Practical quantum computers will eventually break today's public-key cryptography. NIST's Post-Quantum Cryptography (PQC) standards are emerging to resist these attacks. But not every environment can flip overnight to PQC across the board.
One option is post-quantum tunnels: dedicated gateways that encapsulate data inside a PQ-secured channel before forwarding it. Think VPN, but with PQ key exchange or hybrid (PQ + classical) crypto at the outer layer. Like Web Application Firewalls (WAFs), these tunnels can reduce risk quickly — but whether they are a temporary bridge or a longer-term control should be driven by your security architecture and threat model, not a one-size-fits-all timeline.
What Post-Quantum Tunnels Do
- Overlay protection: A gateway negotiates a PQ or hybrid key exchange, then wraps legacy traffic inside it
- Pros: Fast deployment, centralized key management, shields legacy systems.
- Cons: Extra latency, single point of failure, and the underlying traffic still uses legacy crypto. Digital signatures remain untouched.
When Proxied PQ Tunnels Make Sense
- Wrapping insecure or legacy endpoints that cannot be upgraded to PQC
- Mitigating "harvest-now, decrypt-later" risk for long-life data
- Government or enterprise WANs where a few gateways are easier to upgrade than thousands of apps
- Piloting PQ crypto in production without modifying existing systems.
When Direct PQ Algorithms Are Essential
- Mission-critical applications/crown-jewel data: upgrade at the source where compromise risk is unacceptable
- End-to-end security: if compromised proxies are in your threat model, prioritize PQ algorithms at the endpoints
- Latency-sensitive workloads: double encryption and routing may not work for SCADA, HFT, etc.
- Digital signatures: proxies can't "upgrade" signatures for software updates, documents or non-repudiation — swap RSA/ECDSA for PQ signature schemes at the endpoint
- Long-term simplicity: running legacy crypto inside a PQ wrapper adds operational complexity; direct PQ adoption is cleaner and future-proof.
A Practical Roadmap
- Identify choke points where traffic enters/exits.
- Deploy PQ tunnels there where appropriate to shield recorded traffic now.
- For crown-jewel systems, begin replacing digital signatures and crypto at the endpoints directly.
- Prioritize high-value or long-life data for early PQ adoption.
- Gradually upgrade other endpoints to PQ protocols as vendor support matures.
- Phase out tunnels where possible as systems become PQ-native — treat them as a supplement, not an automatic substitute.
The Bottom Line
Post-quantum tunnels aren't always just a "temporary bridge." In some cases, they're the only realistic option for hard-to-migrate systems; in others they're too weak a control for critical workloads. Use them where they fit your threat model and architecture — but keep the end goal in sight: a network where both encryption and signatures are post-quantum directly at the endpoints.