PQC Radar · by Ashish Gupta

Post-quantum cryptography
for people who run networks

Post-quantum cryptography started showing up in vendor roadmaps and compliance conversations, and I realised I was nodding along without really understanding it. So I decided to learn it properly. Not just the theory, but how it applies to the kind of infrastructure most enterprise networks actually run.

This site documents what I found. Everything here has been tested and verified against a standard enterprise stack: Cloudflare as the CDN edge, F5 BIG-IP as the origin load balancer, and a real domain to run openssl s_client against. This is a common architecture: CDN in front, load balancer at origin. Not specific to any one organisation.

NIST FIPS 203 · ML-KEM TLS 1.3 Cloudflare F5 BIG-IP 17.5.1+ Harvest Now, Decrypt Later X25519MLKEM768

Where Does PII Get Exposed, and Where Should We Focus?

PII travels across two separate internet-exposed TLS legs before it reaches your application: browser to CDN, then CDN to origin. A third path exists for trusted external systems (partner APIs, SaaS) that bypass the CDN entirely. The diagram below maps where each harvest opportunity sits. Full breakdown in The Problem.

Network diagram showing harvest points across User → Cloudflare → F5/CloudFront traffic path

Why hardening the CDN and origin layers closes most of the risk: Both legs where PII crosses the internet (browser to CDN and CDN to origin) pass through TLS termination points you control and can configure. Secure both legs with a quantum-resistant key exchange (ML-KEM via TLS 1.3) and an adversary capturing everything in transit today cannot decrypt it, even with a future quantum computer. You don't need to solve every device or every endpoint at once. Close the two internet hops that carry PII, and you've eliminated the harvest window that matters most.

Start here

🔐

The Problem

What actually happens in a TLS handshake, which part of it quantum computers break, and why the attack doesn't need a quantum computer to start. The harvest now, decrypt later threat is the reason this is worth paying attention to now.

Read → The Problem

The bridge

🔄

TLS 1.2 vs TLS 1.3

Why the TLS version actually matters here. TLS 1.3 made the key exchange pluggable. That's the architectural reason ML-KEM can exist at all. TLS 1.2 simply has no slot for it. And TLS 1.3 alone, without ML-KEM, still leaves you exposed.

Read → TLS Version Comparison

The replacement

🛡️

Post-Quantum Cryptography

NIST finalised three algorithms in 2024. ML-KEM is the one that matters for TLS key exchange and it's already shipping in Cloudflare and modern browsers. This section covers what it is, which parameter set is in active use, and how it fits into TLS 1.3.

Read → Post-Quantum Fundamentals

Where it lands

🏗️

Network Architecture & Verification

Knowing which algorithms are quantum-safe is the easy part. The harder question is where you can actually deploy them, and where you can't. What the org controls vs what depends on vendor roadmaps, plus how to verify what is actually being negotiated.

Read → Network Architecture

✓ Verified against a Cloudflare-fronted domain (April 2026)

ML-KEM is negotiated in practice, not just on paper. The key line to confirm: Negotiated TLS1.3 group: X25519MLKEM768. Requires OpenSSL 3.5+. See the full verification guide for the command and setup.

Post-quantum cryptographyfor people who run networks