Replacing RSA isn’t a simple software update - it’s a global engineering challenge that requires rebuilding the Internet’s security while billions of devices stay online.
1. Introduction: Changing the Engine in Mid-Flight
Upgrading the internet’s security is not like upgrading the software on your smartphone. When your phone updates, you restart it, and you’re done.
The internet, however, cannot be restarted. Global commerce, hospital networks, military communications, and international banking run 24/7/365. Trillions of dollars flow through the digital pipes every single day. We are facing the monumental task of ripping out the foundational security infrastructure of the entire internet and replacing it with brand new mathematics, without causing a single second of downtime.
Engineers often compare this to changing the engine of a commercial airplane while it is flying at 30,000 feet. For over three decades, the workhorse engine of the internet has been the RSA algorithm (and its cousin, Elliptic Curve Cryptography or ECC). Today, we are going to look at exactly how we are unbolting RSA from the internet’s chassis and installing our new Post-Quantum Cryptography (PQC) algorithms. We will explore how internet protocols are being physically rewritten, what changes for developers, and the massive logistical hurdles we must overcome.
2. Where Does RSA Actually Live? (The Two Pillars)
To understand how to replace RSA, we first need to understand exactly where it sits in our everyday technology.
Almost all secure internet traffic relies on a protocol called TLS (Transport Layer Security). Whenever you see a green padlock or https:// in your web browser, TLS is running the show.
The TLS protocol uses RSA for two distinct, absolutely critical jobs:
- Authentication (Proving Identity): The server sends a Digital Certificate signed by a trusted authority (like DigiCert or Google) using RSA. This proves the server isn’t a hacker in disguise.
- Key Exchange (Sharing the Secret): Your browser uses the server’s RSA Public Key to securely wrap and send a temporary Symmetric Key (like an AES password) so the two of you can encrypt your high-speed web traffic.
To upgrade the internet to Post-Quantum security, we have to replace both of these pillars simultaneously.

RSA currently holds up both sides of the modern secure internet. We must replace both pillars with PQC materials to survive the quantum threat.
3. Pillar 1: Replacing the Key Exchange (Enter ML-KEM)
The first step in our mid-flight engine swap is replacing how browsers and servers agree on a shared secret password.
In the classical world, RSA allowed a browser to literally encrypt a small password and send it. But as we explored, Post-Quantum math is too bulky for direct encryption. Instead, we use a Key Encapsulation Mechanism (KEM).
The Protocol Upgrade
The internet relies heavily on TLS version 1.2 and the newer, faster TLS 1.3. To introduce the new post-quantum standard (ML-KEM, formerly Kyber), developers of the TLS protocol had to physically rewrite the rules of the handshake.
The Old Way (RSA/ECDH):
- The Server sends its Public Key.
- The Client performs complex math with the Public Key to derive a shared secret.
The New Way (ML-KEM):
- The Server sends its ML-KEM Public Key (The open, empty briefcase).
- The Client generates a random secret, places it in the briefcase, and uses the noisy Lattice math to snap it shut (Encapsulation).
- The Server uses its Private Key to mathematically “brush off the noise” and retrieve the secret (Decapsulation).
For software developers, the actual application code (like a web app written in Python or Node.js) doesn’t change much, because the cryptographic libraries (like OpenSSL) handle this handshake behind the scenes. However, network engineers will instantly notice that the data packets flowing over the network are suddenly much larger. Instead of sending a tiny 32-byte ECC key, the server is suddenly transmitting a 1,184-byte ML-KEM key.
4. Pillar 2: Replacing Authentication (The Certificate Chain Bloat)
Replacing the key exchange is relatively straightforward. Replacing the identity system - the Digital Certificates - is a massive logistical nightmare.
Today, a standard web server uses an RSA or ECC Digital Certificate to prove it is authentic. But it’s rarely just one certificate. As we learned in earlier articles, trust flows through a Certificate Chain.
- Your server sends its certificate.
- Attached to that is the Intermediate Authority’s certificate.
- Attached to that is the Root Authority’s certificate.
To make the internet quantum-proof, we must replace all of these classical certificates with our new Post-Quantum signature standard: ML-DSA (formerly Dilithium).
The “Bloat” Problem
Here is where the physics of the internet push back against us.
- A standard classical certificate chain is roughly 3 Kilobytes (KB). It easily fits inside two standard internet packets.
- A post-quantum ML-DSA signature is huge. When you stack three ML-DSA certificates into a chain, the total size balloons to over 10 Kilobytes (KB).
When a server tries to send a 10 KB file during the very first millisecond of a connection, the internet router has to chop it into seven or eight fragmented packets. If the user is on a slow 3G cell connection or a spotty public Wi-Fi network, it is highly likely that one of those eight packets will get dropped. If a single packet drops, the TLS handshake fails, and the website simply refuses to load.
To mitigate this, engineers are actively upgrading internet protocols (like TCP and QUIC) to handle fragmented packets more aggressively, ensuring that these massive new PQC certificates make it to your browser intact.

Upgrading to PQC digital signatures causes a massive increase in the sheer volume of data servers must transmit just to say “Hello” to a web browser.
5. Deprecating the Past: The Death of Legacy Math
One of the hardest parts of upgrading the internet is forcing people to let go of the past.
For decades, internet protocols were designed with “backward compatibility.” If you connect to an old, outdated server using Internet Explorer 6, the TLS protocol would politely downgrade its security to match the ancient server.
With PQC, backward compatibility is a fatal vulnerability.
If a hacker intercepts your connection and tricks your browser into “downgrading” to a weak RSA algorithm, they can use a quantum computer to break it. This is called a Downgrade Attack.
To truly implement PQC, standard bodies (like the IETF - Internet Engineering Task Force) are making hard decisions. They are writing rules stating that modern TLS 1.3 connections must refuse to communicate with outdated algorithms. As PQC rolls out, thousands of legacy systems, old medical devices, and outdated corporate servers that cannot support the new math will simply be cut off from the modern internet.
6. The Real-World Timeline: Who is doing this right now?
The airplane engine swap is not a future event; it is happening above your head right now.
- Web Browsers: As of mid-2024, Google Chrome, Microsoft Edge, and Mozilla Firefox have all enabled Post-Quantum Key Exchange (ML-KEM) by default. If you are using a modern browser, you are already using PQC.
- Web Infrastructure: Cloudflare and AWS (Amazon Web Services), which together host a massive portion of the internet, have upgraded their edge servers to accept ML-KEM connections from browsers.
- Internal Networks: Major tech companies are actively replacing the internal RSA certificates they use to secure communication between their own backend microservices.
However, the complete rollout of PQC Digital Certificates (Pillar 2) will take much longer. Upgrading the global Certificate Authorities (the organizations that issue the trusted certificates) requires intense security audits and careful coordination to ensure the internet doesn’t accidentally stop trusting legitimate websites.
Summary
- The Challenge: Upgrading internet cryptography is like changing an airplane engine in mid-flight; it must be done without breaking active, global connections.
- The Two Pillars: TLS relies on cryptography for Key Exchange and Authentication (Certificates). Both must be replaced.
- The Key Exchange Swap: RSA is being replaced by ML-KEM (Kyber). It changes the underlying protocol from direct encryption to Key Encapsulation.
- The Authentication Swap: RSA certificates are being replaced by ML-DSA (Dilithium). This causes “Certificate Chain Bloat,” requiring network engineers to solve packet fragmentation issues.
- Deprecation: To prevent hackers from forcing “Downgrade Attacks,” the internet must eventually completely abandon and cut off legacy RSA systems.
What’s Next?
We just talked about cutting off legacy RSA systems. But realistically, we can’t do that overnight.
As we mentioned briefly in earlier weeks, the math for PQC is still young. What if we upgrade the entire internet to ML-KEM tomorrow, and next month, a mathematician discovers a fatal flaw in Lattice math? We would be entirely defenseless.
We need a transition strategy. We need a way to use the new post-quantum armor without throwing away the battle-tested classical armor.
Next, we will explore the ingenious engineering compromise that will define the next ten years of cybersecurity. We will look at how developers are wrapping data in multiple mathematical locks simultaneously, ensuring that even if one algorithm fails, the internet survives.

Top comments (0)