Post-Quantum Cryptography (PQC) Network Instrument: Measuring PQC Adoption Rates and Identifying Migration Pathways

TL;DR

This work introduces a novel PQC network instrument deployed at NCSA within the FABRIC testbed to quantify adoption of post-quantum cryptography across multiple network protocols. It provides real-time and historical adoption metrics for SSH, TLS, RDP, DNS, and related protocols, supported by a large Zeek-derived dataset (~13 TB) collected from a 400 Gbps border over 2023–2024, while preserving privacy by only using connection metadata. Key findings show extremely early PQC adoption limited to OpenSSH (≈$0.029\%$) and Chrome-driven TLS readiness (≈$1.78\%$, with >$99\%$ from Chrome), highlighting migration challenges and suggesting concrete pathways for HPC environments to migrate to quantum-resistant cryptography. The paper also discusses potential novel attacks, evaluates current PQC implementations (e.g., sntrup761, Kyber, SPHINCS+), and outlines actionable steps for broader, end-to-end PQC deployment and monitoring at internet scale.

Abstract

The problem of adopting quantum-resistant cryptographic network protocols or post-quantum cryptography (PQC) is critically important to democratizing quantum computing. The problem is urgent because practical quantum computers will break classical encryption in the next few decades. Past encrypted data has already been collected and can be decrypted in the near future. The main challenges of adopting post-quantum cryptography lie in algorithmic complexity and hardware/software/network implementation. The grand question of how existing cyberinfrastructure will support post-quantum cryptography remains unanswered. This paper describes: i) the design of a novel Post-Quantum Cryptography (PQC) network instrument placed at the National Center for Supercomputing Applications (NCSA) at the University of Illinois at Urbana-Champaign and a part of the FABRIC testbed; ii) the latest results on PQC adoption rate across a wide spectrum of network protocols (Secure Shell -- SSH, Transport Layer Security -- TLS, etc.); iii) the current state of PQC implementation in key scientific applications (e.g., OpenSSH or SciTokens); iv) the challenges of being quantum-resistant; and v) discussion of potential novel attacks. This is the first large-scale measurement of PQC adoption at national-scale supercomputing centers and FABRIC testbeds. Our results show that only OpenSSH and Google Chrome have successfully implemented PQC and achieved an initial adoption rate of 0.029% (6,044 out of 20,556,816) for OpenSSH connections at NCSA coming from major Internet Service Providers or Autonomous Systems (ASes) such as OARNET, GTT, Google Fiber Webpass (U.S.) and Uppsala Lans Landsting (Sweden), with an overall increasing adoption rate year-over-year for 2023-2024. Our analyses identify pathways to migrate current applications to be quantum-resistant.

Figures (6)

• Figure 1: Overview of our instrument deployed at NCSA. Our instrument has visibility into nation-scale network traffic as NCSA is a part of FABRIC testbed (A). We deployed our instrument at the NCSA's network (B) (network topology subject to change) to ingest Zeek connection metadata and parse session and application layer cipher suite information (C,D,E) -- part of C is derived from Zeek documentation and grigorik2013high. An example of PQC key exchange and the statistical results that we parsed is shown for the Secure Shell (SSH) protocol (F,G).
• Figure 2: Cross-protocol and cross-site comparison of adoption rate between SSH protocol at NCSA (our analysis) compared with publicly available TLS adoption rate at Cloudflare Thestate69:online. NCSA records an average of 0.029% (6044 out of 20,556,816 SSH connections) adoption rate for SSH, while Cloudflare recorded $\approx$ 1.78 percent adoption rate for TLS; more than 99% adoption came from Chrome Thestate69:online.
• Figure 3: A histogram of autonomous systems adopting PQC in SSH showing that top 5 ASes (OARNE, GTT, Google Fiber, Comcast, etc.) from U.S. and Uppsala Lans Landsting (Sweden) accounted for the majority of PQC in the head of the distribution. A long list of ASes is shown in the long tail.
• Figure 4: Increasing adoption rate of PQC in SSH key exchange (sntrup761x25519-sha512@openssh.com), starting from January 2023 with only 37 exchanges, up to 1,585 exchanges in April 2024.
• Figure 5: Example flow of Post-Quantum Cryptography Key Exchange Protocol implemented in OpenSSH $\geq$ 9.0 derived from SecureSh29:onlineopensshc54:online.