Quantum computing is no longer confined to research laboratories; it has emerged as a technological force with the potential to transform—and potentially undermine—digital security as we know it. Its rapid advancement is accelerating the arrival of a future in which today’s cryptographic algorithms may become obsolete. In corporate WAN environments, where thousands of sites, data flows, and applications depend on encrypted tunnels, this risk is particularly acute. Against this backdrop, a structured initiative has begun to evolve SD-WAN architecture toward a Quantum-Safe model, designed to withstand cryptographic attacks originating from quantum computers. It is Quantum SD-WAN.

The quantum challenge: why it poses a real threat

Quantum computing is built on qubits—units that can represent both 0 and 1 simultaneously through the principles of superposition and entanglement. This unique behavior allows a quantum system with only a few hundred qubits to process more possible states than there are atoms in the observable universe.

Such immense computational power creates extraordinary opportunities, but it also introduces a direct risk: the potential to break today’s cryptography. Most corporate VPNs rely on RSA or Diffie-Hellman (DH), cryptographic algorithms that are known to be vulnerable to Shor’s algorithm once sufficiently stable quantum computers become a reality.

While we have not yet reached the point where quantum machines can execute these attacks at scale, the ICT industry has already embraced the “harvest now, decrypt later” strategy—intercepting and storing encrypted traffic today with the intention of decrypting it in the future. For any organization that handles sensitive data, anticipating this threat is a strategic necessity.

A market moving towards post-quantum cryptography

In recent years, leading cybersecurity authorities—such as NIST, ENISA, and the NSA—have accelerated efforts to standardize cryptographic algorithms capable of withstanding quantum-based attacks. In 2024, NIST selected ML-KEM (Kyber) as the reference standard for post-quantum key exchange. At the same time, next-generation technologies such as Quantum Key Distribution (QKD) enable the secure distribution of cryptographic keys by exploiting the quantum properties of photons, ensuring that any interception attempt is detectable.

For WAN infrastructure vendors, this transition presents a dual challenge:

1. Integrating post-quantum algorithms without degrading performance.
2. Ensuring seamless coexistence with established security models such as IPSec and IKEv2.

These challenges are further compounded by the need to operate hybrid networks, with thousands of encrypted tunnels, SLA monitoring, and real-time, application-driven policy decisions.

How quantum computing impacts SD-WAN

In high-value and time-sensitive logistics, every minute and every data point matters. 5G allows operators to track shipments continuously and maintain a verified digital chain of custody from origin to destination. Routes can adapt dynamically based on changing traffic, weather, or incident conditions. For sensitive cargo, IoT sensors connected over 5G provide immediate insight into temperature, vibration, or tamper events, helping prevent losses and keeping operations aligned with strict service-level expectations.

A modern SD-WAN solution brings together:

•  IPSec encryption across thousands of tunnels.
• Automatic path discovery and dynamic topology formation.
• Network segmentation using VRFs.
• SLA- and application-aware load balancing.
• Integration with cybersecurity services.

As a result, cryptography becomes a core pillar of the system. If the underlying cryptographic algorithms are compromised, the security and reliability of the whole system are at risk. Organizations must therefore be able to guarantee:

• Data confidentiality between branch offices and data centers/hubs.
• The integrity of the control plane.
• The validity of digital certificates and secure authentication mechanisms.

For these reasons, the transition toward a Quantum-Safe model must be executed in a progressive and transparent manner, ensuring seamless coexistence with existing infrastructures.

The Quantum SD-WAN – Safe strategy

Enterprises and organizations are looking for a natural evolution of their SD-WAN architecture. This requires transforming existing encrypted hybrid networks built on DMVPN with IPSec, which already operate with integrated dynamic BGP, VRFs, Zero-Touch Provisioning, and advanced segmentation. On this basis, a clear roadmap can be defined to guide the transition from today’s SD-WAN deployments to a Quantum-Safe SD-WAN model, based on three core technological pillars:

1. PS-PPK (Post-Quantum Pre-Shared Key)

PS-PPK is a mechanism recommended by several cybersecurity agencies as an effective safeguard against future quantum-enabled attacks. It introduces an additional cryptographic layer into the IPsec tunnel establishment process by combining traditional cryptographic material with pre-shared post-quantum keys.

This approach enables organizations to:

• Secure traffic even in scenarios where classical cryptographic algorithms are compromised.
• Preserve full compatibility with IPSec and IKEv2 implementations.
• Avoid disruptive changes to network architecture.
• Mitigate “harvest now, decrypt later” threats.

For these reasons, leading SD-WAN vendors already offer PS-PPK.

2. ML-KEM (Kyber)

The integration of ML-KEM—NIST’s standardized post-quantum cryptography (PQC) algorithm for key exchange. Its adoption enables organizations to:

• Replace traditional Diffie-Hellman (DH) and RSA-based key exchange mechanisms with a quantum-resistant alternative.
• Preserve high performance, even in deployments with thousands of concurrent tunnels.
• Support a phased migration through hybrid cryptographic models that combine classical algorithms with PQC.

In environments with centralized management, ML-KEM should be deployable and manageable from a single control point, without requiring manual tunnel reconfiguration—lowering operational costs.

3. QKD (Quantum Key Distribution) — A strategic initiative

QKD represents the state of the art in cryptographic key distribution, using entangled photons to generate cryptographic keys that are impossible to intercept.

Developing QKD integration capabilities both in hub/concentrator platforms and in edge devices would make it possible to:

• Use cryptographic keys generated by QKD providers through standardized interfaces.
• Integrate those keys into IPSec and SD-WAN overlay engines.
• Extend Quantum-Safe capabilities naturally into federated data center environments.

While QKD typically requires dedicated optical infrastructure, compatibility with advanced enterprise environments is expected to evolve.

Conclusion on Safe Quantum SD-WAN

Quantum computing represents the most significant disruption to network security in the past 40 years. Organizations must act proactively, evolving  progressively toward Quantum-Safe models that ensure long-term data confidentiality. The most advanced SD-WAN vendors have already embarked on a solid path aligned with international standards, delivering next-generation SD-WAN solutions that respond to emerging market demands.

At Teldat, we have already implemented PS-PPK, are actively integrating ML-KEM, and are advancing QKD as part of a clear commitment to delivering a fully future-ready Quantum-Safe SD-WAN. Our SD-WAN architecture—open, interoperable, secure, and highly automated—allows us to incorporate these technologies without impacting performance or operations, ensuring that corporate networks remain robust, scalable, and resilient in the quantum era.