Is the Public Cloud Ready for Post-Quantum Cryptography?

In 2023, I published a blog post titled "Is the Public Cloud Ready for IPv6?", where I tried to understand if an organization is trying to build a workload and whether or not the entire infrastructure underneath supports IPv6 end-to-end.

This time, I am asking myself a similar question – is the public cloud ready for post-quantum cryptography?

Terminology and background

Before we begin the conversation, let us first explain what Post-Quantum Cryptography (PQC) is and what problem it comes to solve.

Post-Quantum Cryptography (PQC) is a new kind of encryption designed to protect data from powerful quantum computers. Quantum computers can break current encryption methods like RSA and ECC, which rely on hard math problems. PQC uses new math problems that even quantum computers can't easily solve, keeping data safe in the future.

If standard encryption algorithms and protocols are broken by quantum computing, the security of encrypted data and communications would collapse.

The consequences would include:

• Encrypted data today could be recorded and decrypted later by anyone with a powerful enough quantum computer ("harvest now, decrypt later").
• Confidential communications, financial transactions, and private information would be exposed.
• Digital signatures protecting software updates and identities could be forged.
• Public key infrastructures (PKI) and internet security relying on current cryptography would be compromised.
• Widespread privacy breaches, economic damage, and loss of trust in digital systems could ensue.
• Cybercrimials, nation-states, and hackers would gain unprecedented access to sensitive information.

The new algorithms

Currently, several cryptographic algorithms are vulnerable to quantum computing due to their reliance on mathematical problems that quantum computers can solve efficiently:

• RSA (Rivest-Shamir-Adleman) – Used widely for secure website certificates (SSL/TLS), digital signatures, and encrypting data.
• Elliptic Curve Cryptography (ECC) – Used in many secure communications, cryptocurrencies, and authentication systems.
• Diffie-Hellman Key Exchange – Used for establishing shared secrets over insecure channels, based on discrete logarithms.

NIST is standardizing new Post-Quantum Cryptography (PQC) algorithms designed to resist quantum attacks:

• Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM) - a post-quantum cryptographic algorithm standardized by NIST as FIPS 203. It is a key encapsulation mechanism (KEM) used to establish a shared secret key securely between two parties communicating over a public, insecure channel.

ML-KEM replaces existing classical key establishment algorithms vulnerable to quantum attacks, specifically:

RSA (Rivest-Shamir-Adleman) - Like RSA, ML-KEM allows encrypting a symmetric key, which is then used for encrypting data.

ECDH (Elliptic Curve Diffie-Hellman) - Like Diffie-Hellman (DH) or Elliptic Curve Diffie-Hellman (ECDH), ML-KEM provides a way for two parties to securely agree on a shared secret key over an insecure channel.

• ML-DSA (Module-Lattice Digital Signature Algorithm) - a post-quantum digital signature scheme standardized by the US National Institute of Standards and Technology (NIST) under FIPS 204 in 2024.

ML-DSA is designed to replace existing digital signature algorithms that are vulnerable to quantum attacks, notably:

RSA (Rivest-Shamir-Adleman) - Like RSA, ML-DSA provides cryptographic signing to verify the authenticity and integrity of messages, documents, and code.

ECDSA (Elliptic Curve Digital Signature Algorithm) - Like ECDSA, ML-DSA provides cryptographic signing to verify the authenticity and integrity of messages, documents, and code.

Now that we have discussed briefly the background of post-quantum cryptography, let us move to the main question: are the public cloud providers ready for PQC?

AWS

AWS began publishing articles, conducting research, and contributing to post-quantum cryptography (PQC) standards research at least as early as 2019.

I have researched AWS's official service documentation, and here are the services that currently support PQC:

AWS KMS (Key Management Service)

• Hybrid Post-Quantum TLS: AWS KMS supports hybrid post-quantum key exchange options combining classical ECDH with ML-KEM for TLS connections. This protects data in transit by ensuring quantum-resistant key establishment while maintaining compatibility with classical cryptography.
• Post-Quantum Digital Signatures: AWS KMS has integrated ML-DSA to enable quantum-safe digital signatures for key management operations like CreateKey, Sign, and Verify.
• AWS-LC Cryptographic Library: Underpinning AWS KMS is AWS-LC, a FIPS 140-3 validated open-source cryptographic library implementing NIST-approved PQC algorithms such as ML-KEM and ML-DSA.
• Hybrid and Composite Key Encapsulation Mechanisms (KEMs): AWS uses hybrid KEMs combining classic and post-quantum algorithms, with key combiners merging outputs from multiple KEMs to enhance security and facilitate smooth migration to PQC.

Reference:

• Using hybrid post-quantum TLS with AWS KMS

AWS ACM (Certificate Manager)

• Hybrid Post-Quantum TLS Key Exchange: ACM supports hybrid key agreement protocols combining classical ECDH with the ML-KEM algorithm. This hybrid approach protects TLS connections from quantum computer attacks, ensuring forward secrecy and mitigating "harvest now, decrypt later" risks.
• Quantum-Resistant Cryptographic Algorithms: ACM integrates the latest NIST-approved post-quantum cryptographic algorithms, including ML-KEM for key encapsulation based on CRYSTALS-Kyber.

Reference:

• AWS KMS and ACM now support the latest hybrid post-quantum TLS ciphers

AWS Secrets Manager

• Hybrid Post-Quantum TLS Key Exchange: Secrets Manager supports hybrid post-quantum key exchange options for TLS connections, combining classical ECDH with the post-quantum ML-KEM algorithm. This ensures a secure TLS network encryption resistant to quantum attacks.
• Post-Quantum TLS in All Regions Except China: This hybrid PQTLS feature can be used when connecting to Secrets Manager API endpoints, providing quantum-secure transport.
• Built on AWS SDK for Rust: The Secrets Manager Agent incorporates hybrid post-quantum key agreement in the AWS Rust SDK, enabling end-to-end PQC-enabled TLS for secret retrieval and management.

Reference:

• Post-quantum TLS

Amazon CloudFront

• Hybrid Post-Quantum TLS: CloudFront supports hybrid post-quantum key exchange mechanisms, which combine classical ECDH with ML-KEM. This hybrid approach ensures quantum resistance while maintaining compatibility with existing TLS protocols.
• TLS 1.3 Support: CloudFront has introduced a TLS 1.3-only security policy that enforces use of the latest, most secure TLS version and supports post-quantum cryptography algorithms in the handshake.
• Supported Curves and Algorithms: The platform supports traditional elliptic curves (prime256v1, secp384r1, X25519) along with PQC algorithms like ML-KEM for the key exchange component.

Reference:

• Supported protocols and ciphers between viewers and CloudFront

AWS Transfer Family

• Hybrid Post-Quantum Key Exchange for SSH: AWS Transfer Family uses hybrid key exchange protocols that combine classical ECDH with ML-KEM post-quantum key encapsulation mechanism for SFTP. This hybrid approach ensures quantum-resistant key exchange while maintaining interoperability with clients like OpenSSH, PuTTY, and JSch that support these hybrid algorithms.
• Post-Quantum Security Policies: AWS Transfer Family provides security policies such as TransferSecurityPolicy-2025-03 and TransferSecurityPolicy-FIPS-2025-03 that enable post-quantum secure key exchanges for file transfers via SFTP.
• Long-Term Confidentiality: The PQC support protects against "harvest now, decrypt later" threats by securing SFTP sessions with quantum-safe algorithms, ensuring data confidentiality even against future quantum computers.

Reference:

• Using hybrid post-quantum key exchange with AWS Transfer Family

Additional references from the official AWS documentation:

• ML-KEM post-quantum TLS is now supported in AWS KMS, ACM, and Secrets Manager
• Customer compliance and security during the post-quantum cryptographic migration
• Cryptography algorithms and AWS services

Azure

Microsoft began publishing articles, conducting research, and actively contributing to post-quantum cryptography (PQC) standards around 2019.

I have researched the Azure official service documentation, and here are the services that currently support PQC:

Azure Key Vault

• Post-Quantum Key Encapsulation Mechanism (KEM): Azure Key Vault integrates the NIST-standardized ML-KEM algorithm, which provides quantum-resistant public-key encryption and key exchange functionality.
• Hybrid Cryptography: Azure Key Vault supports hybrid post-quantum key exchange protocols that combine classical ECDH with ML-KEM, enabling secure, quantum-resistant key management while maintaining compatibility with current clients.
• SymCrypt Cryptographic Library: The PQC algorithms are implemented within SymCrypt, a cryptography library used across Windows, Azure, and Microsoft 365, providing consistent post-quantum capabilities accessible via API for encryption, decryption, key generation, and signing.
• Cryptographic API (CNG) Integration: PQC algorithms like ML-KEM and ML-DSA are exposed via Windows cryptography APIs, enabling applications using Azure Key Vault to adopt quantum-safe cryptography.

Microsoft Entra

• Integration of Post-Quantum Algorithms: Entra incorporates NIST-approved PQC algorithms such as ML-KEM for quantum-resistant key exchange and ML-DSA for post-quantum digital signatures. These algorithms work alongside classical cryptographic methods in hybrid protocols.
• Hybrid Cryptographic Protocols: Azure Entra uses hybrid key exchange and signature mechanisms that combine classical elliptic curve algorithms with quantum-safe lattice-based algorithms, enabling secure identity authentication and access management resistant to quantum attacks.
• Identity and Authentication Security: Post-quantum algorithms protect critical functions like authentication flows, identity verification, conditional access enforcement, and signing of tokens or credentials within Entra, ensuring the integrity and confidentiality of identity data against future quantum adversaries.

Microsoft 365

• Integration via SymCrypt: Microsoft 365 leverages the SymCrypt cryptographic library, which has integrated NIST-approved PQC algorithms like ML-KEM for quantum-resistant key encapsulation and ML-DSA for post-quantum digital signatures.
• Hybrid Cryptographic Protocols: Microsoft 365 supports hybrid cryptography that combines classical algorithms with post-quantum algorithms during key exchange and digital signatures to ensure future quantum resistance while maintaining compatibility.
• End-to-End PQC Security: PQC protections extend to Microsoft 365 applications, services, and endpoints, safeguarding data and communications against quantum-enabled adversaries. This includes email security, cloud storage, collaboration, identity verification, and document signing.

It was challenging to find references about PQC support on the official Azure service documentation, but here is the only official blog post I was able to find:

• Quantum-safe security: Progress towards next-generation cryptography

Google Cloud

Google Cloud began publishing articles, conducting research, and contributing to post-quantum cryptography (PQC) standards as early as 2016.

I have researched Google's official service documentation, and here are the services that currently support PQC:

Cloud KMS (Key Management Service)

• Post-Quantum Key Encapsulation Mechanisms (KEMs): Cloud KMS has introduced support for post-quantum KEM algorithms standardized by NIST, including ML-KEM, which is designed to resist attacks from quantum computers. This enables quantum-safe encryption key generation, encapsulation, and decapsulation.
• Quantum-Safe Digital Signatures: Cloud KMS supports NIST-approved PQC digital signature standards like ML-DSA and SLH-DSA. This allows customers to create and verify digital signatures that remain secure against quantum adversaries.
• Hybrid Cryptographic Protocols: Cloud KMS recommends adopting high-level standards like Hybrid Public Key Encryption (HPKE) to integrate post-quantum KEMs alongside classical cryptography for a smooth transition and compatibility.
• Cloud Network Encryption: Internal Google and Google Cloud-native services have migrated traffic encryption key exchanges to ML-KEM, ensuring quantum-resistant network encryption by default.

Reference:

• Key encapsulation mechanisms

Cloud HSM (Hardware Security Modules)

• Support for NIST PQC Standards: Cloud HSM supports quantum-safe cryptography aligned with NIST standards, including FIPS 203 (ML-KEM), FIPS 204 (CRYSTALS-Dilithium or ML-DSA digital signatures), and FIPS 205 (Sphincs+ or SLH-DSA stateless hash-based signatures).
• Quantum-Safe Key Operations: Enables quantum-resistant key import, key exchange, encryption, decryption, and digital signature creation within hardware security modules, providing hardware-backed security assurances.
• Hybrid Cryptographic Protocols: Supports hybrid schemes combining classical cryptography with post-quantum algorithms to ensure compatibility and smooth migration toward quantum-safe infrastructure.

It was challenging to find references about PQC support on the official GCP service documentation, but here are some official blog posts I was able to find:

• Announcing quantum-safe Key Encapsulation Mechanisms in Cloud KMS
• Post-Quantum Cryptography: Standards and Progress
• PQC in plaintext: How we're helping customers prepare for a quantum-safe future

Summary

The blog explores whether public cloud providers—AWS, Azure, and Google Cloud—are ready for post-quantum cryptography (PQC), a new generation of encryption algorithms designed to protect against quantum computer attacks. PQC aims to replace traditional algorithms like RSA, ECC, and Diffie-Hellman, which quantum computers could eventually break.

AWS appears to lead adoption, with multiple services (KMS, ACM, Secrets Manager, CloudFront, and Transfer Family) already supporting hybrid post-quantum TLS and digital signatures. Azure and Google Cloud also integrate PQC into key management and identity services, but their implementations are less visible in official documentation and primarily discussed through technical blogs.

I am not an expert in post-quantum cryptography, and this topic remains an evolving area of research and standardization. While NIST has finalized initial PQC standards, cloud provider adoption is still a work in progress.

Disclaimer: AI tools were used to research and edit this article. Graphics are created using AI.

About the author

Eyal Estrin is a seasoned cloud and information security architect, AWS Community Builder, and author of Cloud Security Handbook and Security for Cloud Native Applications. With over 25 years of experience in the IT industry, he brings deep expertise to his work.

Connect with Eyal on social media: https://linktr.ee/eyalestrin.

The opinions expressed here are his own and do not reflect those of his employer.

Comments

[Marc Campora]

It might be worth mentioning that modern browsers have been upgraded during the past years to support QPC. I wonder if you can force the client to use QPC to connect to CloudFront.