Quantum-Safe Encryption

Quantum computing is advancing faster than most organizations are prepared for. Most public-key encryption in use today, i.e., the technology securing enterprise networks, VPNs, and data center interconnects will be rendered obsolete once a cryptographically relevant quantum computer (CRQC) becomes viable. The threat is not only future: adversaries are actively collecting encrypted network traffic today, storing it for decryption once quantum computers are widely available.

For communications service providers, this creates both an urgent security imperative and a new revenue opportunity. RAD’s carrier edge platforms are built with quantum-safe encryption in mind, providing a crypto-agile, hardware-accelerated solution that protects networks today and through the post-quantum transition.

What is Quantum-Safe Encryption?

Quantum-safe encryption, also called post-quantum encryption or quantum-resistant encryption, refers to cryptographic methods that remain secure against attacks by quantum computers. Not all encryption is equally at risk. The distinction lies between two fundamentally different types of cryptography:

• Asymmetric (public-key) cryptography: Algorithms such as RSA, Diffie-Hellman (DH), and Elliptic Curve Cryptography (ECC, which secures data using mathematical properties of curves) are used for key exchange, authentication, and digital signatures across VPNs, TLS, IPsec, and MACsec. These are directly threatened by quantum computers, which could break RSA-2048 or ECC in hours using an algorithm called Shor’s algorithm.
• Symmetric cryptography: Algorithms such as AES-256-GCM are  considered quantum-resistant. AES-256-GCM is the encryption standard at the heart of MACsec, the Layer-2 encryption protocol used in high-performance network environments. AES-256-GCM is also widely used in other cryptography protocols, such as IPsec, TLS and SSH.

Quantum-safe encryption focuses on replacing or augmenting the vulnerable asymmetric layer specifically the key exchange and authentication mechanisms — while retaining the proven performance of AES-256 for bulk encryption. A crypto-agile approach enables networks to support both classical and quantum-safe algorithms simultaneously, ensuring continuity throughout the multi-year transition to post-quantum security.

It’s important to note that while 128-bit keys are currently considered strong and are recommended for AES-GCM, 256-bit keys are advised for the quantum era.

What is “Harvest Now, Decrypt Later”?

“Harvest Now, Decrypt Later” (HNDL) is an attack strategy in which adversaries intercept and store encrypted network traffic today, with the intention of decrypting it once a sufficiently powerful quantum computer becomes available. It is not a future threat — it is happening now.

For organizations transmitting long-lived sensitive data such as AI model weights, financial records, regulated personal data, classified communications, or intellectual property — the window of exposure is already open. If that data is transmitted today using RSA or ECC-based protocols, it may be decryptable within a decade or less. Industries with strict data retention requirements face compounded risk: data that must be protected for 10 or 20 years must be quantum-safe from the moment it is transmitted.

Telecommunications networks are a particularly high-value target for HNDL attacks. A single intercept point on a carrier backbone or data center interconnect (DCI) link can capture enormous volumes of enterprise traffic. Communications service providers that can offer quantum-safe encryption as part of their service delivery, and demonstrate it to enterprise customers, hold a significant competitive and compliance advantage.

What is Post-Quantum Cryptography (PQC)?

Post-Quantum Cryptography (PQC) refers to cryptographic algorithms designed to be secure against attacks by quantum computers. Unlike current public-key algorithms, whose security rests on the difficulty of factoring large numbers or solving discrete logarithmic problems, PQC algorithms are based on mathematical problems that remain hard for both classical and quantum computers.

In 2024, NIST finalized the first set of post-quantum cryptographic standards:

• ML-KEM (CRYSTALS-Kyber): used for key exchange (replacing DH/ECDH)
• ML-DSA (CRYSTALS-Dilithium): used for digital signatures (replacing RSA/ECDSA)
• SLH-DSA (SPHINCS+): digital signatures, alternative design
• FN-DSA (Falcon): digital signatures, standardization in progress

NIST is also developing a digital signature standard that is derived from Falcon as an additional alternative to these standards.

Unlike RSA and ECC, which rely on mathematical problems a quantum computer can solve efficiently, these algorithms are based on problems that are believed to remain hard even for quantum computers. They are now being incorporated into protocols such as TLS, IPsec, and 5G.

A hybrid approach combines a classical algorithm (such as ECDH) with a PQC algorithm (such as ML-KEM) for key exchange. This protects against both classical and quantum attackers during the transition period, and is the approach adopted by RAD and endorsed by NIST and major standards bodies for near-term deployments.

What is Quantum Key Distribution (QKD) and How Does It Compare to PQC?

Quantum Key Distribution (QKD) is a mechanism for distributing encryption keys using the principles of quantum physics. In physical QKD, photons are transmitted over a dedicated optical fiber link between two endpoints; the quantum properties of individual photons make eavesdropping detectable, providing information-theoretic security guarantees.

Physical QKD is well suited to specific deployment scenarios: high-security, point-to-point links between physically proximate sites where dedicated fiber is available. Its characteristics are worth understanding when evaluating which approach fits a given environment:

• Operates over a dedicated point-to-point photonic link, making it best suited to fixed, short-haul connections
• Range is currently limited by fiber distance, making it most practical for metro-area or campus deployments
• Requires specialized optical hardware at each endpoint
• Does not yet scale to replace cryptography across large, multi-site network infrastructure

RAD also supports Digital QKD — a software-defined approach that achieves the key distribution security properties of QKD without requiring a direct physical photonic link between peers. Digital QKD operates at higher key generation rates, is independent of distance, and uses a symmetric key orchestrator to securely deliver key material to network devices. This makes it practical for carrier-scale deployments across geographically distributed sites.

PQC vs. QKD: Key Differences at a Glance

PQC is the primary, standards-aligned migration path recommended by NIST, NSA, and ETSI. QKD and Digital QKD serve as complementary layers for environments requiring the highest levels of assurance. RAD’s crypto-agile platform supports all three — PQC, Physical QKD, and Digital QKD — as well as their combination in hybrid key exchange modes, giving operators full flexibility without vendor lock-in.
https://2jnr7.share.hsforms.com/27j68mrwESDeOp4Bk4TE3Zw
 

Why Does Hardware Acceleration Matter for Quantum-Safe Encryption?

At high network speeds, software-only post-quantum cryptography creates a performance bottleneck. PQC algorithms such as ML-KEM involve significantly larger key sizes and more complex computation than classical algorithms such as ECDH. At 400G line rate, software implementations cannot execute quantum-safe key exchange fast enough to keep pace with the data plane without introducing latency and jitter.

RAD’s ETX-2i-400G is designed to address this with a hardware-assisted architecture:

• ASIC/FPGA-based engines are designed to perform quantum-safe key exchange and AES-256-GCM bulk encryption at full 400G line rate
• Software manages session lifecycle, key material handling, and orchestration — tasks that do not sit in the data path
• The result is quantum-safe MACsec at 400G designed for no compromise on latency, jitter, or throughput

This hardware-software split preserves the SLA-grade performance assurance that carrier Ethernet customers require, while delivering the crypto-agility needed to navigate the transition to post-quantum security. It is a fundamentally different design from software updates applied to general-purpose hardware.

Who Needs Quantum-Safe Encryption and When?

The urgency of migration to quantum-safe encryption varies by industry, data sensitivity, and regulatory environment, but the window for early action is narrowing across all sectors.

Industries with the most immediate exposure include:

• Government and defense: For U.S. National Security Systems, NSA’s CNSA 2.0 guidance sets an aggressive post-quantum transition direction, with early emphasis on software/firmware signing and phased adoption of quantum-resistant public-key algorithms over the coming years.
• Financial services: Transaction data, customer records, and AI model weights for fraud detection are long-lived, regulated, and high-value targets for HNDL attacks.
• Critical infrastructure: Power utilities, transportation networks, and industrial control systems operate with decade-long infrastructure lifespans, making quantum resilience a planning imperative today.
• Telecommunications: CSPs carry traffic from all the above sectors. Their ability to offer quantum-safe services is both a compliance requirement and a competitive differentiator.

Regulatory momentum is accelerating. NIST finalized its first PQC standards in 2024. ETSI, 3GPP, and the IETF are actively working on updates and migration mechanisms for protocols such as TLS, IKEv2, and 5G to support post-quantum cryptography, with some items still in draft or study stages. The migration from classical to quantum-safe cryptography will take years, and so organizations that begin now avoid the cost and risk of rushed compliance under regulatory pressure.

What is RAD’s Quantum-Safe Encryption Solution?

RAD’s quantum-safe encryption solution is built into its Carrier Ethernet demarcation and aggregation devices, such as the ETX-2i-400G, which was engineered from the ASIC up for line-rate quantum-safe Data Center Interconnect and carrier edge connectivity. It is built to deliver hardware-accelerated, crypto-agile quantum-safe MACsec at full 400G with no latency trade-off.

The ETX-2i-400G’s quantum-safe security framework combines these complementary layers:

• Quantum Key Distribution (QKD): The platform integrates with QKD servers over photonic links, enabling environments that require quantum-generated key material to operate within the same unified security framework. RAD’s platform communicates with the QKD server with a standard ETSI GS QKD 01 interface.
• Post-Quantum Cryptography (PQC): NIST-standardized PQC algorithms, including ML-KEM, will also be supported for key encapsulation, replacing vulnerable Diffie-Hellman-based key exchange at the hardware level.
• Hybrid key exchange: Classical and quantum-safe mechanisms are combined in hybrid modes, ensuring interoperability and security continuity throughout the post-quantum migration. No single algorithm failure can compromise the session.

All key exchange feeds into AES-256-GCM MACsec encryption at full 400G line rate, implemented in hardware via RAD’s custom ASIC/FPGA. This protects data in transit across DCI links, site-to-site VPNs, and cloud on-ramps without processing overhead.

The platform will also support IPsec for SASE environments and remote GPU access, and integrates Zero Touch Provisioning (ZTP) and NETCONF/YANG-based management for automated, at-scale deployment. The ETX-2i-100G extends the same crypto-agile architecture to 100G deployments.

RAD’s Quantum-Safe Partner Ecosystem

RAD’s quantum-safe security framework is built for interoperability, not lock-in. RAD has validated integration with two specialized quantum-security partners:

Arqit (Nasdaq: ARQQ) — RAD and Arqit announced their collaboration in March 2026, integrating Arqit’s NetworkSecure™ quantum-safe key generation technology with RAD’s ETX Carrier Edge platform. NetworkSecure™ uses a hybrid PQC approach, including ML-KEM (CRYSTALS-Kyber), to generate and distribute symmetric key material to network devices via a secure orchestrator, without requiring a physical photonic link. This enables quantum-safe encryption to scale across geographically distributed sites and multi-domain carrier networks.

Heqa-Sec — RAD has also validated interoperability with Heqa-Sec for physical QKD and hybrid key-exchange deployments, providing customers with choice across the full spectrum of quantum-safe key distribution approaches.

The result is a quantum-safe ecosystem in which CSPs and enterprises can choose the key distribution mechanism best suited to their security posture, infrastructure, and regulatory requirements, while relying on a single, carrier-grade encryption platform.

How Can CSPs Monetize Quantum-Safe Connectivity?

Quantum-safe encryption is not only a security upgrade, but a service differentiation opportunity for communications service providers. Enterprises increasingly expect the connectivity they purchase to defend against both current and emerging threats, and regulators are beginning to mandate it. CSPs that embed quantum-safe capability into their service delivery create a premium tier that commands higher margins and longer contract commitments.

RAD’s ETX-2i-400G enables CSPs to offer quantum-safe services as a standard, repeatable Network-as-a-Service (NaaS) offering:

• Quantum-safe DCI: High-capacity, SLA-backed 100G or 400G Data Center Interconnect with integrated quantum-safe MACsec, protecting AI model weights, training datasets, and financial data in transit between enterprise data centers.
• Quantum-safe site-to-site and site-to-cloud VPN: Mplify-compliant EVC services with end-to-end quantum-safe encryption, extending to cloud on-ramps and GPU training environments such as Microsoft Azure.
• Encrypted NaaS for AI: A scalable, standardized service model combining Carrier Ethernet performance assurance with quantum-safe security — naturally extending across multiple enterprise sites and AI-intensive use cases.

The commercial opportunity is validated by market traction. RAD has been selected as the design partner for AI-era network infrastructure by a multi-national tier-1 telco, with quantum-safe DCI as the first service to be deployed. RAD’s quantum-safe 400G DCI solution was demonstrated live at Mplify’s GNE 2026 Europe event in June 2026.

How is RAD Shaping Quantum-Safe Encryption Standards?

RAD is an active contributor to the standards bodies defining quantum-safe connectivity for carrier networks. Within Mplify (formerly MEF), RAD participates in the Commercial and Business Committee (CBC) and contributes directly to the Quantum-Secure Connectivity Service Product Attributes project — the industry effort to define what quantum-safe Carrier Ethernet services should look like from a service definition, performance, and interoperability perspective.

The ETX-2i-400G is built in alignment with Mplify’s Carrier Ethernet for AI program and its MEF 3.0 service constructs (E-Line, E-LAN, Access E-Line), directly supporting the program’s DC-to-DC, edge-to-data-center, and subscriber-to-AI-edge scenarios.

On the encryption standards side, RAD supports:

• IEEE 802.1AE (MACsec): for Layer-2 line-rate encryption
• NIST FIPS 203/204/205: ML-KEM, ML-DSA, SLH-DSA for post-quantum key exchange and signatures
• IPsec/IKEv2: for SASE and remote GPU access scenarios

As IETF updates TLS, IKEv2, and X.509 to incorporate NIST PQC algorithms, and as 3GPP standardizes quantum-resistant cryptography for 5G and 6G, RAD’s crypto-agile architecture ensures its platforms can adopt new algorithms through software updates without hardware replacement.