Quantum Private Networking with PQC
Henning Schiel
CTO
Henning is a networking and cybersecurity expert with over 20 years of deep technical and business experience in Information Technology. He has led complex IT teams, delivering at scale for customers globally at companies like IBM. He has published multiple cybersecurity papers and has experience consulting in cybersecurity.
In cooperation with IBM, he planned, managed, and successfully delivered international projects for medium-sized and large customers in Automotive, Healthcare, and Logistics. As an author, he wrote numerous technical papers and co-authored an IBM Redbook.
Henning earned a degree in electrical engineering at the University of Braunschweig. He is also a PMP-certified project manager.
Watch this full lecture and over 100 other expert lectures on Quantum Technologies in our community with a single subscription.
At Patero, we provide cybersecurity technology solutions that make your data indecipherable with quantum-safe encryption. Patero cloaks Internet-exposed endpoints to reduce your network attack surface and future-safes your business from quantum vulnerabilities.
Henning of Patero GmbH and Patero Inc. is deploying post-quantum cryptography - PQC - in live military and government settings today. His approach, Quantum Private Networking - QPN - protects existing systems by wrapping them in a cryptographic shell rather than replacing them.
What QPN is
QPN is a protective overlay for data in transit. It uses PQC and sits above existing networks and protocols. It is independent of the underlying transport - mobile, satellite, or public internet - and assumes no implicit trust.
QPN shields legacy and unmodifiable protocols by enclosing them in a secure tunnel that applies hybrid cryptography. It delivers protection now while core systems evolve.
Crypto-agile core
QPN’s core is crypto agile and supports hybrid key exchange:
One classical exchange - for example ECC
One post-quantum exchange - for example ML-KEM - Kyber
Keys are combined, layered, and rotated every two minutes, maintaining a continually refreshed cryptographic boundary.
Default configurations align with FIPS 203 for US compatibility. FrodoKEM and McEliece are also supported for regions with different cryptographic preferences, including parts of the EU.
Zero trust alignment
QPN is not a zero trust solution, but it integrates well with identity and access controls and can enable zero trust designs.
Inside QPN, internal protocols are concealed. They are not exposed, discoverable, or targetable. Attackers see only a single handshake port, which materially reduces the attack surface and denies reconnaissance.
AI-based defence
QPN traffic patterns are highly predictable. AI-driven anomaly detection flags deviations and terminates connections automatically. The system acts on anomalies rather than waiting for manual triage.
Deployments to date
QPN is already in the field, including:
Military-grade tablets running ATAK-style command and control
Cloud applications operating under a PQC-protected overlay
Satellite and mobile networks with no trust assumptions
Drone links shifted to stateless UDP instead of TCP and secured with PQC
Sovereignty and critical infrastructure
In Switzerland, QPN is used to protect AI workloads and sensitive operations from exposure to foreign legal regimes, including the US Cloud and Patriot Acts. The design provides no external service visibility and full data sovereignty. Henning refers to this deployed capability as sovereign AI. Users include critical infrastructure operators and government clients.
Demo highlights
Virtual cryptographic gateway
QR-code onboarding
VPN-like private IP access available only within QPN
Dual handshake using Kyber - ML-KEM - plus ECC
Key rotation every two minutes
QPN delivers a VPN-like experience that is quantum ready and includes built-in threat detection.
Threat model and containment
QPN assumes endpoints may be compromised. It monitors behaviour, isolates threats, cuts connections, and blocks lateral movement. The emphasis is rapid containment at the network layer.
MITM resistance and protocol posture
Architectures are tested for man-in-the-middle resistance. Frequent key rotation, layered encryption, and connection validation make impersonation highly difficult. Henning also notes:
Bitcoin - safe today but must evolve
DNS and TLS - expected to migrate to PQC natively, so wrapping is not currently required
A bridge, not the destination
QPN is a transitional shield. It buys time for:
Legacy estates to modernise
Standards to mature
Organisations to plan and execute PQC adoption
Market classification
Primary
Quantum networking - post-quantum cryptographic infrastructure
Sub-markets and adjacent domains
Zero trust network access - ZTNA
Sovereign cloud and data localisation
AI security
Critical infrastructure protection
Mobile and satellite cybersecurity
Competitor categories
Traditional VPN and SD-WAN
Cloud access security brokers - CASB
Quantum-resistant key exchange providers
Managed security service providers - MSSP
Market outlook
High growth is expected, driven by government mandates, military deployments, and cloud sovereignty requirements. Early deployments strengthen credibility and urgency.
Demand drivers
Acceleration of quantum threats
Constraints of legacy systems
Military and defence adoption
Regulatory pressure - FIPS, GDPR, BSI
Data localisation and sovereignty needs
Protection of AI workloads
