Every VPN session you encrypt today using RSA or ECDH key exchange is a potential future liability. Nation-state adversaries and well-resourced attackers are collecting encrypted traffic now with the explicit intent to decrypt it once quantum computers are powerful enough — a strategy known as "harvest now, decrypt later." NIST standardised post-quantum algorithms in 2024. Xenqube deploys ML-KEM hybrid VPN infrastructure that protects your channels against both classical and quantum attack, without breaking existing compatibility.
The urgency of post-quantum migration is routinely underestimated because quantum computers capable of breaking RSA-2048 do not yet exist at scale. But the attack model does not require waiting — it only requires collecting traffic now and decrypting later.
Sophisticated adversaries — state-level actors and advanced persistent threat groups — have been collecting encrypted traffic for years. When quantum computing capability reaches sufficient scale (current estimates: 8–15 years for cryptographically relevant quantum computers), stored ciphertext encrypted with RSA or ECDH becomes decryptable. Data with a 10-year confidentiality requirement is already at risk today.
Shor's algorithm, running on a sufficiently large fault-tolerant quantum computer, can factor large integers and compute discrete logarithms in polynomial time. This breaks RSA, ECDH, and DSA — the key exchange and signature algorithms that underpin TLS, VPNs, SSH, and most secure communication protocols in current production use.
PQC migration is not a simple software update — it requires identifying every classical key exchange point in your infrastructure, selecting appropriate NIST algorithms (ML-KEM for key exchange, ML-DSA for signatures), implementing hybrid modes to maintain compatibility, and establishing new key management policies. Organizations that wait until quantum computers are operational will not have time to complete migration.
CRYSTALS-Kyber (ML-KEM, NIST FIPS 203) runs alongside classical ECDH X25519 in a dual-layer handshake. Session keys are derived by combining both outputs — the session is only compromised if both classical and post-quantum algorithms are simultaneously broken. This provides quantum resistance while maintaining backward compatibility where PQC support is not yet available on the remote end.
TLS 1.3 with ML-KEM key exchange for all inter-service communication, admin access, API endpoints, and monitoring channels. Drop-in replacement for classical TLS where supported by both endpoints. Hybrid fallback for endpoints without PQC support. Certificate infrastructure upgraded to ML-DSA signatures where certificate validity periods extend beyond quantum risk horizon.
ML-KEM key generation, storage in HSM-backed key vaults, rotation policy with configurable period, revocation infrastructure, and audit logging for all key lifecycle events. Key hierarchy design separates long-term identity keys from session keys to limit the impact of any single key compromise.
WireGuard protocol implementation extended with post-quantum key encapsulation for the initial handshake. Proven WireGuard performance characteristics maintained — sub-100ms reconnection, minimal overhead — with PQC key exchange adding less than 5% latency in benchmarks. Compatible with Linux kernel WireGuard and cross-platform clients.
Post-quantum secure channels for on-chain AI agent communication, validator infrastructure, treasury operations, and inter-service calls in Web3 protocols. Particularly relevant for operations that handle sensitive data over timescales where quantum risk is material — institutional key management, long-term smart contract state, and compliance record channels.
Full inventory of classical key exchange points in your infrastructure: VPN endpoints, TLS certificates, SSH keys, API authentication, signing infrastructure. Quantum risk rating per component based on key size, algorithm, and expected data sensitivity period. Prioritised migration roadmap with implementation timeline and compatibility constraints mapped.
Inventory of all cryptographic components in scope: VPN endpoints, TLS certificates and their validity periods, SSH key infrastructure, API signing, and any long-lived encrypted storage. Quantum risk score per component. Prioritised migration list with complexity estimates and dependency mapping.
ML-KEM + ECDH hybrid implementation on the highest-priority channels identified in Phase 1. Typically: admin VPN access, inter-service communication for sensitive data flows, and any channels handling data with a confidentiality period exceeding 5 years. Monitoring and key rotation policy deployed. Integration tested against existing infrastructure.
Remaining classical key exchange points migrated to hybrid or full PQC. Certificate infrastructure updated where certificate validity extends past quantum risk horizon. Key management policy documentation, rotation automation, and revocation infrastructure completed. Staff training on new key management procedures. Final architecture review and migration completion report.
Institutional key management, custody infrastructure, treasury operations, payment corridor encryption, and long-term transaction record channels. Regulatory frameworks (DORA, MiCA, and emerging PQC mandates) are increasingly specifying quantum-resistant cryptography requirements for regulated financial infrastructure.
Patient records with long confidentiality requirements, clinical trial data, genomic data, and research communications. Healthcare data encrypted today with classical algorithms and stored for 20+ years is a primary harvest-now-decrypt-later target given the sensitivity and longevity of the data.
National security communications, critical infrastructure control systems, and long-term classified data. Government agencies in multiple jurisdictions (NSA, CISA, ENISA) have issued mandates requiring PQC migration for government systems. Supply chain vendors to government organisations face increasing compliance pressure.
Current VPN systems use RSA and ECDH for key exchange. Shor's algorithm on a sufficiently powerful quantum computer can break both in polynomial time. Adversaries collecting encrypted traffic today ("harvest now, decrypt later") will be able to decrypt it once quantum computing reaches sufficient scale. NIST's post-quantum standards (ML-KEM, ML-DSA) provide quantum-resistant alternatives.
ML-KEM (CRYSTALS-Kyber, NIST FIPS 203) is a lattice-based key encapsulation mechanism. In a hybrid VPN, ML-KEM runs alongside classical ECDH in a dual-layer handshake — both keys are combined so the session is only compromised if both algorithms are simultaneously broken. This provides quantum resistance while maintaining compatibility with existing endpoints.
If your data has a confidentiality requirement of 10+ years, migration should begin now. NIST published final PQC standards in 2024 and major vendors are rolling out support. Organisations in financial services, healthcare, and government face increasing regulatory pressure to complete PQC migration on defined timelines.
The post-quantum layer integrates with WireGuard, OpenVPN, and IPSec as a hybrid upgrade. For new deployments we implement WireGuard with ML-KEM key exchange as the default. Cloud provider VPN integration is supported where providers offer PQC features. The hybrid mode maintains compatibility with classical-only endpoints during the transition period.
For Web3 infrastructure handling long-term sensitive data — institutional key management, validator communication, treasury operations — quantum-resistant channels provide forward secrecy against future quantum attacks. On-chain AI agent communication and admin infrastructure are the highest-priority targets for PQC channel upgrades in Web3 environments.
We deliver a cryptographic risk assessment identifying all classical key exchange in your infrastructure, hybrid ML-KEM + ECDH channel implementation, key management policy, deployment scripts, key rotation monitoring, and a migration roadmap for remaining classical cryptography. The assessment typically takes one to two weeks; channel deployment runs in parallel with existing infrastructure.
Share your infrastructure scope and data sensitivity requirements. We will assess your quantum risk exposure and propose a migration path starting with the highest-priority channels.
Start a cryptographic risk assessment Explore PQC services Explore all use cases