Post-Quantum Cryptography (PQC) Network Instrument: Measuring PQC Adoption Rates and Identifying Migration Pathways
ABSTRACT Measuring the progress of quantum-resistant cryptography adoption at both the organization scale (internal) and the Internet scale (public) is critical to improving cyberinfrastructure resiliency and raising public's awareness of this issue. The problem of adopting quantum-resistant cryptographic network protocols or post-quantum cryptography (PQC) is critically important to democratizing quantum computing. The problem is urgent because practical quantum computers will break classical encryption in a near future. NIST also has set an official deadline for transitioning away from legacy algorithms such as RSA and ECDSA by 2030. The main challenges of adopting post-quantum cryptography lie in algorithmic complexity and hardware/software/network implementation. The grand question of how existing cyberinfrastructure will support post-quantum cryptography remains unanswered. This paper describes: i) the design of a novel Post-Quantum Cryptography (PQC) network instrument placed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign and a part of the FABRIC testbed; ii) the latest results on PQC adoption rate across a wide spectrum of network protocols (Secure Shell -- SSH, Transport Layer Security -- TLS, etc.); iii) the current state of PQC implementation in key scientific applications (e.g., OpenSSH or SciTokens); iv) the challenges of being quantum-resistant; and v) discussion of potential novel attacks. This is the first large-scale measurement of PQC adoption on open scientific networks at national-scale supercomputing centers and FABRIC testbeds. Our results show that only OpenSSH and Google Chrome have successfully implemented PQC and achieved an initial adoption rate of 0.029% (6,044 out of 20,556,816) for OpenSSH connections at NCSA coming from major Internet Service Providers or Autonomous Systems (ASes) such as OARNET, GTT, Google Fiber Webpass (U.S.) and Uppsala Lans Landsting (Sweden), with an overall increasing adoption rate year-over-year for 2023-2024. Our analyses identify pathways to migrate current applications to be quantum-resistant. |
|
![]() |
Phuong Cao is a cybersecurity researcher at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign. His work focuses on securing high-performance computing (HPC) cyberinfrastructure against accidental failures and intentional cyberattacks. His research is driven by network traffic analysis, cyberattack detection using probabilistic models, and formal verification of authentication protocols. As a National Science Foundation Trusted CI Fellow, he provides security expertise to research and education partners, including the FABRIC testbed. He has received awards for his research and mentorship, including a Best Paper Award, a Best Hackathon Award, and recognition as an Outstanding Mentor for Fiddler Innovation Fellowship recipients. |