The ISC International Journal of Information Security

Recent Trends in Post-Quantum Cryptography Integration and Performance in the Internet Security Stack

Articles in Press

Document Type : Review Article

Authors

Togu Novriansyah Turnip 1
Birger Andersen 1
Cesar Vargas-Rosales 2

1 Department of Engineering Technology, Technical University of Denmark, Denmark

2 Tecnologico de Monterrey, School of Engineering and Science, Monterrey, Mexico

10.22042/isecure.2026.241265
Abstract
The rapid advancement of quantum computing poses a direct threat to classical public-key cryptographic systems at the core of Internet security protocols. Post-quantum cryptography (PQC) has therefore become central to ongoing standardisation and early deployment efforts. This paper presents a comparative analysis of PQC integration into TLS, SSH, and IPsec, examining cross-cutting challenges, protocol-specific trade-offs, and deployment considerations. Our findings show that PQC adoption introduces markedly uneven overheads across protocols: handshake latency may increase by up to 600% in TLS, by 29% in SSH, and by up to 300% in IPsec, while memory requirements in hybrid configurations can exceed 300 KB in resource-constrained environments. We further demonstrate that message fragmentation, certificate chain expansion, and cumulative rekeying costs emerge as protocol-dependent bottlenecks, underscoring that migration strategies must be tailored to the architecture and operational context of each protocol. Beyond performance, we identify interoperability gaps, downgrade vulnerabilities, and side-channel risks as critical obstacles to secure deployment. By combining empirical performance evidence with a structured review of challenges and deployment strategies, our study provides actionable insights for practitioners, informs ongoing standards development, and highlights research priorities essential to building a resilient, quantum-resistant Internet infrastructure. 

Keywords

Internet Security
IPSec
Post-Quantum Cryptography
SSH
TLS
[1] D. Sikeridis, P. Kampanakis, and M. Devetsikiotis. Assessing the overhead of post-quantum cryptography in TLS 1.3 and SSH. Proceedings of the 16th International Conference on Emerging Networking EXperiments and Technologies (CoNEXT), pages 149–156, 2020.
[2] A. Pazienza, E. Lella, P. Noviello, and F. Vitulano. Analysis of network-level key exchange protocols in the post-quantum era. 2022 IEEE 15th Workshop on Low Temperature Electronics (WOLTE), pages 1–4, 2022.
[3] NV. Nethen, A. Wiesmaier, N. Alnahawi, and J. Henrich. PMMP - PQC migration management process. arXiv, 2023.
[4] E. Crockett, C. Paquin, and D. Stebila. Prototyping post-quantum and hybrid key exchange and authentication in TLS and SSH. IACR Cryptol. ePrint Arch., 2019.
[5] L. Chen et al. NISTIR 8105: Report on postquantum cryptography. Technical report, NIST, 2016.
[6] Douglas Stebila and Michele Mosca. Postquantum key exchange for the internet and the open quantum safe project. In Roberto Avanzi and Howard Heys, editors, Selected Areas in Cryptography (SAC) 2016, volume 10532 of Lecture Notes in Computer Science, pages 1–24. Springer.
[7] Y. Baseri, V. Chouhan, and A. Hafid. Navigating quantum security risks in networked environments: A comprehensive study of quantum-safe network protocols. Computers & Security, 2024.
[8] J. Illiano, M. Caleffi, A. Manzalini, and AS. Cacciapuoti. Quantum internet protocol stack: A comprehensive survey. Computer Networks, Elsevier BV, 213, 2022.
[9] Y. Li, H. Zhang, C. Zhang, T. Huang, and F.R. Yu. A survey of quantum internet protocols from a layered perspective. IEEE Communications Surveys & Tutorials, 2024.
[10] A. Kumar and S. Garhwal. State-of-the-art survey of quantum cryptography. Arch. Comput. Methods Eng., 2021.
[11] S. Subramani, S. M, K. A, and S.K. Svn. Review of security methods based on classical cryptography and quantum cryptography. J. Inf. Technol., 2023.
[12] M. Mehic, M. Ferrer, N.A. Malik, et al. Quantum cryptography in 5G networks: A comprehensive overview. IEEE Commun. Surv. Tutor., 2023.
[13] T.M. Fern´andez-Caram´es. From pre-quantum to post-quantum IoT security: A survey on quantum-resistant cryptosystems for the internet of things. IEEE Internet of Things Journal, 7(7):6457–6480, 2020.
[14] H. Nejatollahi, N. Dutt, S. Ray, et al. Postquantum lattice-based cryptography implementations: a survey. ACM Comput. Surv. (CSUR), 51(6):1–41, 2019.
[15] M. Durr-E-Shahwar, M.A. Imran, A.B. Altamimi, et al. Quantum cryptography for future networks security: A systematic review. IEEE Access, 12:24863–24890, 2024.
[16] D.T. Dam, T.H. Tran, V.P. Hoang, et al. A survey of post-quantum cryptography: Start of a new race. Cryptography, 7(3):40, 2023.
[17] N. Alnahawi, J. Mu¨ller, J. Oupicky´, and A. Wiesmaier. A comprehensive survey on post-quantum TLS. 2024.
[18] K. Dekkaki, I. Tasi´c, and M. Cano. Exploring post-quantum cryptography: Review and directions for the transition process. Technologies, 12(12):241, 2024.
[19] Togu Novriansyah Turnip, Birger Andersen, and Cesar Vargas-Rosales. Towards 6g authentication and key agreement protocol: A survey on hybrid post quantum cryptography. IEEE Communications Surveys and Tutorials, 2025.
[20] Maryam Abbasi, Filipe Cardoso, Paulo Va´z, Jos´e Silva, and Pedro Martins. A practical performance benchmark of post-quantum cryptography across heterogeneous computing environments. Cryptography, 9(2), 2025.
[21] S. Paul and P. Scheible. Towards post-quantum security for cyber-physical systems: Integrating PQC into Industrial M2M communication, 2020. IACR Cryptol. ePrint Arch.
[22] K.A. Shim. A survey on post-quantum public-key signature schemes for secure vehicular communications. IEEE Transactions on Intelligent Transportation Systems, 23(9):14025–14042, 2022.
[23] S. Paul, F. Schick, and J. Seedorf. TPM-Based post-quantum cryptography: A case study on quantum-resistant and mutually authenticated TLS for IoT environments. Proceedings of the 16th International Conference on Availability, Reliability and Security, pages 1–10, 2021.
[24] W. Barker, W. Polk, and M. Souppaya. Getting ready for post-quantum cryptography: Explore challenges associated with adopting and using post-quantum cryptographic algorithms. NIST, 2021.
[25] J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: a ring-based public key cryptosystem. page 267–288, 1998.
[26] J. Bos et al. Crystals-Kyber: a CCA-secure module-lattice-based KEM. page 353–367, 2018.
[27] R. J. McEliece. A public-key cryptosystem based on algebraic coding theory. Deep Space Network Progress Report, page 42–44, 1978.
[28] D. Jao and L. de Feo. Towards quantum-resistant cryptosystems from supersingular elliptic curve isogenies. In B.-Y. Yang, editor, Post-Quantum Cryptography, Proc. 4th International Workshop, page 19–34. Springer, 2011.
[29] T. Matsumoto and H. Imai. Public quadratic polynomial-tuples for efficient signatureverification and message-encryption. In C. G. Gu¨nther, editor, Advances in Cryptology, Proc. Workshop on the Theory and Application of Cryptographic Techniques (EUROCRYPT’88), page 419–453. Springer.
[30] M.J. Kannwischer, A. Genˆet, D. Butin, J. Kra¨mer, and J. Buchmann. Differential power analysis of XMSS and SPHINCS. pages 168–188, 2018.
[31] SPHINCS+ Homepage. Post-quantum cryptography:SPHINCS+, 2024. Last accessed 23 Aug 2024.
[32] NIST. NIST homepage: Post-quantum cryptography, 2024.
[33] F. Opilka, M. Niemiec, M. Gagliardi, and M.A. Kourtis. Performance analysis of post-quantum cryptography algorithms for digital signature. Applied Sciences, 14(12):4994, 2024. [34] D. Bernstein and T. Lange. Post-quantum cryptography, 2017.
[35] W. Beullens et al. Post-quantum cryptography: current state and quantum mitigation, 2021.
[36] NIST. Federal information processing standards (FIPS) Documents: NIST.FIPS.203, NIST.FIPS.204, NIST.FIPS.205, 2024. Last accessed 23 Aug 2024.
[37] K. Bu¨rstinghaus-Steinbach, C. Krauß, R. Niederhagen, and M. Schneider. Post-quantum TLS on embedded systems: integrating and evaluating Kyber and SPHINCS+ with mbed TLS. page 91–96, 2020.
[38] D. Sikeridis, P. Kampanakis, and M. Devetsikiotis. Post-quantum authentication in TLS 1.3: A performance study. 2020.
[39] J. Henrich, A. Heinemann, A. Wiesmaier, and N. Schmitt. Performance impact of PQC KEMs on TLS 1.3 under varying network characteristics. Lecture Notes in Computer Science, 13969:230–249, 2023.
[40] D. Marchsreiter and J. Sepu´lveda. Hybrid postquantum enhanced TLS 1.3 on embedded devices. page 643–650, 2022.
[41] J. Bae, Y. Kim, S. Lee, S. Park, D. Kim, and S. Hong. A performance evaluation of IPsec with post-quantum cryptography. page 210–228, 2023.
[42] G. Alagic et al. Status report on the second round of the NIST post-quantum cryptography standardization process. 2020.
[43] N. Bindel et al. Hybrid key encapsulation mechanisms and authentication protocols for post-quantum cryptography. Cryptology ePrint Archive, 2021.
[44] C. Paquin, D. Stebila, and G. Tamvada. Benchmarking post-quantum cryptography in TLS, 2020. Microsoft Research & University of Waterloo.
[45] Z. Liu, T. P¨oppelmann, T. Oder, H. Seo, S. S. Roy, T. Gu¨neysu, et al. High-performance ideal lattice-based cryptography on 8-Bit AVR Microcontrollers. ACM Transactions on Embedded Computing Systems, 16(4):Article 117, 2017.
[46] S. Paul, Y. Kuzovkova, N. Lahr, and R. Niederhagen. Mixed certificate chains for the transition to post-quantum authentication in TLS 1.3. page 1109–1126, 2022.
[47] C. J. Tjhai, M. Tomlinson, G. Bartlett, S. Fluhrer, D. Van Geest, and O. GarciaMorchon. Rfc 9370: Multiple key exchanges in the internet key exchange protocol version 2 (IKEv2), 2023.
[48] V. Smyslov. Use of hybrid post-quantum key exchange in internet protocols. Journal of Network and Systems Management, 32(1):15–28, 2024.
[49] I. Tzinos, K. Limniotis, and N. Kolokotronis. Evaluating the performance of post-quantum secure algorithms in the TLS protocol. Journal of Surveillance, Security and Safety, 3(2):54–67, 2022.
[50] A. A. Giron, J. P. A. do Nascimento, R. Custo´dio, L. P. Perin, and V. Mateu. Post-quantum hybrid KEMTLS performance in simulated and real network environments. Lecture Notes in Computer Science, 13963:229–246, 2023.
[51] E. Alkim, L. Ducas, T. P¨oppelmann, and P. Schwabe. Post-quantum key exchange - a new hope, 2015. Cryptology ePrint Archive, Report 2015/1092.
[52] M. Sosnowski, F. Wiedner, E. Hauser, L. Steger, D. Schoinianakis, S. Gallenmu¨ller, and G. Carle. The performance of post-quantum TLS 1.3. page 503–516, 2023.
[53] J. Zheng, H. Zhu, Y. Dong, Z. Song, Z. Zhang, Y. Yang, and Y. Zhao. Faster post-quantum TLS 1.3 based on ml-kem: Implementation and assessment. Lecture Notes in Computer Science, 14028:125–142, 2024.
[54] S. Fluhrer, D. McGrew, P. Kampanakis, and V. Smyslov. Post quantum preshared keys for IKEv2, 2019.
[55] P. Schwabe, D. Stebila, and T. Wiggers. Postquantum TLS without handshake signatures. page 1461–1480, 2022.
[56] D. Lawo. Wireless and fiber-based post-quantumcryptography-secured IPsec tunnel. Future Internet, 16(8):300, 2024.
[57] S. Farooq, A. Altaf, F. Iqbal, et al. Resilience optimization of post-quantum cryptography key encapsulation algorithms. Sensors, 23(12):5379, 2023.
[58] OpenSSL. OpenSSL documentation. OpenSSL Software Foundation, 2024. Last accessed 23 Aug 2024.
[59] strongSwan Project. strongSwan Documentation, 2024. Accessed: 2025-05-26.
[60] WolfSSL. Post-quantum cryptography in wolfSSL. WolfSSL Inc., 2024. Last accessed 23 Aug 2024.
[61] The Legion of the Bouncy Castle Inc. Bouncy Castle Documentation, 2024. Accessed: 2025-0526.
[62] Jack Lloyd and Contributors. Botan C++ Cryptography Library Documentation, 2024. Accessed: 2025-05-26.
[63] Matthias J. Kannwischer, Peter Schwabe, Douglas Stebila, and Thom Wiggers. Improving software quality in cryptography standardization projects. Cryptology ePrint Archive, Paper 2022/337, 2022.
[64] Amazon Web Services. AWS KMS – PostQuantum TLS Support, 2024. Accessed: 2025-0526.
[65] Microsoft Research. Post-quantum cryptography, 2024. Accessed: 2025-05-26.
[66] ARM mbedTLS. mbedTLS documentation. ARM mbedTLS, 2024. Last accessed 23 Aug 2024.
[67] A. Khalid, C. Rafferty, J. Howe, S. Brannigan, W. Liu, and M. O’Neill. Error samplers for lattice-based cryptography - challenges, vulnerabilities, and solutions. pages 503–506, 2018.
[68] W. Liu, Z. Ni, J. Ni, et al. High performance modular multiplication for SIDH. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 39(10):3118–3122, 2020.
[69] D. Bellizia, N. Mrabet, A. Fournaris, et al. Postquantum cryptography: Challenges and opportunities for robust and secure HW design, 2021. Preprint.
[70] Y. Yang, Q. Huang, and F. Chen. Secure cloud storage based on RLWE problem. IEEE Access,
The ISC International Journal of Information Security

Articles in Press, Accepted Manuscript
Available Online from 22 February 2026

Home

AI Policies

Guide for Authors

Submit Manuscript

Contact Us