Quantum Resistance with PQC on LTM

Safeguarding Against Future Threats

Quantum computers capable of breaking current encryption algorithms are expected to become viable within the decade, making PQC adoption urgent. Bad actors are already harvesting data to decrypt later, putting sensitive customer information at risk. Protecting data with PQC standards today ensures long-term security. Don’t wait—BIG-IP can help you achieve PQC readiness now.

Discover PQC Readiness Solutions ›

Quantum computing threatens today’s encryption

Cryptography is fundamental to securing modern networking communications, forming the backbone of Transport Layer Security (TLS) connections. TLS currently relies on three essential types of algorithms to ensure safe, secure, authentic data exchange between clients and servers.

Handshake Algorithms (Key Exchange) Enables secure client-server communication through temporary keys generated during the handshake enable secure client-server communication.
Encryption Algorithms (Symmetric) Protects session data with efficient symmetric encryption, enabled by a shared key generated during the handshake.
MAC Algorithms (Message Authentication Code) Ensures data integrity and authentication by verifying that the data hasn’t been tampered with during transmission.

Diagram - Quantum computing threatens today’s encryption

Quantum Computing Tomorrow: What to consider when preparing for a post-quantum reality

Bad actors are currently launching "harvest-now, decrypt-later" attacks, stealing data encrypted with contemporary algorithms today for decryption in the future, using quantum computers. Safeguarding today’s data with post-quantum encryption methods requires organizations to consider key factors when deploying post-quantum cryptography.

Regulatory Compliance The National Institute of Standards & Technology (NIST) published draft algorithms under FIPS-203, with plans to evolve algorithms. Organizations must be able to adopt emerging standards.
Computational Demands Quantum-resistant algorithms are more computationally demanding than less-quantum-secure algorithms. This creates performance burdens, especially when using hybrid cryptography (combining classical and quantum-safe algorithms) in application delivery solutions.
Challenges Scaling Transitioning to Post-Quantum Readiness presents an industry-wide scaling challenge. Every organization will need to balance security and performance.
Future Value of Data Sensitive data like personally identifiable information (PII), personal health information (PHI), intellectual property (IP), and business records can retain value long-term, making them prime “harvest now, decrypt later” targets for cybercriminals today, ready to be decrypted once quantum computers are readily available.
Reducing Legal, Financial, and Reputational Risks Outdated cryptography leaves data vulnerable to breaches, noncompliance, and other risks. Quantum-resistant encryption with NIST-approved algorithms, can enhance data security, regulatory compliance, and strong protection against costly legal, financial, and reputational damage.

How BIG-IP LTM eases the post-quantum transition

Cryptography is central to F5’s Application Delivery and Security Platform (https://www.f5.com/products/f5-application-delivery-and-security-platform), with BIG-IP LTM serving as the first step in simplifying the adoption of PQC. Positioned to manage traffic between clients and servers, BIG-IP LTM centralizes cryptographic handshakes and encryption for guided evolution alongside emerging cryptographic standards. BIG-IP LTM secures connections for both clients and servers with robust algorithms for encryption and authentication critical to protecting modern communications.

Crypto-Agile Architecture BIG-IP has an upgradable framework for supporting cryptographic agility, which allows the adoption of standardized PQC ciphers, like Kyber (https://pq-crystals.org/kyber/), as they evolve. This flexibility helps customers avoid costly, disruptive architectural overhauls while maintaining PQC readiness.
Hybrid Cipher Support Current PQC deployments involve hybrid ciphers. BIG-IP LTM can facilitate these implementations, ensuring flexibility between security and compatibility based on what the client and server support.
End-to-End Encryption End-to-end encryption is critical for protecting sensitive data, especially against emerging quantum threats. F5 provides scalable, PQC-ready encryption for apps and APIs across any environment—legacy or modern, on-prem or cloud. With F5 ADSP, you get crypto-agility, high performance, and always-on protection to ensure security and resilience.
Operational Enhancements with Hardware Acceleration PQC algorithms are less efficient than less-quantum-secure algorithms. However, some BIG-IP software can employ hardware acceleration features to offset performance hits. Looking ahead, new field-reprogrammable hardware and FPGA designs will further speed up quantum-ready cryptographic processes.
Continued Control over Resources BIG-IP customers can retain more direct control over their resources and may need to expend less compute power on PQC when compared to some cloud competitors.
Bridging Post-Quantum Gaps Not all client or server systems will support PQC immediately. BIG-IP LTM can act as an intermediary, providing quantum-resistant handshakes even when end systems lag in PQC adoption. This ensures secure communication for traffic passing through the network, providing extra security no matter where the client and server systems are in their PQC

Diagram - BIG-IP LTM eases the post-quantum transition

Differentiating and futureproofing

F5’s approach to Post-Quantum Readiness is extremely customer-focused: it's not just about deploying the newest ciphers in production but providing a sustainable, adaptable way forward. While some organizations are prematurely driving quantum ciphers that consume massive amounts of computing resources and may be incompatible with existing network architecture, F5 is building tools that prioritize longevity, efficiency, and scalability.

Longevity Cryptography is an ever-evolving field. Today’s “quantum resistant” algorithms may be broken in the future. F5’s cryptographic solutions are built for adaptability, with regular updates to evaluate the resilience of existing cryptography, pivoting when necessary.
Efficiency F5’s hardware-based acceleration strategy ensures efficient deployment of quantum-safe cryptography without creating unsustainable resource consumption.
Scalability Customers within heavily regulated environments (e.g., financial institutions, healthcare, governments) often have the most pressing PQC needs. BIG-IP LTM’s scalable implementation ensures they can meet compliance requirements while still maintaining performance at scale.

Product Overview

What can you do next?

The post-quantum transition isn’t optional, it’s inevitable. But the journey doesn’t need to be disruptive. F5 and BIG-IP LTM can help organizations stay ahead of the transition by creating crypto-agile infrastructures that secure their systems and set them up for future-compliant, quantum-safe policies.

Start by Conducting a PQC Readiness Assessment:

Investigate where you use TLS. Determine if your cryptographic handshakes are already vulnerable to tStart by Conducting a PQC Readiness Assessment:

Investigate where you use TLS. Determine if your cryptographic handshakes are already vulnerable to threats like “harvest now, decrypt later.”

F5 can guide customers in identifying areas where quantum readiness is critical.hreats like “harvest now, decrypt later.”

F5 can guide customers in identifying areas where quantum readiness is critical.

Hardware

Deploy high-performance hardware in your on-premises data center or collocation facility.

Explore enterprise networking hardware › (https://www.f5.com/products/enterprise-networking-hardware-systems)

Deploy BIG-IP LTM with Crypto-Agile Solutions Today:

Transitioning to PQC strengthens your organization’s security posture while ensuring compliance and protecting against costly data breaches.

We’ll support you through evolving standards and help you make your systems future-proof for coming FIPS requirements and cryptographic evolutions.

Software (Virtual Edition)

Deploy on any hypervisor within your data center, collocation facility, or in AWS, Azure, or Google Cloud.

Explore Virtual Editions › (https://www.f5.com/products/big-ip-services/virtual-editions)

Core Capabilities

End to end encryption

Leverage post-quantum encryption from client to server.

ML-KEM Ciphers

Balance performance and security while maintaining PQC-readiness.

PQC Intermediary

BIG-IP centralizes cryptographic handshakes and encryption between clients and servers.

Resources

FEATURED

post quantum cryptography

Post-Quantum Cryptography: Building Resilience Against Tomorrow’s Threats

As quantum computing edges closer to reality, today’s encryption standards face a ticking clock. Learn how organizations can prepare for a post-quantum world with resilient, crypto-agile solutions that safeguard data against tomorrow’s threats.

Read the article