How DataComm is future-proofing encrypted communications with post-quantum cryptography (PQC)
Quantum computing is advancing rapidly and could, within the coming decade or two, enable attacks that break widely used public-key cryptographic algorithms like RSA and elliptic-curve cryptography (ECC). While no quantum system today can defeat modern encryption, adversaries may already be collecting encrypted data for future decryption—a risk known as “harvest now, decrypt later.”
To address this emerging threat, DataComm is proactively adopting post-quantum cryptography (PQC) in the encrypted communications we provide to you. Starting in 2026, we will implement hybrid PQC mechanisms in TLS and related protocols to ensure long-term confidentiality without disrupting current compatibility.
Why quantum computing changes the risk model
Most of today’s secure communications depend on public-key cryptography. Algorithms such as RSA and ECC are widely used for key establishment and digital signatures across the internet. NIST’s post-quantum cryptography program was created to prepare for a future where large-scale quantum computers could threaten these widely deployed schemes. [1][3]
The “harvest now, decrypt later” threat
Even if encryption cannot be broken today, an attacker can record encrypted traffic and store it. If cryptographically relevant quantum computers arrive later, that stored traffic could be retrospectively decrypted. This risk is most important for data that must remain confidential for many years, such as sensitive business communications, regulated information, contracts, and intellectual property. NIST’s migration guidance highlights this threat as a key reason to begin migrating now. [2][5]
What is post-quantum cryptography
Post-quantum cryptography (PQC) refers to cryptographic algorithms designed to remain secure against attacks from both classical and quantum computers. PQC algorithms are software-based and can be integrated into existing security protocols (such as TLS) without requiring specialized quantum hardware or quantum networks. [3]
NIST-standardized PQC and ML-KEM
NIST has finalized its first post-quantum cryptography standards, including ML-KEM for key establishment (FIPS 203). ML-KEM is a lattice-based key-encapsulation mechanism (KEM) used to establish shared secrets over a public channel—secrets that can then be used with symmetric cryptography for encryption and authentication. [1][4]
What DataComm is doing
Starting in 2026, DataComm will introduce hybrid PQC mechanisms in TLS and related protocols for encrypted communications to and from DataComm. A hybrid approach combines classical cryptography with PQC in the same handshake, providing protection even if one component is later found weaker than expected, while preserving broad interoperability during the transition.
What you should expect
- No disruption for most environments: hybrid deployment is designed to retain compatibility with modern clients and platforms.
- Long-term confidentiality improvements for traffic that must remain protected for years.
- Clear guidance for edge cases (e.g., legacy TLS stacks, restrictive cipher configurations, or middleboxes that constrain handshake sizes).
FAQ
What problem are you solving?
We’re protecting your encrypted communications against a future risk where sufficiently capable quantum computers could break widely used public-key algorithms like RSA and ECC. The “harvest now, decrypt later” risk means attackers may capture encrypted traffic today and attempt to decrypt it later. [3][5]
Is current encryption broken today?
No. Modern encryption is not broken today by quantum computers at real-world scales. DataComm’s work is a proactive step aligned with NIST’s PQC standards and migration guidance. [1][3]
What is post-quantum cryptography (PQC)?
PQC is a class of cryptographic algorithms designed to resist attacks from both classical and quantum computers. PQC is implemented in software and integrated into protocols like TLS. [3]
Which PQC algorithms are you using?
We are aligning with NIST-standardized methods, including lattice-based cryptography such as ML-KEM (FIPS 203) for key establishment. [4]
What is “hybrid PQC,” and why is DataComm using it?
Hybrid PQC combines classical and post-quantum key establishment in the same connection. It supports a safer transition by improving long-term confidentiality while minimizing compatibility disruption in the near term.
Will I need to change anything?
In most cases, no. Most modern browsers (Chrome, Firefox, Edge, etc.) already include support for post‑quantum (hybrid) key agreement in TLS, so users typically won’t need to do anything. Some older or less prevalent browsers—and certain enterprise environments with legacy TLS stacks, older proxies, strict cryptographic pinning, or middleboxes that constrain handshake sizes—may experience compatibility issues and could require updates. DataComm will provide guidance as we roll out hybrid PQC. [2]
Will this affect performance?
Hybrid PQC may modestly increase TLS handshake size and computation. We will phase the rollout and tune configurations to keep impacts minimal while improving long-term security.
Is this the same as quantum key distribution (QKD)?
No. PQC is software-based and designed for broad deployment in existing protocols. QKD typically requires specialized hardware and dedicated links. [3]
Get PQC implementation assistance
If you would like help getting PQC-ready, DataComm can assist with planning and implementation. NIST’s migration guidance emphasizes the value of creating a crypto inventory, developing a roadmap, and prioritizing adoption of NIST-standardized algorithms. [2]
- PQC readiness assessment: identify where RSA/ECC are used across applications, gateways, VPNs, and services.
- Compatibility testing: validate hybrid PQC across clients, proxies, load balancers, and inspection tools.
- Pilot rollout support: staged enablement with monitoring and rollback planning.
- Crypto-agility planning: configuration guidance that supports safe algorithm transitions over time.
To get started, contact your DataComm account team or support contact and request a “PQC migration consult.”
