Study of Post Quantum status of Widely Used Protocols

TL;DR

This survey analyzes the quantum vulnerabilities of nine widely used protocols, assessing their cryptographic foundations, migration status, and structural challenges in adopting post-quantum cryptography.

Contribution

It provides a comprehensive examination of the quantum risks and current progress in integrating post-quantum cryptography into major protocols.

Findings

TLS and Signal have hybrid post-quantum key exchange deployed at scale.

IPsec and SSH have standardized mechanisms but lack widespread adoption.

DNSSEC and BGP face structural barriers due to signature size constraints.

Abstract

The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to understand their quantum vulnerability and assess the progress made towards integrating post-quantum cryptography (PQC). This survey provides a detailed examination of nine widely deployed protocols - TLS, IPsec, BGP, DNSSEC, SSH, QUIC, OpenID Connect, OpenVPN, and Signal Protocol - analysing their cryptographic foundations, quantum risks, and the current state of PQC migration. We find that TLS and Signal lead the transition with hybrid post-quantum key exchange already deployed at scale, while IPsec and SSH have standardised mechanisms but lack widespread production adoption. DNSSEC and BGP face the most significant structural barriers, as post-quantum signature sizes conflict with fundamental protocol constraints. Across all protocols, key exchange proves consistently easier to migrate than authentication, and protocol-level limitations such as message size and fragmentation often dominate over raw algorithm performance. We also discuss experimental deployments and emerging standards that are shaping the path towards a quantum-resistant communication infrastructure.