Skip to main content
PQC in Production

Real Implementations,
Documented Results

Post-quantum cryptography is already deployed at scale. These organizations have publicly documented their implementations, performance impacts, and challenges encountered.

Industry Reference Library — Not Qryptonic Engagements

These are documented public PQC deployments by third parties. We share them to demonstrate real-world PQC viability, common challenges, and migration patterns. All data sourced from public disclosures with links to primary sources.

Cloud Infrastructure
October 2022 – Present

Cloudflare

Hybrid PQC Key Agreement — Global Edge Network

Cloudflare enabled post-quantum hybrid key agreement across their edge servers in October 2022, with no opt-in required for sites and APIs served through their network.

What They Built

Cloudflare enabled hybrid X25519+Kyber key agreement on their edge servers. Websites and APIs served through Cloudflare support post-quantum hybrid key agreement by default with no opt-in required. Phased rollout starting as beta, then enabled globally.

Challenges Encountered

Some users reported connection failures after Chrome 124 released, because middlebox devices that do not correctly implement TLS malfunctioned when offered the new post-quantum key agreement option.

Primary Source
TLSHybrid KEMX25519+KyberEdge NetworkZero Opt-In

Key Metrics

PQ-Enabled Traffic30%+
SourceCloudflare Radar
Opt-In RequiredNone
AlgorithmX25519+Kyber

Traffic data from Cloudflare Radar (radar.cloudflare.com/adoption-and-usage). Percentages vary by measurement date and client browser support. Check source for current figures.

Consumer Technology
March 2024

Apple

PQ3 Protocol — iMessage End-to-End Encryption

Apple deployed PQ3, a post-quantum messaging protocol with three self-healing ratchets, protecting iMessage communications against harvest-now-decrypt-later attacks.

What They Built

Apple's PQ3 combines post-quantum initial key establishment with three ongoing ratchets for self-healing against key compromise. Apple describes it as meeting or exceeding the security properties of other widely deployed messaging protocols. Apple used formal verification with ETH Zurich's Tamarin prover tool to validate protocol security properties.

Challenges Encountered

Required designing an entirely new protocol rather than retrofitting existing Signal/Double Ratchet architecture. Three-ratchet design adds complexity but provides additional security properties Apple describes as post-compromise security.

Primary Source
MessagingHNDLFormal VerificationML-KEMEnd-to-End

Key Metrics

Apple PQ3 LevelLevel 3 (Apple designation)
Ratchets3 (Self-Healing)
Formal VerificationTamarin Prover (ETH Zurich)
HNDL MitigationDesigned for

Security level is Apple's internal classification for iMessage protocols, not an industry standard. HNDL mitigation depends on implementation; consult Apple documentation.

Web Browser
April 2024 (Chrome 124)

Google Chrome

X25519Kyber768 — Default TLS Key Agreement

Google enabled post-quantum key agreement by default for Chrome users, representing one of the largest deployments of PQC in web browsing.

What They Built

Google enabled X25519Kyber768 hybrid key agreement by default in Chrome version 124. TLS 1.3 connections attempt post-quantum key exchange unless the server does not support it.

Challenges Encountered

Deploying post-quantum key agreement incurred a measured 4% slowdown in TLS handshake time due to larger key sizes. Some middlebox devices and enterprise proxies failed to handle the larger ClientHello messages, requiring fallback mechanisms.

Primary Source
TLS 1.3Hybrid KEMX25519Kyber768BrowserPerformance

Key Metrics

Handshake ImpactMinor slowdown
Key Exchange Overhead~1-2 kB additional
FallbackAutomatic if unsupported
DeploymentDefault-On

Performance impact varies by network conditions. See Chromium blog post for technical details.

Financial Services
2023 – Present

JPMorgan Chase

Quantum-Secured Crypto-Agile Network (Q-CAN)

Among the earliest banks to implement PQC in production. Built a high-speed quantum-secured network connecting data centers with both PQC and QKD as layered defense.

What They Built

Successfully implemented a high-speed quantum-secured crypto-agile network (Q-CAN) connecting two data centers over deployed fiber. A third quantum node established as a research platform. Uses both post-quantum cryptography and quantum key distribution as a layered defense strategy.

Challenges Encountered

Requires dedicated fiber infrastructure for QKD layer. Crypto-agility design needed to support algorithm switching as NIST standards finalize. Integration with existing high-frequency trading infrastructure while maintaining latency requirements.

Primary Source
BankingQKDCrypto-AgilityData CenterLayered Defense

Key Metrics

Data Centers Connected2+
Defense LayersPQC + QKD
Quantum Nodes3
Crypto-AgilityBuilt-In
Financial Services
2024

HSBC

PQC-VPN Pilot — Gold Tokenization Environment

Production pilot demonstrating PQC can protect distributed ledger technology without performance degradation or re-architecture.

What They Built

Trial with Quantinuum using a PQC-VPN tunnel in a gold tokenization environment. Tested post-quantum protection for distributed ledger technology transactions across production-representative workloads.

Challenges Encountered

Needed to demonstrate that PQC protection would not impact DLT transaction throughput regardless of data payload size. Proved the viability of PQC-VPN tunneling as a non-disruptive migration path for blockchain-based financial infrastructure.

Primary Source
BankingDLTVPNTokenizationQuantinuum

Key Metrics

Performance ImpactMinimal
Data Size SensitivityNone
Re-Architecture RequiredNo
PartnerQuantinuum
Cloud Services
2024 – Present

AWS

ML-KEM Across Core Security Services

AWS deployed post-quantum key agreement across foundational security services, enabling customers to protect secrets and certificates with hybrid PQC.

What They Built

AWS Key Management Service, AWS Secrets Manager, and AWS Certificate Manager endpoints now support ML-KEM (FIPS 203) for hybrid post-quantum key agreement in non-FIPS endpoints across AWS Regions.

Challenges Encountered

FIPS-validated endpoints not yet supported for PQC, limiting adoption in regulated environments requiring FIPS mode. Customers must explicitly opt into hybrid key agreement rather than receiving it by default.

Primary Source
CloudKMSML-KEMFIPS 203Hybrid

Key Metrics

Services with PQCKMS, SM, ACM
AlgorithmML-KEM
Region CoverageAll Regions
StandardFIPS 203

Migration Timeline Reality

Estimated Migration Timelines

Source: MDPI Applied Sciences research, peer-reviewed estimates

Small enterprises5–7 years
Medium enterprises8–12 years
Large enterprises12–15+ years
Hybrid maintenance overhead20–40% staff time

What You Won't Find

  • No complete end-to-end enterprise migration case study with costs, timelines, and lessons learned has been published.
  • Most organizations treat PQC migration details as competitive intelligence.
  • The NIST NCCoE project is building reference architectures but has not yet published full implementation guides.
  • This gap is why Qscout26 exists. We produce the cryptographic inventory, risk quantification, and migration roadmap that enterprises need but cannot find publicly.

These Organizations Have Dedicated Teams.
Most Enterprises Don't.

Cloudflare, Apple, and JPMorgan have full-time cryptography engineering teams. Qscout26 gives every enterprise the same visibility into their quantum risk posture in 8 days.

Start Your Assessment