Why Continuous Testing is Critical in the Shift to Post Quantum Cryptography
Owen O'Donnell
Marketing Manager
Responsible for marketing, strategy and new product introductions in VIAVI Solutions’s Wireless Business Unit, with a particular emphasis on virtualized 5G radio access, core network and PQC Performance testing (TeraVM platform).
Owen has more than 35 years’ experience in the industry with positions at Ericsson Telecommunications Inc. and Huawei, and has lived and worked in Sweden and U.K. prior to settling in Ireland.
Watch this full lecture and over 100 other expert lectures on Quantum Technologies in our community with a single subscription.
VIAVI offers security frameworks and validation tools that enable organisations to move quantum algorithms and architectures from theoretical models and lab environments into secure, real-world deployments.
As organisations replace classical cryptography with quantum-safe algorithms, the transition must happen without disrupting live services. Post-quantum cryptography - PQC - strengthens protection, but it also changes system behaviour. The immediate priority is performance testing at scale.
Why performance testing matters
Moving to PQC is not a like-for-like swap. It affects:
Start-up times and session establishment
Capacity and concurrency
Latency and user experience under load
Behaviour under adverse conditions
Robust testing confirms that security gains do not degrade availability or usability.
How systems are tested
Engineering teams:
Emulate thousands of users, devices and hostile events
Drive traffic through quantum-secure VPNs, firewalls and application endpoints
Measure throughput, latency, tunnel counts, setup times, detection efficacy and user experience
Core metrics to track
Throughput - volume of data delivered
Latency - time to complete operations
Tunnel count - concurrent secure connections
Tunnel setup time - speed to establish a session
Threat detection rate - efficacy of controls under load
User experience - observable impact on clients
What changes with PQC
PQC schemes such as Kyber and Dilithium use larger keys and more complex handshakes. This increases data exchanged at session start and places extra load on CPU and memory.
Additional KPIs for PQC rollouts
Key size variation - effect of larger artefacts on bandwidth and storage
Re-keying frequency - operational cost of frequent rotations
KMS performance - ability of key management to sustain demand
Hybrid modes - interaction of classical and PQC algorithms
Test, do not guess
Industry bodies including the Tony Blair Institute, the Bank for International Settlements and GSMA emphasise the need for empirical testing. Without it:
Low-power devices may fail under heavier cryptography
Key exchanges that work in isolation may stall at scale
Key management systems can become bottlenecks
Findings from early testing
Web traffic - HAProxy
Simulation size: 1.6 million users
Observed impact: 26-37% reduction across throughput, connections and requests
Net effect: approximately 32% slower overall traffic
VPN tunnels - strongSwan
Test load: 128 users repeatedly creating and tearing down tunnels
Setup time increase: from 3.4 ms to 4.2 seconds
Tunnels per second: drop from 17,000 to 4,000
QKD key management
Key retrieval failures under load
KMS identified as the limiting factor
Significant tuning required to prevent system crashes
Operational implications
Sectors where performance is critical:
Smart manufacturing - sensors and control loops require low latency
Remote work - VPN performance drives productivity
Banking and finance - cryptographic faults can disrupt transactions
Crypto agility
Algorithms evolve. Crypto agility ensures systems can switch algorithms and parameters without redesign. Agility must be tested in advance so replacements fit operational constraints.
Practical takeaway
PQC strengthens protection but adds cost in speed, scale and complexity. Continuous, evidence-based performance testing is essential to deploy securely without breaking live services. Skipping this step risks solutions that are strong on paper yet slow, fragile or unworkable in practice.
Market classification
Primary domain
Cybersecurity
Technology focus
Post-quantum cryptography, key management systems
Sub-markets and adjacent domains
Telecommunications
Financial technology - FinTech
Enterprise IT
Critical infrastructure
Competitor categories
Legacy encryption vendors - RSA, ECC
Quantum-safe crypto providers - for example PQShield, Crypto4A, ISARA
VPN and firewall vendors integrating PQC
Market outlook
Rapid PQC adoption expected from 2025-2032
Standardisation - including NIST - will shape integration
Strong demand for performance-optimised crypto agility tools
Demand drivers
Advancing quantum capabilities
Regulatory pressure from national cybersecurity strategies
Enterprise migration from RSA and ECC
Rising complexity across hybrid IT environments
