PQC � Post-Quantum Cryptography
Post-Quantum Cryptography (PQC) refers to cryptographic algorithms that are designed to be secure against attacks from both classical and quantum computers. As large-scale quantum computers become feasible, they will be able to break widely used public-key algorithms (RSA, ECC, DH) in minutes � threatening the security of every digital system from banking to national defense.
Why Post-Quantum Cryptography Is Urgent
| Current Algorithm | Quantum Threat | Timeline |
|---|---|---|
| RSA-2048 | Broken by Shor’s algorithm | Estimated 2030�2035 |
| ECDSA / ECDH (P-256) | Broken by Shor’s algorithm | Estimated 2030�2035 |
| AES-256 | Weakened (Grover’s), still safe at 256-bit | Manageable � double key sizes |
| SHA-256 | Weakened (Grover’s), still safe | Manageable � use SHA-384/512 |
“Harvest now, decrypt later” � Adversaries are already collecting encrypted data today, planning to decrypt it once quantum computers are available. Any data with a secrecy requirement beyond 2030 needs PQC protection now.
NIST PQC Standards (Finalized 2024)
After an 8-year evaluation process, NIST standardized three primary PQC algorithms:
Key Encapsulation Mechanism (KEM)
| Standard | Algorithm | Family | Key Size | Performance |
|---|---|---|---|---|
| FIPS 203 (ML-KEM) | CRYSTALS-Kyber | Lattice-based | 800�1568 bytes | Very fast |
Digital Signatures
| Standard | Algorithm | Family | Signature Size | Performance |
|---|---|---|---|---|
| FIPS 204 (ML-DSA) | CRYSTALS-Dilithium | Lattice-based | 2420�4627 bytes | Fast |
| FIPS 205 (SLH-DSA) | SPHINCS+ | Hash-based | 7856�49856 bytes | Slower, but minimal assumptions |
Comparison with Classical Algorithms
| Metric | RSA-2048 | ECDSA P-256 | ML-DSA-65 (PQC) | SLH-DSA (PQC) |
|---|---|---|---|---|
| Public key size | 256 bytes | 64 bytes | 1952 bytes | 32�64 bytes |
| Signature size | 256 bytes | 64 bytes | 3309 bytes | 17088 bytes |
| Quantum-safe | ? No | ? No | ? Yes | ? Yes |
| Standardized | Yes (legacy) | Yes (legacy) | Yes (FIPS 204) | Yes (FIPS 205) |
PQC for Embedded Systems & IoT
PQC has specific challenges for embedded and IoT devices:
Challenges
- Larger key and signature sizes � ML-DSA signatures are ~50� larger than ECDSA, impacting bandwidth and storage.
- Higher computational cost � Lattice operations require more RAM and CPU cycles than ECC.
- OTA update impact � Signed firmware updates become larger, affecting update time over constrained networks (LoRaWAN, NB-IoT).
- Hardware acceleration � Dedicated PQC accelerator IP blocks may be needed for constrained devices.
Solutions
- Hybrid cryptography � Run both classical (ECDSA) and PQC (ML-DSA) signatures during the transition period.
- Hardware PQC accelerators � FPGA and ASIC implementations of lattice operations for IoT.
- Secure element updates � Vendors like STMicroelectronics, Infineon, and NXP are adding PQC firmware upgrade paths to existing secure elements.
- FPGA-based PQC � FPGAs enable field-upgradeable cryptographic cores without silicon respins.
PQC and EU Regulations
The EU Cyber Resilience Act (CRA) requires products to use state-of-the-art cryptography. As NIST PQC standards are now final, PQC adoption is becoming a compliance consideration:
- Products with long operational lifetimes (10�15 years for industrial IoT) must protect data that will still be confidential when quantum computers arrive.
- European Cybersecurity Certification Scheme (EUCC) is expected to require PQC readiness for high-assurance certifications.
Migration Timeline
| Phase | Period | Action |
|---|---|---|
| Assessment | 2024�2025 | Inventory all cryptographic dependencies (CBOM) |
| Hybrid deployment | 2025�2028 | Dual classical + PQC for critical systems |
| PQC-primary | 2028�2030 | PQC as default, classical as fallback |
| PQC-only | 2030+ | Full migration, deprecate RSA/ECC |
Related Terms
- Secure Boot � Firmware verification that must migrate to PQC signatures.
- HSM � Hardware modules that need PQC algorithm support.
- EU Cyber Resilience Act � Regulation requiring state-of-the-art cryptography.
Our embedded security architecture includes PQC readiness assessment � identifying which cryptographic primitives in your product must transition to post-quantum algorithms, and designing FPGA-based PQC accelerators for constrained embedded devices.
Official References
- NIST Post-Quantum Cryptography Standards � FIPS 203, 204, 205 � NIST, Computer Security Resource Center