Is Wi-Fi Ready for the Quantum Threat?

Is Wi-Fi Ready for the Quantum Threat?

By Roméo Diaz, CWNE On 08/18/2025

Quantum computing is no longer a distant concept reserved for physics laboratories. With concrete advances in recent years and the emergence of the first quantum computers, a crucial question arises for all network professionals: are our Wi-Fi protocols ready to face this new reality? The answer, for now, is clear: no. And yet, everything is changing. In this article, we will explore the concrete threats that quantum computers pose to Wi-Fi security protocols (WPA2, WPA3) and the solutions already underway (WPA4, post-quantum cryptography).

A Brief Reminder

Quantum computing is based on physical principles radically different from those of classical computing. In a traditional computer, information is represented by bits, which can only take two states: 0 or 1. Quantum computers, on the other hand, manipulate qubits, which can be in a superposition of states — 0 and 1 at the same time with certain probabilities. Added to this is quantum entanglement, a phenomenon by which several qubits can become correlated in such a way that the state of one instantly influences the state of the other, even when separated by large distances. Thanks to these properties, a quantum computer can explore many possibilities simultaneously, whereas a classical computer must process them one at a time. This massive parallelism does not provide a universal speed-up, but it completely changes the game for certain fundamental mathematical problems... including those on which Wi-Fi encryption relies today.

WPA2 and WPA3 protocols rely on two main families of algorithms: asymmetric algorithms (RSA, elliptic curves/ECC) used for authentication and key exchange, and symmetric algorithms (AES) used to encrypt traffic once the key is established. The former owe their robustness to the difficulty of problems such as factoring large integers or computing discrete logarithms — tasks currently beyond the reach of even the most powerful supercomputers. The latter rely on the size of the key space to be explored in a brute-force attack. But these certainties are now shaken by the emergence of two major quantum algorithms: Shor and Grover.

Shor's Algorithm:

Developed in 1994 by mathematician Peter Shor, this algorithm caused a seismic shock in the cryptographic community. Its strength lies in its ability to solve, on a quantum computer, two problems considered extremely difficult for classical machines: factoring large integers and computing the discrete logarithm. The principle is based on the use of the quantum Fourier transform to detect the period of a mathematical function carefully constructed from the original problem. Once this period is identified, it becomes possible to quickly derive the prime factors of a large number or the exponent of a discrete logarithm. Where a classical computer would require exponential time, a quantum computer using Shor's algorithm can achieve this in polynomial time — changing everything. The consequences for Wi-Fi are direct. RSA, still present in certain WPA2-Enterprise implementations (TLS authentication), and ECC, at the heart of Diffie-Hellman exchanges in WPA3-SAE or OWE, would be completely broken by Shor.

Grover's Algorithm:

Two years later, in 1996, physicist Lov Grover developed another algorithm that, without destroying symmetric cryptography, significantly weakens its resistance. Grover does not attack the mathematical structure of algorithms as Shor does, but radically optimizes exhaustive search in an unstructured space (such as an unsorted list). By exploiting quantum superposition and a process called amplitude amplification, Grover can find the correct key in about √N steps instead of N for a classical search. In other words, it halves the exponent of the complexity of a brute-force attack. For AES-128, this means that effective security drops to the level of AES-64 against a quantum attacker — a level insufficient in the long term. In contrast, AES-256 sees its security reduced to that of AES-128 in the classical world, which remains acceptable for now. In the Wi-Fi context, where AES is used to encrypt frames (AES-CCMP or AES-GCMP), Grover does not make communications immediately vulnerable, but it does require increasing key sizes to maintain a sufficient security margin.

State of the Threat

Current Wi-Fi security protocols, whether WPA2 or WPA3, rely on classical cryptographic primitives (RSA, elliptic curves, AES) whose robustness comes from the difficulty of well-known mathematical problems. This robustness is only valid against traditional computers. The arrival of quantum computing radically changes the situation. With Shor's algorithm, a sufficiently powerful quantum computer could quickly factor large numbers or solve the discrete logarithm, thus destroying the security offered by RSA and ECC. Concretely, WPA2-Enterprise often relies on a TLS or EAP exchange with RSA 2048-bit certificates to authenticate the server; in a quantum scenario, an attacker could break this asymmetric key and compromise authentication. WPA3-Enterprise, better equipped with its CNSA-aligned 192-bit suite (ECDH P-384, AES-256...), still relies on ECC and remains vulnerable to Shor in the long term.

WPA3-Personal also illustrates this fragility. The SAE (Simultaneous Authentication of Equals) protocol is based on elliptic curves to securely exchange a key without revealing the password. While SAE resists offline dictionary attacks, a quantum computer could solve the discrete logarithm used in SAE and extract the shared key from intercepted exchanges. OWE (Opportunistic Wireless Encryption), used to encrypt open networks, suffers the same weakness: its Diffie-Hellman exchange would be vulnerable to a quantum attack, allowing an adversary to compute the key and spy on hotspot traffic.

Symmetric ciphers fare better... but not indefinitely. While no known quantum algorithm can directly break AES, Grover still halves the exponent of brute-force complexity. Thus, AES-128, which requires 2^128 operations classically, would require only about 2^64 in the quantum world — insufficient security in the long term. This is why AES-256 is becoming the new standard for sensitive environments. WPA2 and WPA3 use AES-CCMP or AES-GCMP to encrypt frames: these ciphers will remain secure if the key size is increased, unlike asymmetric algorithms, which must be replaced entirely.

The main short and medium-term risk therefore lies in the exposure of authentication and key exchange mechanisms. Worse still, the threat is not only prospective: an attacker could record WPA2/WPA3 exchanges (handshake, SAE, or EAP) today and store them. The day they have access to a powerful enough quantum computer, they could decrypt them and retroactively access the transmitted data. This is the well-known Harvest Now, Decrypt Later scenario, already taken very seriously by the industry.

Why WPA3 Does Not Eliminate the Risk

Despite its advances over WPA2 (notably against the KRACK attack) and its more robust encryption, WPA3 does not natively integrate quantum-resistant cryptography. The Wi-Fi Alliance acknowledged as early as 2018 the need to move to post-quantum cryptography by the time quantum computers become available (2028–2030). As of now, no existing Wi-Fi protocol version is intrinsically resistant to a quantum-enabled attacker. The urgency is real: we must prepare the transition to post-quantum cryptographic primitives within future IEEE 802.11 standards.

Ongoing Solutions

Facing the growing quantum threat, the scientific community, standards bodies, and the Wi-Fi industry have already started adapting protocols to remain "quantum-resistant." Several complementary approaches are emerging:

Updating existing protocols: WPA2 and WPA3 suites will need to be replaced or reinforced with quantum-safe equivalents. For example, WPA3 could evolve to use a post-quantum key exchange instead of SAE, and post-quantum signatures instead of RSA/ECC certificates. Enterprise authentication (EAP-TLS) will also need to migrate to post-quantum TLS 1.3+, possibly using hybrid suites combining classical and post-quantum algorithms (e.g., Kyber or Falcon).

Introduction of WPA4: Expected around 2027–2028, WPA4 will likely embed post-quantum algorithms by default, probably from lattice-based cryptography. It could use a post-quantum Key EncapsulationMechanism (KEM) for PMK exchange and introduce dynamic session key renewal to reduce exposure windows.

Strengthening symmetric keys: Moving from AES-128 to AES-256 maintains adequate security against Grover's algorithm. WPA3-Enterprise already offers a "192-bit suite" (AES-256-GCM, SHA-384), recommended for quantum-readiness. Increasing integrity key sizes (HMAC-SHA-256 → HMAC-SHA-384/512) will also be necessary.

Dynamic key management: Shortening key lifetimes and rotating them more frequently will limit the usefulness of compromised keys. WPA3's Perfect Forward Secrecy is a good start, but more adaptive rekeying based on threat levels or data sensitivity could be implemented.

Adoption of Post-Quantum Cryptography (PQC): PQC algorithms are designed to resist Shor and Grover, relying on hard problems like lattices, error-correcting codes, and super singular isogeny curves. NIST's 2022–2023 standards include CRYSTALS-Kyber (key exchange) and CRYSTALS-Dilithium (signatures).

Quantum Key Distribution (QKD): Using entangled photons for key exchange offers theoretically unbreakable security. While QKD works over fiber and satellite links, adapting it to Wi-Fi is challenging due to hardware constraints, range limits, and mobility issues. It might be used in niche fixed, high-security wireless backhaul scenarios.

Wi-Fi networks must evolve to face the quantum computing era. This means a transition to protocols reinforced by post-quantum cryptography — a transition already underway with WPA4's planned quantum-resistant algorithms. The challenge is massive: updating millions of devices, coordinating manufacturers, and training professionals. For Wi-Fi experts, the next five years will be decisive. Testing, experimenting, and planning for this transition now is essential to avoid a sudden disruption when practical quantum computers arrive. In the longer term, quantum technology could also become a tool for optimization, orchestration, and enhanced network security with future Wi-Fi generations and 6G. Before reaping those benefits, however, the industry must clear this critical hurdle: bringing Wi-Fi into the post-quantum era. The window to act is narrow, and every month counts. Those who act now will ensure the confidentiality and resilience of their networks for decades to come.

Tagged with: Quantum Computing, Wi-Fi Security, WPA2/WPA3/WPA4, Post-Quantum Cryptography, Network Encryption, Wireless Networking, Cybersecurity Trends, Shor’s Algorithm, Grover’s Algorithm, AES-256 Security


Blog Disclaimer: The opinions expressed within these blog posts are solely the author’s and do not reflect the opinions and beliefs of the Certitrek, CWNP or its affiliates.

Success Stories

I literally just came out of the testing centre having taken the CWDP exam. The certification process opened my mind to different techniques and solutions. This knowledge can only broaden your perspective. Great job, CWNP, you have a great thing going on here.

-Darren
Read More

Working through the CWNP coursework and certifications helped not only to deepen my technical knowledge and understanding, but also it boosted my confidence. The hard work it took to earn my CWNE has been rewarding in so many ways.

-Ben
Read More

I want to commend you and all at CWNP for having a great organization. You really 'raise the bar' on knowing Wi-Fi well. I have learned a ton of information that is helping my job experience and personal career goals, because of my CWAP/CWDP/CWSP studies. Kudos to all at CWNP.

-Glenn
Read More