Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog What is Post-Quantum Encryption - And How to Enable It on ESA

What is Post-Quantum Encryption - And How to Enable It on ESA

Here's where it gets interesting for practitioners. While post-quantum cryptography might sound like something that requires complex migration project...

The Quantum Clock Is Ticking

Quantum computing is no longer a theoretical curiosity confined to physics labs. With billions in investment flowing from governments and tech giants worldwide, cryptographically relevant quantum computers (CRQCs) — machines capable of breaking today's public-key cryptography — are projected to arrive within the next 10 to 15 years. Some threat models suggest even sooner.

But here's the uncomfortable truth: you don't need to wait for quantum computers to become a victim of quantum attacks. The threat is already active today.

"Harvest Now, Decrypt Later" — A Present-Day Threat

Nation-state actors and sophisticated adversaries are already executing what the security community calls Harvest Now, Decrypt Later (HNDL) attacks. The strategy is straightforward and chilling:

  1. Intercept and store encrypted traffic today (cheap storage makes this trivial at scale)
  2. Wait for quantum computers to mature
  3. Decrypt the harvested data retroactively using quantum algorithms like Shor's

For any data that retains value over years — trade secrets, medical records, financial data, government communications, intellectual property — the window for protection isn't when quantum computers arrive. It's right now.

The Cloud Security Alliance has identified HNDL as one of the most significant near-term quantum threats facing enterprises. Palo Alto Networks has likewise categorized it as a "present-day risk" that requires immediate mitigation, not future planning.

The Industry Response: NIST Post-Quantum Standards

In August 2024, NIST (the U.S. National Institute of Standards and Technology) took a historic step by releasing the first three finalized post-quantum cryptography standards after an eight-year standardization process:

  • FIPS 203 (ML-KEM) — Module-Lattice-Based Key-Encapsulation Mechanism, derived from CRYSTALS-Kyber
  • FIPS 204 (ML-DSA) — Module-Lattice-Based Digital Signature Algorithm
  • FIPS 205 (SLH-DSA) — Stateless Hash-Based Digital Signature Algorithm

Among these, ML-KEM is the standard directly relevant to protecting data in transit — it provides quantum-resistant key encapsulation for use in protocols like TLS.

The mathematical hardness of ML-KEM is based on the Module Learning With Errors (MLWE) problem over structured lattices — a problem that remains computationally infeasible for both classical and quantum computers. Unlike RSA and ECC (which rely on integer factorization and discrete logarithm problems easily broken by Shor's algorithm), lattice-based cryptography has no known efficient quantum attack.

Hybrid Key Exchange: The Best of Both Worlds

Rather than replacing classical cryptography overnight — which would introduce risks from immature implementations or undiscovered weaknesses in new algorithms — the industry has converged on a hybrid approach:

Combine a classical (proven) key exchange with a post-quantum key exchange in a single handshake. The resulting shared secret is secure as long as either component remains unbroken.

The specific hybrid construction gaining universal adoption is:

X25519MLKEM768 = X25519 (classical ECDH) + ML-KEM-768 (post-quantum KEM)

This means:

  • If ML-KEM-768 turns out to have an unforeseen weakness → X25519 still protects you (classical security)
  • If quantum computers break X25519 → ML-KEM-768 still protects you (post-quantum security)
  • Both must fail simultaneously for the connection to be compromised

The IETF has standardized this hybrid key exchange for TLS 1.3 in draft-ietf-tls-ecdhe-mlkem, and major browsers have already shipped support.

Alibaba Cloud ESA: Post-Quantum Encryption at the Edge, by Default

Here's where it gets interesting for practitioners. While post-quantum cryptography might sound like something that requires complex migration projects and infrastructure overhauls, Alibaba Cloud ESA (Edge Security Acceleration) has made it a zero-configuration default.

How ESA Implements Post-Quantum Protection

ESA natively integrates X25519MLKEM768 hybrid key exchange across its global edge network. When a client that supports post-quantum key exchange connects to an ESA-accelerated site:

  1. The client's TLS ClientHello advertises support for X25519MLKEM768 in its supported_groups extension
  2. ESA's edge node selects the hybrid key exchange
  3. Both parties perform the combined X25519 + ML-KEM-768 key agreement
  4. The resulting shared secret is used to derive TLS session keys
  5. All subsequent traffic is protected against both classical and quantum adversaries

The entire process is transparent — no configuration changes, no certificate replacements, no origin server modifications required.

Protocol Support

ESA's post-quantum encryption works with:

  • TLS 1.3 — The modern TLS standard with streamlined handshake
  • QUIC (HTTP/3) — The UDP-based transport protocol using TLS 1.3 for its cryptographic handshake

Both protocols benefit automatically from post-quantum key exchange when clients support it.

Client Compatibility

Post-quantum hybrid key exchange is supported by all major modern browsers:

Browser Version Status
Google Chrome 131+ Enabled by default
Microsoft Edge 131+ Enabled by default
Mozilla Firefox 132+ Enabled by default

This means the majority of global web traffic from modern browsers is already capable of post-quantum key exchange. As older browser versions cycle out, coverage will approach 100% organically — without any action required from site operators.

Verification

You can verify post-quantum encryption is active on your ESA-accelerated site through two methods:

Browser DevTools:
Open Chrome/Edge DevTools → Security tab → Check the connection details. You'll see X25519MLKEM768 listed as the key exchange mechanism.

Command Line:

curl -vso /dev/null https://your-domain.com 2>&1 | grep -i mlkem

If the output includes X25519MLKEM768, your connection is post-quantum protected.

What This Means for Your Security Posture

Protection Without Complexity

Traditional security upgrades often require months of planning, testing, and staged rollouts. ESA's approach is fundamentally different — post-quantum protection is a platform capability, not a feature you deploy. The moment your site is accelerated through ESA, all client connections that support PQC automatically receive post-quantum key exchange.

Defense Against HNDL — Starting Today

Any data transmitted over an ESA-protected connection using X25519MLKEM768 is immune to future quantum decryption. Even if an adversary captures the encrypted traffic today, the quantum-resistant key exchange ensures they cannot derive the session keys — not now, and not when quantum computers mature.

Compliance Readiness

Regulatory bodies are beginning to mandate quantum-readiness timelines:

  • The U.S. National Security Memorandum (NSM-10) directs agencies to inventory cryptographic systems and begin migration
  • The Cybersecurity and Infrastructure Security Agency (CISA) recommends organizations begin post-quantum transition planning immediately
  • Financial regulators across APAC are incorporating quantum-resilience into technology risk frameworks

By leveraging ESA's built-in PQC capability, organizations gain a measurable compliance data point: "All data in transit to end users is protected by NIST-standardized post-quantum hybrid key exchange."

Who Should Care Most?

While post-quantum encryption benefits all web properties, certain sectors face amplified urgency:

Financial Services — Transaction data, customer records, and inter-institution communications retain value for decades. HNDL attacks today could expose sensitive financial data in the future.

Healthcare — Medical records have essentially infinite sensitivity lifetime. Patient data harvested today remains exploitable regardless of when decryption becomes possible.

Government and Defense — Classified and sensitive government communications are prime HNDL targets for nation-state adversaries who invest heavily in long-term intelligence gathering.

Intellectual Property — Companies with high-value trade secrets, R&D data, or competitive intelligence face significant risk from patient adversaries willing to wait years for decryption capabilities.

Automotive and IoT — Connected vehicles and IoT devices deployed today will operate for 10-20 years. Securing their communication channels against future quantum threats is essential during the design phase, not after deployment.

Technical Deep-Dive: Inside X25519MLKEM768

For those interested in the cryptographic details, here's how the hybrid construction works within a TLS 1.3 handshake:

Key Generation

The client generates two independent key pairs:

  • X25519: 32-byte private scalar → 32-byte public key (Curve25519 point)
  • ML-KEM-768: Seed → 1,184-byte encapsulation key + decapsulation key

ClientHello Key Share

The client sends both public components concatenated in the key_share extension:

key_share_entry {
    group: X25519MLKEM768 (0x4588)
    key_exchange: X25519_public (32 bytes) || MLKEM768_encaps_key (1184 bytes)
}

Total client key share size: 1,216 bytes (compared to 32 bytes for X25519 alone).

ServerHello Key Share

The server:

  1. Performs X25519 key agreement using the client's X25519 public key
  2. Performs ML-KEM-768 encapsulation using the client's encapsulation key
  3. Returns its X25519 public key (32 bytes) + ML-KEM ciphertext (1,088 bytes)

Total server key share size: 1,120 bytes.

Shared Secret Derivation

The final shared secret is derived by concatenating both component secrets:

shared_secret = MLKEM768_shared_secret (32 bytes) || X25519_shared_secret (32 bytes)

This combined 64-byte secret feeds into TLS 1.3's HKDF-based key schedule to derive the actual encryption keys.

Performance Impact

The additional computational cost is minimal on modern hardware:

  • ML-KEM-768 key generation: ~microseconds
  • Encapsulation/decapsulation: ~microseconds
  • Additional handshake data: ~2.3 KB total (spread across ClientHello and ServerHello)
  • Latency impact: Negligible — no additional round trips required

The slightly larger handshake messages are the only observable difference, and they remain well within typical MTU sizes for a single packet in most network conditions.

The Bigger Picture: ESA as a Quantum-Ready Edge Platform

Post-quantum encryption is one component of ESA's comprehensive security architecture that also includes:

  • Global edge acceleration with intelligent routing
  • Enterprise DDoS protection at L3/L4/L7
  • Web Application Firewall (WAF) with managed rule sets
  • Bot management with behavioral detection
  • SNI Whitelist protection against domain fronting abuse
  • Managed TLS certificates with automatic renewal

Post-quantum key exchange integrates seamlessly with all of these — it protects the transport layer while other security features protect the application layer. Together, they form a defense-in-depth posture that addresses both present-day and future threats.

Getting Started

If your site is already on Alibaba Cloud ESA, post-quantum encryption is already active for all clients that support it. There is nothing to configure, enable, or deploy.

If you're evaluating ESA, the built-in post-quantum capability represents a forward-looking security differentiator that requires zero operational overhead — protecting your users' data not just against today's threats, but against tomorrow's quantum-powered adversaries.

The quantum clock is ticking. The good news? Your edge defense is already ahead of it.

References:

  • NIST FIPS 203: Module-Lattice-Based Key-Encapsulation Mechanism Standard (August 2024)
  • IETF draft-ietf-tls-ecdhe-mlkem: Post-quantum Hybrid ECDHE-MLKEM Key Agreement for TLS 1.3
  • Cloud Security Alliance: Harvest Now, Decrypt Later — Quantum Risk to AI Infrastructure (2025)
  • Alibaba Cloud ESA Documentation: Post-Quantum Encryption
CDN Security TLS ESA Post-Quantum Encryption
0 0 0
Share on

Read previous post:

How Alibaba Cloud ESA Prevents Domain Fronting

ESA Big Fan

4 posts | 1 followers

You may also like

Comments

ESA Big Fan

4 posts | 1 followers

Related Products

More Posts by ESA Big Fan

See All