The advent of quantum computing poses significant threats to classical public-key cryptographic primitives such as RSA and elliptic-curve cryptography. As many critical network and security protocols depend on these primitives for key exchange and authentication, there is an urgent need to understand their quantum vulnerability and assess the progress made towards integrating post-quantum cryptography (PQC). This survey provides a detailed examination of nine widely deployed protocols - TLS, IPsec, BGP, DNSSEC, SSH, QUIC, OpenID Connect, OpenVPN, and Signal Protocol - analysing their cryptographic foundations, quantum risks, and the current state of PQC migration. We find that TLS and Signal lead the transition with hybrid post-quantum key exchange already deployed at scale, while IPsec and SSH have standardised mechanisms but lack widespread production adoption. DNSSEC and BGP face the most significant structural barriers, as post-quantum signature sizes conflict with fundamental protocol constraints. Across all protocols, key exchange proves consistently easier to migrate than authentication, and protocol-level limitations such as message size and fragmentation often dominate over raw algorithm performance. We also discuss experimental deployments and emerging standards that are shaping the path towards a quantum-resistant communication infrastructure.

翻译：量子计算的出现对RSA和椭圆曲线密码学等经典公钥密码原语构成了重大威胁。由于许多关键网络和安全协议依赖这些原语进行密钥交换和身份验证，迫切需要了解其量子脆弱性，并评估在集成后量子密码学（PQC）方面取得的进展。本综述详细考察了九种广泛部署的协议——TLS、IPsec、BGP、DNSSEC、SSH、QUIC、OpenID Connect、OpenVPN和Signal协议——分析了它们的密码学基础、量子风险以及PQC迁移的当前状态。我们发现，TLS和Signal在过渡中处于领先地位，已大规模部署混合后量子密钥交换，而IPsec和SSH虽已标准化相应机制，但尚未大规模生产采用。DNSSEC和BGP面临最显著的结构性障碍，因为后量子签名大小与基本协议约束相冲突。在所有协议中，密钥交换的迁移始终比身份验证更容易，而消息大小和分片等协议层面的限制往往比原始算法性能更为关键。我们还讨论了正在塑造通往抗量子通信基础设施之路的实验性部署和新兴标准。