ (SLH-DSA) in mid-2024. FALCON has been selected as the basis for FIPS 206 (FN-DSA). The draft is already published and under review, with full approval expected soon.
The EU has mirrored this: the latest EU Cybersecurity Certification (EUCC ACM v2.0) officially includes post-quantum algorithms. EUCC list now covers FrodoKEM (lattice), ML-KEM (Kyber, KEM, NIST’s pick), ML-DSA (Dilithium, signature, NIST’s pick), and SLH-DSA (SPHINCS+, hash-based signature). Read more about EUCC ACM from Keysight’s Riscure Team.
This signals that lattice-based PQC (Kyber/Dilithium) and hash-based PQC are primary, other families were evaluated but not selected in this round. (For instance, the multivariate scheme Rainbow and code-based Classic McEliece reached late rounds but were not chosen in 2022.) NIST continues with further rounds: in March 2025 it announced HQC (a code-based KEM) as a backup during the fourth round. NIST’s head cryptographer noted that ML-KEM (Kyber) is based on structured lattices, whereas HQC uses error-correcting codes.
Figure 1: PQC adoption timeline in NIST
Hybrid Key Exchange: Classical + PQC
Hybrid key exchange has also been formalized in IETF TLS Hybrid KEX drafts (code-named X-Wing or Kyber hybrids). For instance, X25519+MLKEM-768 is identified as group 0x11EC (TLS 1.3). The EUCC guidelines explicitly recommend using “hybrid cryptography” until a pure PQ KEM standard is fully ratified. This double-encryption gives the best of both worlds: if future cryptanalysis weakens Kyber, the X25519 component still protects confidentiality, and vice versa. Cloudflare explains this as a hedge or fallback strategy they deployed a hybrid of X25519+Kyber768 on production domains, noting that the inclusion of the classical X25519 protects against any unexpected breakthrough in lattice cryptanalysis.
Packet Capture of Quantum-Safe TLS Using Firefox and Cloudflare
- Firefox Version Used: 141.0 (64-bit)
- Cloudflare’s Quantum test site: pq.cloudflareresearch.com
Chrome currently does not support hybrid PQC key exchange. Google initially rolled it out in version 124 but later rolled it back due to widespread TLS handshake issues in enterprise environments.
Cloudflare deploys TLS 1.3 with hybrid key exchange using X25519+ Kyber-786, as described in RFC 9180.
In Firefox we can enable Kyber support by:
Figure 2: Enable PQC in Firefox
After enabling support, we restart the browser for the changes to take place and open this url: pq.cloudflareresearch.com in Firefox. The following tcpdump command was used to capture full TLS handshake packets.
Now open the dumped PCAP to verify the key exchange, use filter option to view client hello -ssl.handshake.type==1, we can see in the extensions key share, the key exchange that took place.
Figure 4: Client Hello TLS fragment
If we filter the server hello packet ‘ssl.handshake.type==2’, we should be able to see the same key pair as the client.
How Can We Help You?
Jumping into Post-Quantum Cryptography (PQC) without rigorous testing can do more harm than good; even major vendors are exercising caution. Chrome, for instance, rolled back its hybrid PQC support after compatibility issues disrupted TLS handshake across enterprise networks. That’s why pre-deployment validation is critical.
While PQC offers long term protection against quantum threats, it comes with tradeoffs that must be carefully considered:
Larger Key Sizes and Ciphertexts: Kyber-768 uses a 1,184-byte public key – nearly 40x larger than X25519’s 32 bytes inflating TLS handshakes by ~1.5 KB in hybrid mode. This shift will also impact current‑state networks in terms of memory, CPU, and overall performance
Ongoing Maturity: While algorithms like Kyber and Dilithium have been standardized, broader PQC implementations in protocols like TLS, SSH and VPNs are still evolving. Interoperability and performance tuning are active areas of work.
TLS Stack Fragility: Hybrid deployment may expose edge cases in TLS libraries or deep packet inspections (DPI) tools not ready for new group identifiers or expanded handshake sizes.
That’s why rigorous validation is critical before any rollout. With BreakingPoint, we can simulate real-world PQC handshakes in a controlled lab environment. In our latest release (ATI-2025-15), we’re releasing a dedicated app that emulates Firefox’s interaction with Cloudflare’s hybrid X25519 + Kyber-768 setup. This allows security teams to validate network visibility, TLS decryption and compatibility, and Validate readiness of firewalls and load balancers ahead of broader PQC adoption.
Post Quantum Cryptography (PQC) Traffic Simulation in Keysight ATI
At Keysight Technologies Application and Threat Intelligence (ATI), since we always try to deliver the hot trending application, we have published the Post Quantum Cryptography (PQC) application in ATI-2025-15 which simulates the hybrid key exchange with the Cloudflare endpoint as of July 2025.
Figure 5: Post Quantum Cryptography (PQC) using X25519 and ML-KEM-768 Jul 2025 Superflow in BPS
Leverage Subscription Service to Stay Ahead of Attacks
Keysight's Application and Threat Intelligence subscription provides daily malware and bi-weekly updates of the latest application protocols and vulnerabilities for use with Keysight test platforms. The ATI Research Centre continuously monitors threats as they appear in the wild. Customers of BreakingPoint now have access to attack campaigns for different advanced persistent threats, allowing BreakingPoint Customers to test their currently deployed security control's ability to detect or block such attacks.
Keysight offers a comprehensive portfolio to accelerate the transition to Post-Quantum. Our solutions deliver end-to-end value across the infrastructure from the network layer, with ATI-BPS and Cyperf, to the device layer, through our Device Security Solutions. Our offerings span tools, training and services, enabling organizations to navigate PQC adoption with confidence and efficiency.