Quantum Live! Webinar Replay

Andrew Gault

Welcome everyone to Quantum Live. We’re excited to walk you through the quantum threat and how ZeroTier Quantum is addressing the challenges of post-quantum cryptography. Today’s session is May 13th, 2026. Okay, so I’m Andrew Gault, CEO of ZeroTier, and I’ll be your host today. I’m pleased to introduce our experts.
First, we have

Lennon Day-Reynolds

, CTO of Tech Integrity Lab, who will guide us through the threat landscape and defense strategies. And later, we’ll hear from

Angelo Rodriguez

, SVP of Global Operations at ZeroTier on the ZeroTier Quantum solution and many of our common use cases. Would you guys like to do a quick intro?

Lennon Day-Reynolds

Yeah, sure. Hi, as Andrew mentioned, I’m Lennon Day-Reynolds.
I actually worked at ZeroTier for several years before leaving to co-found the Tech Integrity Lab. What we do is advance research into AI and machine learning algorithms. I lean on ZeroTier every day to secure the connections and systems that we use for that research. I was also still at ZeroTier for a lot of the development of ZeroTier Quantum, and so I’m very excited to get to share with the team kind of why we’re so excited about what it can do. So thanks.

Angelo Rodriguez

Hi, I’m Angelo Rodriguez. I’m the SVP of Global Operations at ZeroTier. I’ve been with the company for several years, working very closely with our engineering team as we develop this quantum platform. I also lead our customer success and pre-sales engineering organization. So hearing every day from our customers about the frustrations they have with legacy networking and the concerns they have about quantum readiness.

Andrew Gault

Great, thank you both. So a couple of housekeeping items before we dive in. The session has, of course, been recorded. We’ll send the link out afterwards so you can re-watch it and share it with your team. And as I mentioned, we’ll have time for Q&A at the end.

We received a bunch of great questions from you all during registration. If you didn’t send any yet, you can always drop your questions into Zoom as we go. There should be a Q&A button at the bottom of the webinar screen. I can’t promise we’ll get to all your questions live, but we will try to get back to everyone. We’ll also post a full Q&A FAQ on our website after the webinar that will answer all the questions you receive.

And lastly, I will add, we have a bunch of great quantum content coming through our socials, blogs, and other news posts. We’ll be sharing a few of the slides today and a few new ones in the coming weeks, including some detailed use cases, post quantum planning articles, and much more. So please check us out and sign up and subscribe. Okay, so let’s jump in. Here’s what we’ll cover today.

We’ll start with an introduction to quantum threat, defining quantum computing and the looming cybersecurity risk. Next, we’ll review PQC mandates and compliance, including key standards such as CNSA 2.0 and the timeline for post-quantum cryptography adoption. We’ll then cover developing a quantum defense strategy, outlining assessment steps, the decision tree, and the four categories of cryptographic debt. We’ll also discuss critical success factors. These will include things such as performance, crypto agility, and maintaining a crypto agile posture.

Next, we’ll introduce Zero2Quantum with a quick look at its architecture, its core features, strengths, and we’ll review some use cases, providing examples of Zero2Quantum in various environments. And then lastly, the Q&A. So to kick off our discussion on the quantum threat, I’m gonna hand it over to Lennon to go through some of the key definitions and make sure we’re all speaking the same language.

Lennon Day-Reynolds

Thanks, Andrew. So before we get into the details, just again, this is going to be a baseline so we can understand some of the key terms and concepts we’re gonna be talking about through the rest of the session.

Also, full disclosure, I am not a physicist or a cryptographer. I’m very interested in the field as a practitioner. And this is, again, going to be just a lightning speed high-level overview. If you wanna learn more, check out some of those resources that Andrew mentioned that the team will be making available in the coming months. So getting right into it, some of the key terms.

First, we have a cryptographically relevant quantum computer. So this is a quantum computer that has been built to a scale and level of capability where it can be used to attack classical cryptosystems. The building blocks underneath that CRQC are qubits and the superposition and entanglement that the qubits exploit to build quantum logic. So quantum mechanics tells us that you can have a bit that is in multiple states. Unlike digital signals where you have a zero or a one, a qubit can hold both states at once.

You can use that superposition along with entanglement to build circuits that are able to do very fast computation on classes of problems that are very relevant for cryptography and security, as we’ll get into more. Next, an important distinction, there is classical encryption and quantum encryption. We’re gonna be largely talking about post-quantum cryptography in this session. Classical cryptography and classical encryption is what we use everywhere today. So all of the familiar tools, RSA, elliptic curve, digital signatures, everything that you have deployed in the field today is lumped under classical encryption.

So by contrast, post-quantum cryptography is novel algorithms and building blocks that we can use to build cryptosystems that are resilient to attack from a quantum computer. Next, part of the reason we’re all here, Q-Day. Q-Day is a date at some time in the future. We’re not sure when, but probably sooner than we expect, where quantum computing will have scaled and gotten robust enough to attack these classical encryption systems. Next, a tool we’ll use to talk about how to prepare for the quantum threat, a Q-BOM, a quantum bill of materials.

This is effectively just an inventory of all the cryptography you have deployed in your enterprise, which systems are vulnerable to quantum attacks and not. And it’s kind of a to-do list to go down as you’re building your resilience and defense story. Next, ZeroTier Quantum, the reason we’re all here today. This is the next generation new platform that ZeroTier has built to protect your networking and communications against quantum threats against cryptography. Finally, another term we’ll come back to a lot, quantum agility.

This is again based on kind of the classic idea of cryptographic agility, and it’s the ability to respond quickly and incrementally to changes in the cryptography you have deployed and the attacks that are exposed or that expose it. So if you’d like to know more about this, again, we’ll have more resources available after the session. It’s a deep field, it’s an evolving field. The technology is improving every day. So stay tuned for more.

Now let’s talk a little bit about what a quantum computer actually is, now that we’ve covered some of the basic terms. So like I mentioned, a qubit is a quantum bit. It’s the smallest possible machine inside a quantum computer that represents a value. Zero or one is kind of our classic binary logic used in computers everywhere. A qubit though can hold both of those states at once.

That’s a superposition. Entanglement is what links qubits either directly adjacent to each other or at distance so that they express the same data. Entanglement and superposition give us simple building blocks on top of which we can build quantum logic. Quantum logic can run algorithms like Shor’s algorithm, which we’ll get into more in a moment, that make classic crypto systems vulnerable to attack in ways that would be intractable with the computers we all have deployed at the moment. Now, quantum computers do not look like a PC or a mobile device or a server you would have deployed today.

They are large machines involving careful environmental controls and have a large-scale existing sort of traditional computer running alongside them to provide an essential role called error correction. Error correction is needed because due to the variability of the state of qubits, the natural output is full of a lot of noise. Any kind of environmental disturbance, even the observation of a single qubit, the measurement of its state can introduce errors midway through your larger computation. And so these error correction systems sit downstream of the actual quantum logic and tease out a reliable set of answers from the questions that you’re posing through the quantum system. Now, this is not some fringe academic field.

There are major players you have heard of that are building ever more capable and complex quantum computing systems. They’re regularly publishing their findings and talking about how this is approaching the relevance for the systems we’re talking about today. So Google, Microsoft, IoNQ, D-Wave, IBM, Pasqal, these are big, well-funded, advanced groups looking not just for research but for practical applications of quantum computing. So with that, I mentioned Shor’s algorithm. Let’s talk a little bit about that and what it means for cryptographic security.

So Shor’s algorithm was developed back in the mid 90s. And today, it’s largely a piece of math, though quantum computers are being able to exercise limited versions of it. What Shor’s algorithm lets you do is fundamentally factor large integers. Classical crypto systems generally rely on either large integers or elliptic curve systems that are effectively one-way functions. You can put in an input, but once you have the output, you can’t break it back down to the original inputs.

Shor’s algorithm, running on a capable quantum computer, unfortunately breaks that contract. Those impossible one-way calculations actually become reversible. And that allows you to extract the secret key material that was originally used in a cryptographic operation. Again, in a traditional computing environment, these problems are intractable. They take more time and more compute resources than could possibly be mustered.

Under Shor’s algorithm on a quantum system, that’s no longer true. So the real world impact of that is most of the cryptographic tools that we rely on today to secure our communications and data lose their ability to protect against a quantum attack. That includes TLS, SSL, digital signatures, physical encryption components. All of these systems are now vulnerable. So we’re gonna talk a lot more about what that means in practical terms for your environment and your applications.

So with that sort of abstract background, let’s talk about the real world risks and threats that you’re exposed to. The first one is called Harvest Now, Decrypt Later. So while we don’t have or know of the existence of a cryptographically relevant quantum computer today, it is feasible to capture and save a copy of traffic flowing over the internet at massive scale. Think nation state actors, major enterprises, corporate espionage. There might be actors who are currently just taking all of those encrypted bytes that are flowing around the internet, saving them for later.

Once they have access to that quantum computing resource, they can then break the keys and rifle through the data at their leisure. Next, we have Breaking Signatures. There’s an analogous problem, Trust Now, Forge Later. So while today we can count on a digital signal to tell us that, or a digital signature to tell us that some artifacts, a binary, a piece of information, a body of text was signed using a secret key held by a particular entity. Breaking those signatures with a quantum attack means we can no longer guarantee that.

This is particularly concerning if you think about firmware, operating system images, and other critical pieces of software that your platform may be built on top of without even really being visible to you. Those signed artifacts, once they’re broken, mean that an external attacker could push an update to your systems that masquerades as a legitimate patch from an operating system or platform vendor. Other impacts include things like IAM. Identity is tightly coupled to certificates and signatures today. It doesn’t matter if you’re using basic certificates, if you’re using FIDO or other hardware tokens, using pass keys, any of the best practices we have today to establish identity from a client are vulnerable to the same category of attacks.

Beyond that, we have: any secure communications, email, messaging, web traffic, all of these rely on the underlying cryptography to protect the content of the messaging. Among other things, TLS, the backbone of most network encryption on the modern internet, is vulnerable to this category of attacks. Next, broader hardware vulnerabilities exist. Your cloud servers likely leverage a hardware security module that holds secret keys. Your mobile phone has a secure enclave which handles encryption on behalf of the operating system without making those keys available to the applications running on it.

Those security properties are secured by the same mathematical primitives that will be broken by a post-quantum cryptographical attack. Next, there is a broad systemic risk to cryptocurrency and blockchain technologies. This has been specifically addressed in recent research from Google, and it’s, again, stemming from the same loss of confidence and security from the underlying cryptography. Blockchains require that signed, chained messages can be proven to have happened in that sequence by those entities. Once you lose that guarantee, the ledger has no value.

It is not trustworthy anymore. Finally, we have AI combined with this quantum threat. AI accelerates the attacks, the exploration, and the exploitation of vulnerabilities in any public infrastructure. So put quantum attacks together with AI speed boost, and now you have broad, rapidly evolving threats, and you have to have your defense in place before these systems start probing. So that’s our risk.

Andrew, you want to talk a little bit about what the industry and community at large has been doing to prepare?

Andrew Gault

Sure. So unsurprisingly, regulators around the world have been responding to this. Near-term, US and EU regulations will force PQC adoption in certain critical sectors, starting as soon as next year, and we expect a lot more to come. This is no longer just a future-looking security conversation.

It’s becoming a compliance budget and procurement conversation today. So this timeline here shows the current key milestones. Procurement cycles are already beginning to reflect PQC readiness, and teams that start will be in a much stronger position when requirements become stricter. NIST standardized PQC algorithms in August 2024, with FIPS 203, 204, and 205. A critical CNSA 2.0 deadline requires PQC for new acquisitions in US national security systems by January 2027.

That expectation is that this will expand to other areas of the US government as well as foreign governments soon. The deadline is specifically important because it creates a clear signal for regulated and security-sensitive environments and drives home the point that quantum-secure cryptography is moving from optional to required. It’s especially key for new product development. Of course, this will be followed by all regulated industries, finance, financial services, healthcare, energy and utilities, casino gaming, and more. From 2031 and beyond, we think PQC is projected to be the global baseline for all enterprises.

And of course, this won’t stop with direct legal requirements. SOC 2 ISO 27001 and similar standards are likely to become a major force and function for the rest of the industry. Both specify that you must use modern cryptography and auditors will soon take that to mean PQC algorithms. They’ll also start asking the same question of your upstream vendors. So while the various timelines and regulations are layered, the takeaway is simple.
The transition has already started. There is no need to wait for every mandate to be fully enforced before taking action and enterprises that move early can reduce their risk, simplify future compliance, and avoid being forced into an impossible rushed migration later on.

Lennon Day-Reynolds

So the deadlines are real, the threat is real. So now we have to come up with a plan. What are we gonna do to protect ourselves against this threat?

Like any large scale modernization or migration effort, the key about this is to be practical and incremental. So the risk may feel very wide open and abstract, but your response can be concrete, staged, and measurable. You don’t have to solve every potential risk at once. You need to look at where your greatest risk and exposure is and address that first. Along that, alongside that, you build a longer term plan that shows how you’re going to update all of your systems and stay on top of the evolving risks and regulations that are gonna describe how your posture changes over time.

Again, this is the way that you would tackle any large scale migration and update to your critical systems across your organization. It’s just that the risk here is elevated and the deadlines are not under our control. When Q day hits, we all have to respond. So breaking it down a little bit to get even more concrete, recommend starting with just a simple three-step approach. The first one, of course, is assessment.

You need to take an honest and broad look at the cryptographic systems you have deployed in your enterprise. You’re gonna need a team who can collaborate and work across functions and across the organization to identify and make recommendations and execute on your plan. You need your inventory in the form of a Q-BOM, your cryptographic bill of materials that tells you what systems you have deployed, what versions of what protocols and cryptographic algorithms are they running. That’ll include necessarily a deep audit of legacy crypto debt. It may not just be the quantum threat that you need to update to address.

You probably have older systems deployed that are using what we would consider weak crypto systems, even under classical threats. Finally, a very important consideration is the lifetime of your data. Because the Harvest Now, Decrypt Later threat is so real, data could be captured today that’s still relevant in years. That needs to be protected to the utmost so that no matter when Q day happens, your most sensitive and most critical data is not exposed. Moving on from the assessment, you can start your initial mitigation.

Again, start with your legacy systems, bring things current, adopt post-quantum cryptography in the systems that make it available and find ways to give yourself time and space by layering in PQC for systems that can’t be readily updated. Next, you should be aware of and working in alignment with the relevant compliance standards. These have been built actively in collaboration with the cryptography, quantum research and government entities to make sure that they really capture the best practices for how to be safe against quantum cryptographic threats. Again, it’s critical to understand your exposure to Harvest Now, Decrypt Later attacks. Data might be sitting around that you think of as secure because it’s encrypted at rest.

Well, under Harvest Now, Decrypt Later, that guarantee has an expiration date. Finally, another useful tool in your toolbox is to think about hardening at the edge first. As I mentioned, some of your systems may not be readily updatable. Also, the edge tends to be where most attacks start. So look at your external network endpoints and perimeter.

That could be employee access, that could be public services you host, it could be partnerships, cloud providers, any number of platforms. But look at those boundaries, look at those perimeters, make sure they are safe to attack because once those are open and people are inside your systems, they can look at every possible target for quantum decryption. Now you’ve gotten the most urgent fires under control, it’s time to think about long-term defense. Here’s where you bring in defense in depth, going top to bottom, up and down the stack, looking at every tool and system you have deployed. One really useful and, we think, critical tool to being responsive here is to work with software-defined systems over hardware-based.

Hardware life cycles are long. Replacement is labor-intensive and costly and they often can’t be patched in place. So prefer software systems where they’re appropriate. They can be upgraded on the fly, they can be swapped out, they can be scaled based on simply increasing compute and updating the versions of the software. Another useful tool here is to think about software with robust API-based integrations.

So if you’re stuck working with manual checklists and administrative tools, your speed of response is only as fast as your team can manually click through or change settings. With API automations, you can move across your fleet, across your systems and make changes very quickly, very deterministically and that just unlocks a ton of speed and agility. Next, quantum agility is the name of the game. You need to be able to move quickly, not just as standards and algorithms evolve, but as the threat landscape evolves. As your systems change, you update and deploy new ones.

This can’t be a one and done type of scenario. You need to have the agility to respond quickly and effectively to each change that hits you. So let’s drill in a little bit more to this data longevity and kind of the decisions that that involves. You probably have information that’s used day-to-day in your organization that is valuable, but not incredibly, durably important. That could be internal administrative communications.

It could be short-lived information of any kind. There, you want to protect against its leakage because it could impede your operations or expose your systems. But once that data goes stale fairly quickly, it might have an effective lifetime of minutes, hours or days. There, your risk is moderate. Yes, you want to protect it.

You don’t want to allow outside actors to get access, but it’s not an existential threat to your organization. Then you have a larger category of critical operation data that’s specific to your enterprise. It’s not necessarily something that exposes you to a great threat to the viability of your organization or to the trust that’s been placed in you by the users and organizations you support. But it could have a material impact. This could be financial data, intellectual property that is not necessarily the cornerstone of your business, but important for your competitive posture.

Really anything that you would really not want to see published on the internet for more than embarrassment, but for actual impact on your operations. And then finally, you have the most critical data, the crown jewels. These are things like deep trade secrets, like health or other highly sensitive personal information, like national secrets. These sources of data and these kinds of data need to be protected indefinitely. There could be a real risk to you, the people you support and the organizations you serve if this data was exposed at any time.

Your first and most critical priority should be identifying these kinds of data and going to rapidly secure them against the quantum threat so that they cannot be decrypted long into the future. Now that we’ve talked about data, we’ve talked about making a plan, we can break it down a little bit in terms of the systems you’re gonna be looking at and the expected difficulty and complexity of that. Andrew, do you wanna pick that up?

Andrew Gault

Yeah, I mean, I really think of this as a Y2K moment for this decade for cryptography. The risk isn’t just isolated to one system or one team, just like Y2K, we have to go through all our systems and complete a modernization and we have to discover, assess, patch, replace, reconfigure, or just basically review and touch everything in some way.
So when we think about how painful that might be, we think of four main buckets. So the lowest difficulty is probably new products in development. I think it’s pretty obvious what you should do here, implement now before technical debt builds up and classical encryption is future technical debt. The only decision is whether to build or buy a PQC solution. And of course, keep in mind, this is not just about data at rest, it’s also data in transit over the network too.

Next up, we have the more moderate difficulty. That’s usually where you use a vendor system or tool. So as we covered previously, handling these vendors is not inherently difficult, but it’s serious, it’s potential. You’ve got to call the vendor, ask if they’re already quantum resistant. It might be a simple case of making some configuration changes.

And if not, well, you’re going to have to require updates, replacements, scheduled updates, can obviously get a little messy because you’re going to have to orchestrate between internal teams and the vendor. And of course, all the vendors, vendors in turn, right? Hopefully there’ll be no need to tear out and replace anything. Next up, we get to the more highly difficult things. This is the custom software that we all run internally.

So these applications are going to have to be, again, inspected to put them into some kind of crypto agile posture. We’ve got to try and test that new cryptography. And again, there’s probably some vendors that may or may not be obvious in the background that we’re going to have to talk to. And of course it can get much harder when the original developers are no longer in your organization, or maybe the architecture is poorly documented, or the app needs reworked by a new team, or maybe an AI assistant agent before we can run it with modern cryptography. And then lastly, extreme pain, all those legacy systems that we all still have knocking around that no one touches because they just work.

Well, unfortunately we’re now going to have to go and look at them and touch them. There might be a lot of existing debt in there like RC4, MD5, or smaller breakable keys that may already be behind in their cryptographic posture. And so now we’ve got to virtualize, encapsulate, or maybe even retire and completely replace these legacy systems. They often don’t communicate using the protocols we use today, and direct updates can be very difficult. I think the biggest point to make here is that your inventory can’t stop at the systems you own.

You’ll also need to account for the third-party systems that hold keys, manage trust, protect your data on your behalf, and that’ll include many SaaS platforms as well as upstream vendors. Think of it a little bit like SOC 2, but for cryptography, you need visibility into who’s holding cryptographic responsibility for you, and whether they are ready for what comes next. So once you have a quantum defense plan, the next question is, who makes that plan actually work? This will depend on several key factors. The way we think about it, it comes down to three, compliance, performance, and agility.

There may be more factors that matter for your organization, but a failure in any one of these areas would be problematic, both in the near-term and long-term. So jumping back to compliance, it’s an ever-evolving field, and it’ll ultimately need to maintain parity with all the emerging regulatory frameworks. That means actively monitoring for standards as they’re released and updated, not just checking in once a year. Remember that timeline we just showed you earlier? These things are continually improving, and the dates are moving, usually earlier.

So this will mean building relationships with not only the standard bodies, but also post-quantum experts and the governmental groups and organizations that shape these requirements. And the relationships do matter because implementation is where the compliance will get real. You should work closely with your vendors and suppliers, especially, to determine their quantum posture. Do they provide cryptographic transparency? Are they maintaining a prioritized Q-BOM?

And is their stack also architected in an agile manner? This is mission critical for fully air-gapped, self-hosted, or sovereign deployments where external updates are not easily done or in some way restricted. And from a risk perspective, everything is closer than it feels. 2027 is a marker for national security, and 2031 is basically everyone else. Underpinning everything, of course, is the need to focus on the technical implementation of actual compliance that matters for forward-looking PQC today.

Specifically, we have NIST FIPS 140-3 and PQC with FIPS 203 for key exchange, that is the ML-KEM algorithm, and FIPS 204 and 205 for upgraded digital signatures. They, in turn, use ML-DSA and SLH-DSA. Implementations you use should have CAVP validation, CMVP certification, and they also pay attention, of course, to other NIST evolving standards like SP 800-208, which covers sensitive data signatures, plus international standards like ETSI and NCSC. So that’s compliance. Lennon, let me hand back over to you to talk a little bit about performance.

Lennon Day-Reynolds

Yeah, thanks. So first, cryptographic algorithms, particularly post-quantum cryptographic algorithms, are computationally expensive. Now, this affects a lot of aspects of your systems, but in particular, any system that depends on timing, latency, or other performance characteristics. So some examples, monitoring, real-time logistics, any kind of teleoperation, end-to-end latency and bandwidth utilization are critical to those. So post-quantum cryptography hardens those systems, but you need to maintain the performance characteristics that make them acceptable for your application.

That includes, of course, raw throughput, how much bandwidth can this push on your deployed systems? But other resources that you need to think about are CPU utilization that directly impacts power as well as the scalability of your deployed systems, the memory footprint and usage. This is true from a server to an IoT device. Many of these post-cryptographic algorithms require keys that literally won’t fit in the most modest microcontrollers you might have deployed. And so you need a layered approach to put the PQC protections in place without having to rip out or replace every one of those effective embedded systems with something more robust.The best possible solution is gonna offer you

the same security properties and performance guarantees from mobile devices to user laptops to data center-scale deployments. Finally, that third pillar, agility. We keep coming back to this because it’s important. This is not an all-at-once sort of process and you need to be able to do it while maintaining operations and uptime for all of your systems. So first, look for a seamless migration.

Look for something that can be dropped into place with your existing architecture and your existing applications without ripping out and re-architecting everything. Next, a rapid response posture. Vulnerabilities will occur. Libraries will prove to have bugs. Algorithms will be slightly revised.

You’re gonna need to be able to move quickly and you’re gonna need to move quickly as you find systems that have slipped through the net of your inventory and audit. Next, compliance is much simpler when you’re using systems that are designed with it in mind from the get-go, as opposed to trying to shoehorn it in once you understand the compliance requirements. Finally, future-proof your investment. That agility should carry forward. It’s not just now, but it’s later.

As standards and technologies improve, you want to rely on the same platforms and tools and vendors that you do for your near-term migration. One important point, because so much of this is related to network access, network communications, your network itself needs to be able to evolve alongside the cryptography that you’re applying. If you have those hardware devices, those dedicated systems that are managing your network and they can’t easily be updated and configured to address the changes that you’re making as part of your PQC migration, they will drag you down and they will make your migration harder, slower, and more expensive. So with that, now that we’ve got you properly scared, let’s talk about ZeroTier Quantum and how it can make a lot of these problems much easier to address. Angelo, you wanna get into it a bit?

Angelo Rodriguez

For sure, thanks, Lennon. So let me talk you through how ZeroTier One fundamentally works. So if we look at this example, you’ve got two devices that are on your desk, your smartphone, your laptop, that are six inches apart, but in network space, they’re 4,000 miles from each other. Your packet leaves your phone, travels and hits 13 different hops, 13 different systems that are potential man-in-the-middles, 13 opportunities for your data to be harvested. ZeroTier really collapses all that.

We abstract the network down to a local switch with one hop. Your devices look like they’re sitting on the same land, regardless of their physical location or the physical network, your attack surface shrinks to the IP stack, and that’s it. It doesn’t matter if you’re roaming from Wi-Fi and LTE or moving country to country, the super secure connection just follows you. ZeroTier helps teams to simplify secure networking by abstracting away the complexity of fragmented and fragile networks that are oftentimes really difficult to maintain. We help our customers build networks using ZeroTier that are simple, that are resilient, that are secure.

It’s all about direct encrypted peer-to-peer connections. We build an overlay network that works across last mile providers, across the various connection types. It’s deployed behind firewalls and NAT gateways and cloud VPCs, really any other infrastructure that might be between you and your devices. The entire thing, the entire setup and platform is self-healing. It’s continuously finding and working and optimizing paths so that for all of your devices on your network.

So if a last mile hop changes or a link goes down, the ZeroTier agent will find an alternative. We’ll reroute, we’ll bring the connection back up automatically. Now, setup is really fast. You install one small software agent on each connected device. You click create network and go.

There’s no dedicated hardware, no port forwarding or firewall rules to manage and no centralized cloud concentrator or API or provider that all of your traffic has to route through. Everything’s end-to-end encrypted and again, passed directly between the peers on your network. Only the trusted peers that you select are allowed onto the network. Others just simply get dropped. All of your devices have a unique, durable, cryptographic identity that’s based on a key pair.

So you build your network by simply picking the devices by ID that you wanna have included and we create an instant virtual ethernet network that’s containing all of them. Your data stays entirely private. It doesn’t transit our servers or our cloud infrastructure providers. We don’t have encryption keys for any of your traffic. We don’t see it.
It’s all up to you. And whether your devices are static or they’re mobile or roaming between ISPs, you get the same robust connectivity and security and control over how all of them are connected. So that’s ZeroTier One. Now, what happens when that threat model is a quantum computer that can alter the identity around the sources of communication or break the encryption, protecting every one of those connections I just talked about? That’s where ZeroTier Quantum comes in.

It’s a wholly new platform built completely from the ground up. It’s written in Rust. So it’s memory safe out of the box. It’s designed to defend against these types of attacks. It’s in fact the only platform of its type in the world today.

So you can think about ZeroTier Quantum in two primary parts, primitives, if you will. These are two foundational pillars that everything else is built around. The first is the distributed overlay. So this contains a resilient data plane that provides ethernet and IP at global scale with post quantum cryptography native to the protocol instead of bolted on. The second is a distributed security model still based on zero trust, but completely new.

In ZeroTier Quantum, there’s no centralized trust authority to compromise that the policy enforcement happens locally on the node. The control plane is resilient. And so it lacks a single point of failure. A device can be taken offline. Configuration changes can continue to be distributed to all of the remaining devices.

And then when that other device comes back online, it’ll securely pick up the configuration from the rest of its peers. So we’re also working on some exciting new features that are really leaning into the growing automation needs that enterprises are continuing to ask about and explore. And so I’d say for those of you who are a ZeroTier One users, you’re familiar with our platform, all the connectivity benefits like UDP hole punching, NAT traversal, configuring to any topology. And of course the fastest multi-pathing available are all present in quantum. So if you’re thinking about building a post quantum defense around an existing ZeroTier network, please reach out to us.
Next to kind of understand where ZeroTier fits in the stack, I think of it as an independent, but kind of integrated layer. ZeroTier Quantum provides secure connectivity and enforcement as an overlay. So sitting between your applications, workloads, devices and the underlying physical network, whether that’s the internet, WAN, cloud or any physical network. A helpful way to kind of think about this is the traditional OSI model. So at the top, you have your applications, your workloads, users, devices.

Underneath that you have your actual communication layers. So layer two, layer three, where systems need to connect and move traffic securely. ZeroTier Quantum sits in the middle as a secure network overlay that provides you both resilient connectivity and both identity and data transit security.

Andrew Gault

I want to really dig deep into how we stand out here. So as we mentioned earlier, quantum risk has been known for some time and thus some development of PQC solutions have occurred in the market beyond ZeroTier Quantum.
But while there are some options, many of them are half solutions. And it’s not always clear what that is. The marketing messaging can be confusing and you must be extremely careful understanding what a purported solution actually is. They may secure one part of the stack, one protocol, one narrow use case, but they don’t always solve the bigger networking problem end to end. They may also not be fully NIST or FIPS compliant.
For example, several solutions in the software space focus only on key encapsulation, which can secure the data in transit. This can help maybe with Harvest Now, Decrypt Later attacks by securing a recorded session. However, they often do not protect the authentication used to verify who you’re talking to. A quantum computer can still perform a real-time man-in-the-middle attack by spoofing a server’s identity using broken classical signatures like RSA that we talked about before. Obviously, this is a real problem.

Similarly, there are one-off limited solutions for hybrid certificates to try and address shortcomings of these bolt-on solutions. However, they require separate infrastructure and code, and it can get messy very quickly. ZeroTier Quantum, on the other hand, stands apart in several key ways and doesn’t share many of these risks. By leveraging a decade of learnings from ZeroTier 1 and building in post-quantum cryptography, memory safety, and our new fully distributed architecture from the ground up, that means it’s not just bolting on PQC to an existing product. It’s been fundamentally designed for this mission that we’re talking about today from the start.

So using just one other example of why this matters, consider a downgrade attack, a threat pattern we’ve seen many times before. This is where an attacker forces a platform to switch from a more secure or modern protocol to an older, less secure one. It’s often possible because this has maintained legacy support to ensure compatibility. In the context of post-quantum cryptography, though, this is a critical concern. If you have a bolt-on solution and the sidecar stops running or your keys stop rotating, the network may be running perfectly, but you are fully exposed to a quantum attack.

This is a stealthy exposure, potentially. You might not even be aware of the situation until after the fact. ZeroTier 1 was known for its robust, reliable connectivity. It supported multi-pathing, multi-homing, relaying over UDP and TCP, and it’s used by many customers in life or death missions. With its new distributed architecture, ZeroTier Quantum is even more robust.

No connectivity is required with a central controller. The network can split, recover, and peers will synchronize the latest control plane and governance configuration between themselves automatically. So the difference is practical. ZeroTier Quantum is designed to protect the network layer where real communication happens, provide highly secure, reliable connectivity without forcing teams to redesign every application or replace the infrastructure they already rely on. Simply put, ZeroTier Quantum is the only software-defined, end-to-end post-quantum networking platform on the market.

Before I transition over to Angelo, I’ll just add that because of the technical hurdles, this is all very hard to do. But ZeroTier Quantum is specifically designed to be that security foundation needed for a truly quantum-safe network.

Angelo Rodriguez

Thanks, Andrew. So it’s not a half solution or a narrow protocol fix. It’s designed to protect both identities and the network layer where real communication happens with PQC.

Now let’s revisit the four categories of cryptographic risk and effort that we talked about earlier, but this time we’ll show you exactly where ZeroTier provides a solution and at what level. We’re gonna use the same framework here, but through a product lens. So starting with the new products, kind of low difficulty, the priority here is to implement now. So the decision is whether to build or buy PQC. This is especially true for data in transit, where you have a cleaner opportunity to protect data moving across your networks before more technical debt starts to build up.

So for companies building new products like drones or military equipment, where resilient connectivity and communications are a core or even essential component, the question isn’t whether to add post-quantum cryptography, it’s what’s the best way to do it. Because we’re a software platform, you can embed ZeroTier Quantum once, and then every device that you ship inherently or inherits a quantum safe overlay automatically. We remove the hardware refresh dependency and you get a quantum agility straight out of the box. In addition to many other benefits like a distributed control plane and offline connectivity, most networking incumbents are years away from this. So none of them have a solution that is quantum ready today.

We’re first to market, which means, for anyone building a solution with networking needs, ZeroTier Quantum can be integrated in their solution today. We see this as a check plus plus to use us. Moving over now to kind of the moderate difficulty, the vendor supported category. As we discussed previously, handling vendors is not necessarily difficult, but it’s a serious and potentially large project or undertaking. You’ll need to call the vendor and ask when they’ll be PQC ready, inquiring about updates, replacements, and scheduled upgrades.

This can be a bit of a mess because it often requires orchestration and discussion goes downstream from the vendor to all of their suppliers. But let’s be real. Many vendors are gonna have planned upgrade paths, new products and a roadmap and a solution to sell you. So this is a place, and in many cases, might be an appropriate plan for your PQC journey. But vendor lock-in, the risk there is real and vendor diversification, particularly when purpose-built solutions are better are both significant considerations.

Also, as you’ve outlined, movement towards software-based solutions will also avoid the hardware updates and upgrade cycles, which can be problematic in a post-quantum world. I mean, even as recently as this last week, there were a range of routers that were used in homes and small businesses that were hacked. And so we’re seeing these threats increase. The threat landscape is changing really quickly. Additionally, we have, with current ZeroTier platform customers, ZeroTier Quantum can be intermixed with other solutions to provide wrapped or defense-in-depth types of strategies.

Lastly, cost may be a consideration, but software platforms like ZeroTier Quantum scale easily and are less expensive to operate and can even extend your existing hardware’s lifecycle. For custom software, this requires transitioning apps to crypto agile posture and testing new cryptography. This is harder when original developers are gone, architecture is undocumented, or the app needs reworking by new teams or AI agents before it can support modern crypto. Quantum can be used directly via API integration. So to handle network communications, if the original source code is available, this is similar to how ZeroTier One has been used in thousands of use cases, but with an entirely new and much stronger platform.

Of course, if the development team is no longer around or the source code has been lost, ZeroTier Quantum is still an ideal solution because it runs at the network layer as an overlay. You’ll create a network, you’ll install clients and join. Your existing software or application will be mapped as if it’s local and runs seamlessly. In either scenario, working with or without code and developer support, you have a solution with ZeroTier Quantum. Let’s kind of move over to the legacy systems where I think it gets really painful because this involves addressing significant existing debt.

So luckily, ZeroTier Quantum can really help here. Now, some of the most complex environments and also some of the ones with the most urgent need. So think manufacturing, critical infrastructure, industrial IoT, cyber physical systems, organizations that are running logic controllers like PLCs that have been running for decades on outdated protocols that aren’t being replaced anytime soon and they’re leveraging end-of-life products with specialized maintenance personnel just to keep all those parts moving. For example, enterprises that are using legacy PLCs and SCADA controllers, they can’t just tell their plant manager they need a 90-day OT refresh window, nor is it practical for most businesses to rip out and replace major or even minor systems in this type of situation. But CISA is escalating, insurance carriers are going to be pricing in PQC postures and the Harvest Now, Decrypt Later is a serious threat against ICS data and operational signatures.

Any exposure point can and will be exploited. The answer to these challenges isn’t a major hardware refresh. It’s techniques like virtualization, encapsulation. A lot of the techniques we’ve talked about throughout this presentation and other methods of abstracting the risk where it can be effectively dealt with. An overlay network like ZeroTier Quantum can rapidly help solve this challenge.

It can also be deployed immediately instead of taking months and months of effort. Additionally, as we outlined previously, a hyper-efficient memory and performance footprint also allows for potential on-device solutions, even in IoT or in out-of-band devices. So the use case for companies in the manufacturing, industrial IoT space is real. We can rapidly speed up the timeline to implementation and quantum safety. So in short, ZeroTier Quantum provides a path to implement quantum defense for all classes of problems, for new products, for bridging or replacing vendor gaps, also as a path to address custom software and a solution for legacy systems or cryptographic debt that may be extremely difficult to deal with in any other way.

Andrew Gault

Awesome. Thanks, Angelo and Lennon as well. Those are some great examples of ZeroTier Quantum and the role it’s going to play. We’ve been working for many years on this, informed by our customers, and very excited to have shared all that. So just before we jump to some Q&A, I’d love to just wrap up the main section here very briefly. So we talked about the introduction to the quantum threat, talked about PQC mandates and compliance and how that’s going to change over the coming years.

We spoke about developing a quantum defense strategy and of course, critical success factors in that strategy. We’ve now introduced ZeroTier Quantum and all its amazing new features and improvements beyond zero to one, and we think the rest of the industry. And of course, we touched on some key use cases we hear from our customers and how ZeroTier Quantum could be put into play. So with that, let’s move into the Q&A portion. So we received a ton of interest in ZeroTier recently and a new quantum platform with many, many questions.

So let me see here. I think we’ll start with the most obvious one. Actually, when will ZeroTier Quantum be available? Great question. So the good news is we’re already live and available.

We are currently working with select early customers, largely in defense and highly regulated industries with our initial release candidates. We’re incorporating their usage and technical feedback into future release candidates. We expect GA or the general release for ZeroTier Quantum in Q3 of this year. This release will be packaged API first, developer facing, a product we’re gonna brand as ZTQ Core or ZeroTier Quantum Core. It’s focused mostly on sovereign deployments for enterprise and government buyers.

We’ll roll that out as a full package with a robust CLI for scripting and operational control, SDK like support and extensive documentation to ensure integration software teams can reach working prototype within minutes or hours. Our goal is to provide an API driven, low friction integration experience that functions entirely within the customer’s perimeter without any SAS or external dependencies. The next obvious question then is what’s the roadmap? What’s next? So we’re gonna start obviously with the GA release as I outlined.

That’s a full featured launch and we think it’s perfect for just about any new development or replacement tech stack that is migrating to post quantum security or is an overlay to dramatically speed up moving to a post quantum security posture. Keep in mind today, we did not discuss much about ZeroTier’s resiliency and connectivity capabilities in detail. We have a lot, lot more to share in this area and all of it though is currently built into what’s available today. After GA, we’ll keep releasing more and more features for ZeroTier Quantum over the coming months and the year after. We have a whole target list planned.

We’d expect multiple more operating systems, enhanced operating system support, further tooling and packaging enhancements. And as Angelo mentioned, a ton of cool automation features for both the admin and endpoint level. Each of these feature updates will support all of the network postures ZeroTier is well known for, including SaaS, Cloud, sovereign deployments and full air gap. And of course, down the road, we will be integrating ZeroTier Quantum into our SaaS and our central platform, which will give humans and users UI level control over ZeroTier Quantum and ZeroTier One. So I see a number of questions coming from what looks like existing customers and maybe some new ones.

Would you like to jump in, Angelo?

Angelo Rodriguez

Sure. Yeah. Thanks, Andrew. Let’s see.

Is this part of ZeroTier One?

This is a question that we get a lot. ZeroTier Quantum is a separate product from ZeroTier One. We don’t have any plans to retire ZeroTier One. ZeroTier One remains kind of the foundational connectivity solution for millions of devices all over the world. Our introduction of ZeroTier Quantum is really an expansion of our ecosystem that’s designed to provide high performance, a mission ready alternative for regulated industries facing emerging quantum threats.

So we’re ensuring that we have a secure solution for every tier of networking needs. Let’s see, how are we charging for ZeroTier Quantum? What’s the price? Each deployment really is tailored for a specific scale, security or compliance needs, whether it’s air gap support or private route infrastructure. Pricing is custom quoted.

We recommend connecting with our sales team for a consultation to build a package that fits the specific requirements for your mission or project.

Okay. What are the plans for bespoke solutions integrating ZeroTier Quantum? Will you have engineers supporting companies working on these types of projects? For sure.

So we spent a lot of the last year kind of getting ourselves scaled up to support enterprises and building a customer success team to help ensure customers are set up well for success in implementing and integrating ZeroTier. We also have a pre-sales engineering team and resources to help our customers kind of navigate how to effectively leverage and use ZeroTier, how to integrate it. And we have a number of solutions for companies that are looking for a kind of custom development or integration work, and a number of plans and support options available for enterprises that are looking for extended hours or improved SLAs or anything like that. So absolutely happy to talk to anyone who is interested in having a conversation with us about that. I see a technical question or two, Lennon, if you want to jump in there.

Yeah, that’d be great.

Lennon Day-Reynolds

I like this one. So how does ZeroTier Quantum protect long lived connections? And this is a particular term, does it support perfect forward secrecy? So for a little bit of background, perfect forward secrecy is the idea that even if I’m able to steal or break one key that’s used at some point in a long running connection or series of messages, that doesn’t break wide open the entire stream.

I can’t go forward or back in time, that key is only relevant to a small window. ZeroTier Quantum has been designed that way from the start because it’s designed for always on connectivity. So that could be IOT, teleoperation, and critical infrastructure monitoring. So we actually have leveraged a core technology called PQ noise, which is an extension of the noise protocol framework used extensively in cryptographic research and a lot of tools you probably use today or have heard of like Signal, the secure messaging app. PQ noise extends on noise and its guarantees to provide post quantum safe cryptography on top.

So the upshot of that is every session is continuously evolving to have new keys. You cannot reverse one key and get access to the entire dataset. And that gives you the data at rest that we talked about before, that gives you long-term protection for your data. A single broken key, a single downgraded session doesn’t mean that the entire history is blown wide open. All right, this is another great one.

So how does ZeroTier go about testing and verifying the claims for the security of ZeroTier Quantum? Cryptographic systems are notoriously hard to build correctly. It’s not just about selecting an algorithm and an architecture. If you have any unsafe use of memory, timing attacks, failures in how you handle key material, it can be just as bad. And so while we’ve had the benefit of seeing ZeroTier One deployed on millions of devices for more than a decade, and we’ve learned a lot about how to manage and secure and harden systems in that kind of deployment, but we’re doing better.

We’ve learned a ton, the industry and the research have moved on substantially. And so we’ve really attacked that in a couple of ways for ZeroTier Quantum. The first one is using a secure by design philosophy. So like Angelo mentioned, we built ZeroTier Quantum in Rust that gives us memory safety and protects against a huge swath of the kinds of security vulnerabilities, again, particularly at the network edge that can result in the compromise of keys, sessions or code execution on the host that’s running the service. We’ve also put all of the core engine code and cryptography for ZeroTier Quantum under the microscope for external robust audits and certification.

So we’ve built an architecture that’s secure, we’ve chosen algorithms that are secure, we’ve chosen a language and an environment that’s robust, and we’re checking ourselves with external verification to make sure that you’re not just bringing up a new system that is its own target for attacks.

Andrew Gault

Okay, so I think I’m gonna jump in there. We’re coming up on time. So don’t worry if you didn’t get your question just now, we’ll post a full Q&A FAQ on our website after the webinar, and we’ll answer all the questions we got and couldn’t get to, and of course, a recap of the answers that we just went over. So thank you for joining us today.

If you have any questions about any of the terminology we discussed today, please refer to the glossary of terms on our website. In the meantime, you can stay up to date on all the latest ZeroTier news and announcements on our LinkedIn page, and keep an eye out for our next webinar, to focus in much more detail on the rich features and functionality of ZeroTier Quantum. And in case you need anything, we also have a quantum inbound email box set up, quantum@zerotier.com.

Thanks again, and have a great day.