Case study shows crypto-agile architecture enables quantum-safe upgrades without legacy code changes
QuSecure™, Inc., the market leader in post-quantum cybersecurity and cryptographic agility, presented a telecom case study at Mobile World Congress Barcelona demonstrating how a Tier-1 telecommunications operator introduced post-quantum secure communications into existing network infrastructure without requiring changes to legacy application code. The case study, titled “First Post-Quantum Implementations in the Telco Ecosystem,” was presented by QuSecure SVP of Global Strategy and Research Garfield Jones and highlighted real-world deployment of post-quantum cryptography in telecommunications networks.
The initiative, completed by QuSecure in collaboration with Accenture, introduced centralized cryptographic policy management to provide visibility into cryptographic dependencies across the telecom network. The phased deployment spanned edge services, internal service-to-service connections, and hardened core transport links, demonstrating a practical path toward post-quantum readiness across brownfield telecom infrastructure.
Key Insights at a Glance
- No Code Changes Required: The operator upgraded services to TLS 1.3 with hybrid post-quantum key exchange without modifying legacy application code, using QuSecure’s gateway proxy layer-based cryptographic service mesh.
- NIST PQC Algorithms: The deployment used NIST-standardized algorithms, combining X25519 with ML-KEM-768 for hybrid post-quantum key exchange across network services.
- Phased Infrastructure Upgrade: The multi-stage deployment covered edge services, internal service-to-service connections, and hardened core transport links while maintaining operational continuity.
- Centralized Policy Management: New cryptographic policy management capabilities provided visibility into cryptographic dependencies across the entire telecom network.
Solving the Quantum Threat to Legacy Telecom Infrastructure
Telecommunications operators face a growing challenge as quantum computing advances toward breaking current public-key cryptography. Legacy applications and infrastructure, representing decades of investment, cannot easily be rewritten or replaced. The QuSecure case study demonstrates a solution to this cryptographic debt by introducing post-quantum protections at the network layer rather than the application layer. “This case study serves as a playbook for other telcos looking to operationalize post-quantum cryptographic readiness while building in control and agility for continued visibility,” said Garfield Jones, SVP of Global Strategy and Research at QuSecure. “This proves a realistic path for how quantum-resistant TLS can be introduced across existing networks, leaving existing applications unchanged.” The operator upgraded services to TLS 1.3 via hybrid post-quantum key exchange using NIST PQC algorithms, specifically X25519 combined with ML-KEM-768, maintaining operational continuity throughout the transition.
Gateway Proxy Architecture Enables Crypto-Agile Upgrades
The deployment leveraged QuSecure’s gateway proxy layer-based cryptographic service mesh to introduce PQC and quantum-safe cryptography protections without infrastructure replacement. TLS termination at these proxies enabled encryption upgrades across numerous services, including those supporting older TLS versions or even plaintext communications. This approach addresses the cryptographic debt common across brownfield telecom infrastructure, where decades of accumulated systems resist comprehensive security upgrades. The software-based crypto-agile architecture supporting NIST PQC standards offered the most scalable path for the operator’s global telecom network, particularly when compared to alternatives such as quantum key distribution (QKD). By separating cryptographic policy from application logic, the architecture enables ongoing agility as quantum-resistant algorithms evolve and standards mature.
Phased Deployment Across Edge, Service, and Core Layers
The operator implemented post-quantum protections incrementally across its infrastructure while maintaining service availability and performance. The phased approach began with edge services exposed to external threats, progressed to internal service-to-service connections requiring mutual authentication, and concluded with hardened core transport links carrying aggregated traffic. Throughout each phase, centralized cryptographic policy management provided visibility into cryptographic dependencies across the network, enabling the operator to identify priority targets for quantum-safe upgrades and verify compliance with emerging post-quantum standards. The collaboration with Accenture brought additional systems integration expertise to ensure the deployment met the reliability and performance requirements expected of Tier-1 telecom infrastructure.
Future Outlook
QuSecure’s Mobile World Congress case study arrives as telecommunications operators worldwide confront the approaching quantum computing threat. National security agencies in multiple countries have urged critical infrastructure providers to begin transitioning to post-quantum cryptography, yet the practical path forward has remained unclear for operators managing vast, heterogeneous networks. The demonstration that Tier-1 telecom infrastructure can adopt NIST-standardized post-quantum algorithms without application changes provides a replicable model for the industry. As NIST finalizes additional algorithms and international standards bodies incorporate PQC into telecommunications specifications, the software-based, crypto-agile approach demonstrated in this deployment will become increasingly essential. Operators that begin phased implementations now can retire cryptographic debt incrementally rather than facing a future crisis migration.
Conclusion
QuSecure’s case study presentation at Mobile World Congress demonstrates that Tier-1 telecommunications operators can achieve post-quantum readiness without rewriting legacy applications or replacing infrastructure. By deploying a gateway proxy layer with centralized cryptographic policy management, the operator upgraded services to TLS 1.3 with NIST PQC algorithms while maintaining operational continuity. For an industry facing both quantum threats and extensive cryptographic debt, this represents a viable path forward.
Join the conversation in the comments below.
About QuSecure
QuSecure is the pioneer of orchestrated crypto-agility and creator of QuProtect R3, the first end-to-end crypto-agility and cryptographic command platform. QuSecure enables organizations to identify high-value assets, modernize cryptography without operational disruption, and achieve continuous compliance—all while preparing for the quantum threat. For more information, see www.qusecure.com.
Source link: https://www.businesswire.com/
