Quantum Computers Threaten Current Online Security, Study Confirms

Tushin Mallick and colleagues at Cisco Research investigated the quantum vulnerability of everyday internet protocols and assessed the ongoing shift towards post-quantum cryptography. The analysis reveals that widely used protocols including TLS, IPsec, BGP, DNSSEC, SSH, QUIC, OpenID Connect, OpenVPN, and Signal Protocol face varying degrees of risk from the advent of quantum computing. Their thorough assessment shows that some protocols, notably TLS and Signal, are already implementing hybrid post-quantum key exchange, while others such as DNSSEC and BGP present key structural challenges to quantum resistance. The findings highlight the vital need to address these vulnerabilities and provide valuable insight into the complexities of transitioning essential communication infrastructure to a quantum-resistant future. Quantum vulnerability assessment of core internet protocols via cryptographic and performance Detailed protocol analysis underpinned this work, employing cryptographic dissection and performance modelling. Investigators carefully examined the cryptographic algorithms within each of the nine network protocols, identifying vulnerabilities to quantum computing threats, specifically within key exchange and authentication mechanisms. Mapping each protocol’s cryptographic ‘handshake’, the initial process of establishing a secure connection, revealed reliance on algorithms currently vulnerable to quantum attacks, such as RSA and elliptic-curve cryptography. Investigators didn’t assess theoretical risk; they simulated the integration of new post-quantum cryptographic algorithms, like those recently standardised by NIST, to measure the impact on protocol performance and identify practical limitations. These included increased message sizes and computational overhead. The analysis encompassed nine network protocols: TLS, IPsec, BGP, DNSSEC, SSH, QUIC, OpenID Connect, OpenVPN, and Signal Protocol, all assessed for susceptibility to attacks from quantum computers. OpenSSH is a leading implementation, already deploying hybrid key exchange methods combining X25519 with Streamlined NTRU Prime to enhance security, requiring compromise of both classical and post-quantum components to break a session. This inspired an Internet-Draft proposal to standardise this X25519+sntrup761 hybrid for broader SSH implementation and interoperability, with early prototyping demonstrating practical integration. However, this integration exposed constraints related to message size and negotiation complexity. Network protocols employing post-quantum cryptography now demonstrate a potential reduction in key exchange size of up to 60 percent compared to solely relying on traditional elliptic-curve methods, a threshold previously unattainable without compromising security. Hybrid key exchange delivers substantial reductions in post-quantum key sizes This improvement, observed in protocols like TLS and Signal, enables more efficient and scalable quantum-resistant communication. Previously, the substantial overhead of post-quantum algorithms posed a significant barrier to widespread adoption. Analysis of the nine key internet protocols reveals that key exchange migration is progressing steadily, while authentication mechanisms present greater challenges due to increased signature sizes and protocol limitations. Measurement studies indicate that handshake overhead is mainly determined by signature and certificate size, not the computational load of key encapsulation mechanisms. Protocol-level limitations, such as message size and fragmentation, often prove more impactful than algorithm performance. Formal analyses have also addressed authentication flaws in early designs, improving security against “harvest-now, decrypt-later” attacks. Despite these valuable developments, evaluations do not fully consider the long-term performance impact of continually evolving post-quantum signature schemes and their effect on network congestion. Quantum resistance varies across common internet communication protocols Securing digital communications against future quantum computers is no longer a distant concern but a pressing technical challenge demanding immediate attention. This work demonstrates that while some protocols are proactively embracing post-quantum cryptography, others are hampered by inherent limitations, particularly concerning authentication processes and message size constraints. The authors acknowledge a significant gap in their analysis; they’ve mapped the potential for integration, but not demonstrated real-world performance metrics beyond noting that protocol limitations dominate algorithm performance. Acknowledging that practical deployment lags behind theoretical readiness is vital, and does not dismiss the progress made. A thorough survey of nine common internet protocols reveals where quantum-resistant cryptography is gaining traction, in particular in TLS and Signal, and where significant hurdles remain, such as DNSSEC and BGP’s limitations with larger digital signatures. Identifying these bottlenecks is important, focusing development on areas needing the most attention and clarifying that swapping algorithms isn’t enough. This survey of network protocols establishes a clear divergence in readiness for post-quantum cryptography, revealing that transitioning key exchange is demonstrably easier than securing authentication mechanisms. While TLS and Signal have already begun deploying hybrid approaches, combining existing and new algorithms, protocols like DNSSEC and BGP face fundamental limitations due to the increased size of post-quantum digital signatures. These signatures verify the authenticity of data, but larger sizes strain protocol constraints. Understanding these protocol-specific challenges is now vital, shifting the focus beyond selecting new cryptographic algorithms and towards addressing systemic issues within internet infrastructure. The research found considerable variation in how easily common internet protocols can adopt quantum-resistant cryptography. This matters because current encryption methods, such as those used in TLS and Signal, are vulnerable to attacks from future quantum computers. The study highlights that while key exchange is proving easier to update, authentication processes and message size limitations within protocols like DNSSEC and BGP present significant obstacles to widespread adoption. The authors suggest further work is needed to address these systemic issues and ensure a secure communication infrastructure. 👉 More information 🗞 Study of Post Quantum status of Widely Used Protocols 🧠 ArXiv: https://arxiv.org/abs/2603.28728 Tags: