AWS recently added support for Post-Quantum Key Exchange for TLS in Application Load Balancer (ALB) and Network Load Balancer(NLB). And, our good friend S3 now supports post-quantum TLS key exchange on S3 endpoints as well. So, why is this a big deal now? Lets dive a little deep.
Post-quantum key exchange is about upgrading how the internet agrees on encryption keys so your data stays confidential even in a future where large quantum computers exist. Think of it as replacing the lock on your front door before burglars invent a new skeleton key.
Why this matter now?
Quantum computing threatens the key exchange part of TLS, not just the bulk encryption.? Many attackers are already in “harvest now, decrypt later” mode: they record encrypted traffic today, planning to decrypt it once quantum machines are good enough.
- Long-lived data is at risk: medical records, intellectual property, financial histories, government workloads and many more.?
- Once quantum machines arrive, anything protected only by traditional key exchange (like RSA or classical ECDHE) could be retroactively unlocked.
So when AWS adds post-quantum key exchange to S3 and Load Balancers, it is not a “nice to have”; it is a time machine insurance policy for your packets.
Traditional TLS key exchange (and its problem)
Today, most TLS handshakes use:
They are secure against classical computers, but large-scale quantum computers running Shor’s algorithm could solve the underlying math problems efficiently, breaking the secrecy of those negotiated keys.?
In practical terms:
- An eavesdropper who records your TLS sessions today could, in the future, compute the session keys and decrypt the full traffic.?
- Forward secrecy against classical adversaries does not guarantee secrecy against future quantum adversaries.
It is like whispering secrets in a language that is hard today but will be on Google Translate in 10 years.
Post-quantum key exchange
Post-quantum cryptography uses new math problems believed to be hard even for quantum computers.? ?
The AWS announcements use:
- ML-KEM, a NIST-standardized lattice-based Key Encapsulation Mechanism, for post-quantum TLS key exchange.?
- PQ-TLS security policies that combine classical key exchange with ML-KEM (hybrid mode) on ALB/NLB, and ML-KEM support on all regional S3, S3 Tables, and S3 Express One Zone endpoints.?
Hybrid key exchange is basically: “Use the old key exchange and the new PQ key encapsulation; the connection is only broken if both are broken.” It is cryptographic belt and suspenders.
As a bonus, you get to tell your security team: “Yes, we’re using NIST-standardized post-quantum algorithms in production,” which sounds way cooler than “we’ll figure it out later.”
Want to learn more, you can read the AWS announcements for ALB/NLB and S3.