Large-Scale Study Finds 0% Adoption of Post-Quantum Certificates Across 32,011 Domains
By
[Submitted on 15 Jun 2026]
A second-rack bagel that's nearly first-rack. Tasty stuff.
Summary
This research paper presents a large-scale empirical evaluation of post-quantum readiness across 32,011 domains, focusing on real-world TLS deployments. Key findings include: 15.70% of domains (especially in banking and government) still rely on TLS 1.2; 49.3% support hybrid post-quantum key exchange (e.g., MLKEM768 with X25519) while 50.7% use classical key exchange; and critically, 0% adoption of hybrid post-quantum certificates was observed, leaving authentication vulnerable to quantum attacks. The study reveals uneven adoption across sectors, with technology platforms advancing faster than legacy-dependent infrastructures, and warns that achieving quantum resilience requires coordinated transition in both key exchange and certificate infrastructures to defend against Harvest-Now-Decrypt-Later (HNDL) attacks.
Key quotes
· 5 pulledThe results indicate that while modern protocols like TLS 1.3 and QUIC are gaining adoption, 15.70% of domains especially in critical sectors such as banking and government still rely on TLS 1.2.
49.3% of domains support hybrid post-quantum key exchange mechanisms (e.g., MLKEM768 with X25519), whereas 50.7% continue to use classical key exchange, reflecting partial transition.
Notably, 0% adoption of hybrid post-quantum certificates was observed, leaving the authentication layer vulnerable to quantum-enabled attacks such as certificate forgery.
The findings reveal uneven adoption of post-quantum mechanisms across sectors, where technology driven platforms are advancing more rapidly than legacy-dependent infrastructures.
Achieving complete quantum resilience requires a coordinated transition not only in key exchange mechanisms but also in certificate infrastructures.
You might also wanna read
Analysis of NSA Influence on IETF Post-Quantum Cryptography Standardization
This article is part of a series examining the conflict between the NSA and IETF regarding post-quantum cryptography standardization. The au
Let's Encrypt Plans Post-Quantum Security with Merkle Tree Certificates
Let's Encrypt is planning to adopt Merkle Tree Certificates (MTCs) as a post-quantum security solution for Web PKI. The article explains tha
Let's Encrypt Plans Post-Quantum Security with Merkle Tree Certificates
Let's Encrypt is planning to adopt Merkle Tree Certificates (MTCs) as a post-quantum security solution for Web PKI. The article explains tha
Cloudflare Introduces Merkle Tree Certificates for Post-Quantum Internet Security
Cloudflare is introducing Merkle Tree Certificates as part of its post-quantum cryptography initiative to protect internet security against
blog.cloudflare.com·7mo ago
Cloudflare Accelerates Post-Quantum Security Roadmap, Targets 2029 for Full Implementation
Cloudflare has accelerated its post-quantum security roadmap, now targeting 2029 to achieve full post-quantum security including authenticat
blog.cloudflare.com·2mo ago
GitHub Implements Post-Quantum Secure SSH Key Exchange for Enhanced Git Data Protection
GitHub is introducing post-quantum secure SSH key exchange algorithms (sntrup761x25519-sha512) to enhance security for Git data access. This
GitHub·9mo agoOpenSSH Implements Post-Quantum Cryptography for Secure SSH Connections
OpenSSH has integrated post-quantum cryptography algorithms to safeguard SSH connections against quantum computer attacks. Starting with Ope