As quantum computing rapidly advances, it presents a profound threat to the cryptographic foundations that currently secure our digital communications. This risk is particularly pronounced in the campus and branch networks that connect a vast array of today’s users, IoT and OT devices, and applications across multiple, diverse locations.
This extensive connectivity significantly expands the attack surface and increases network complexity, which makes security enforcement more challenging and heightens vulnerability to sophisticated threats, including those posed by quantum computing. Consequently, these environments require robust, quantum-resilient security measures to safeguard critical communications and data integrity.
For organizations like Cisco, ensuring the security of campus and branch networks against future quantum attacks is critical. This blog provides a gentle introduction to post-quantum cryptography (PQC), explaining why it matters and how it is shaping the future of network security.
Understanding the quantum threat
Quantum computers leverage principles of quantum mechanics, such as superposition and entanglement, to perform computations far beyond the capabilities of classical computers. While still in early stages, quantum computing is advancing rapidly and promises to solve complex problems exponentially faster, including breaking widely used cryptographic algorithms like Rivest-Shamir-Adleman (RSA), Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC) through Shor’s algorithm. This threatens the security of public-key cryptography that underpins secure communications, authentication, and key exchange in networks today.
What is post-quantum cryptography?
Post-quantum cryptography refers to cryptographic algorithms designed to be secure against both classical and quantum computing attacks. Unlike quantum key distribution (QKD), which relies on quantum mechanics to exchange keys, PQC uses new mathematical problems believed to be resistant to quantum attacks. The National Institute of Standards and Technology (NIST) finalized its first set of PQC standards in August 2024, with widespread enterprise adoption and government transition mandates beginning in 2025 and 2026.
Read more about post-quantum cryptography.
Why PQC matters for campus and branch networks
Campus and branch networks act as the backbone that connects users, devices, and applications across multiple locations—they’re critical infrastructure for today’s organizations.
Branch networks allow satellite offices such as remote bank locations to establish secure connections with headquarters. In contrast, campus networks are designed for dense environments like schools and hospitals, facilitating reliable connectivity for a high concentration of users and devices. Both types of networks comprise an array of devices, including wireless access points, switches, and routers, that all must be safeguarded to support secure communication, collaboration, and resource access for both fixed and mobile users, whether they are in offices, operational areas, or remote sites.
The security of communications across campus and branch networks relies heavily on cryptographic protocols such as Internet Protocol Security (IPsec), Transport Layer Security (TLS), and Media Access Control Security (MACsec), which protect data as it travels between endpoints. However, advances in quantum computing pose a significant threat to these traditional cryptographic methods.
As quantum computers become more powerful, they will be able to break many of the encryption algorithms currently in use, putting sensitive data and network operations at risk. One emerging threat is the harvest now, decrypt later (HNDL) attack, where encrypted data intercepted today could be stored and decrypted in the future once quantum technology matures.
Enhancing Cisco Secure Boot for quantum-resistant protection
Cisco improves secure boot to make it safe from quantum attacks by implementing quantum-safe cryptographic algorithms and hardware-anchored roots of trust. For example, Cisco devices support quantum-safe algorithms such as Lamport-Diffie-Winternitz-Merkle (LDWM) hash-based signatures (a precursor to the NIST-approved Leighton-Micali Signature) for secure bootloader validation. New quantum-safe editions of secure boot and trust anchor technologies are being developed to implement the latest NIST PQC standards.
The road ahead
As NIST standards are being operationalized, Cisco plans to integrate native NIST-approved PQC algorithms such as ML-KEM and ML-DSA into its software and hardware platforms. This transition includes updating key transport protocols like TLS, IKEv2, and SSH to support post-quantum cryptography, thereby enhancing cryptographic agility and preparing network devices and infrastructure for full PQC adoption.
Cisco advocates a structured modernization approach for campus and branch networks, beginning with a comprehensive cryptographic inventory and ultimately achieving full native NIST PQC implementation.
Learn more about PQC and Cisco Smart Switches
Additional resources:
