Site Search

Why is PQC necessary now? – Secure boot and FPGA design concepts for the quantum age.

1. Introduction: Why PQC now?

Research and development of quantum computers have progressed rapidly in recent years, and the risk of conventional public-key cryptography schemes such as RSA and ECC being broken in the future is becoming a realistic concern.

In particular, Shor's algorithm suggests that if large-scale quantum computers become practical, currently widely used cryptographic foundations could be cracked in a short amount of time. 

 

This risk is exacerbated by the "Harvest Now, Decrypt Later" attack scenario. In this scenario, attackers store encrypted data that cannot be decrypted at present for an extended period, and then attempt to decrypt it in the future when quantum computers become practical. Therefore, systems handling data that requires long-term protection already need to implement countermeasures. 

 

Furthermore, the need to comply with legal regulations in various countries is gradually progressing. For example, the European Cyber Resilience Act (CRA) specifies that among the security characteristics required of products, "encrypting relevant dataat rest or in transit by state of the art mechanisms"(*1)is required. In this context, "state of the art" refers to Public-Key Cryptography (PQC).

※ 1:European Union " REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL "

 

Against this backdrop, the transition to quantum-resistant cryptography (PQC: Post-Quantum Cryptography) is accelerating, and PQC implementationis progressingin general products.

For example, Hewlett Packard PCshave a feature that protects the lowest level firmware with the PQC algorithm,which indicates that PQC is required when securely booting hardware devices such as the CPU (*2).

*2: Tech & Device TV"Prescription for 'Quantum Computer Attacks' - What is a Hardware-Based Defense Strategy Using PQC?" 

2. What is PQC (Post-Quantum Cryptography)?

PQC (Post-Quantum Cryptography) is a general term for cryptographic algorithms designed to maintain security even against attacks by quantum computers.

While traditional cryptography relies on the difficulty of prime factorization and discrete logarithm problems, PQCis based on mathematical problems that cannot be efficiently solved even with the computational power of quantum computers. 

 

Public-key cryptography and PQC algorithmsThe mechanism of RegardingFor those learning for the first time, "An Introduction to PQC: Learn with Illustrations" We have prepared a simple explanatory document. Please download it and use it as a reference for understanding the topic. 

An Illustrated Introduction to PQC
Document Image

 

 

Compared to traditional RSA and ECC, PQC generally tends to increase key size and computational complexity.Therefore, implementation presents new design challenges in terms of performance, memory, and power consumption. 

The main classifications of algorithms are as follows: 

 
Lattice cryptography, exemplified by ML-KEM and ML-DSA, is well-suited for hardware implementations that leverage high parallelism. 
Hash-based signatures, such as LMS and XMSS, are relatively simple, robust, and suitable for applications like secure boot. 

3. PQC Standardization and CNSA Guidelines

Towards the practical application of PQC, a standardization process led by NIST (National Institute of Standards and Technology) is underway, andin August 2024,ML-KEM (formerly Kyber) and ML-DSA (formerly Dilithium) were adopted as standards. As a result, PQC is moving from the research stage to the operational phase. 
 
Furthermore, the CNSA 2.0, developed by the U.S. National Security Agency (NSA), clearly outlines a schedule for transitioning to the PQC algorithm. This guideline strongly emphasizes the need for design that anticipates future system updatesand indicates that algorithms for signing firmware and other documents should be adapted to the PQC algorithm by 2030. 
 
In particular, in CPU/FPGA/ASIC/SoCdesign, the long lifecycle from development to product release and long-term field operation makes the gap with the transition schedule a major problem.In many cases, it is difficult to change the encryption algorithm later, so addressing this from the design stage is essential. 
 
Therefore,when implementing secure boot functionality in products, such as for CRA compliance, it is crucial to design devices that will be in long-term operation with PQC migration in mind. 

4. Implementation challenges: Software vs. Hardware

It is known that implementing the PQC algorithm on a CPU significantly increases the processing load compared to conventional cryptography. In particular, lattice cryptography requires large-scale matrix operations, leading to increased processing time and power consumption. 
 
Furthermore, in systems requiring real-time performance, increased latency becomes a significant problem. Therefore, if implemented using only the CPU, performance and power consumption issues may arise. 
 
Given this background, hardware acceleration is crucial for efficiently executing PQC. FPGAs excel at parallel processing and can flexibly adapt to changes in algorithm specifications, making them a promising platform for PQC implementation. 

5. Secure Boot and PQC: The Most Important Use Cases

Secure Boot is an important feature that prevents the execution of malicious code by verifying the legitimacy of the bitstream and firmware when the device starts up.

This Root of Trust forms the foundation that supports the security of the entire system. 

 
 
Traditional secure boot systems relied on public-key cryptography such as RSA and ECC, but the advent of quantum computers may threaten the security of these systems. Therefore, making secure boot systems quantized is a crucial issue for devices that will be in operation for extended periods. 
 
Implementing PQC in Secure Boot provides long-term security assurance for the future. Furthermore, the signature-based verification method is expected to improve attack resistance.

Its importance is even greater in systems that are difficult to update over long periods, such as industrial equipment and infrastructure applications. 
 
Thus, Secure Boot is the first target for PQC application and should be considered as a top priority indevicedesignand hardware development. 

6. Summary: Future PQC responses and design guidelines

While there is uncertainty regarding the practical application of quantum computers, the transition to cryptography will require a long lead time. This is especially true for embedded devices using FPGAs and long-term operational systems, where addressing the transition from the design stage is essential.

Therefore, PQC compliance is not a "future challenge" but rather a "design requirement that should be addressed immediately." 

 

Furthermore, PQC requires significantly more computation and memory than conventional cryptography, limiting its implementation in software alone. By utilizing hardware acceleration via FPGA, practical performance and power efficiency can be achieved. 

Among these,the Lattice MachXO5-NX TDQis a platform suitable for designs in the PQC era, as it is an FPGA with low power consumption, flexibility, and secure features.

It supports multiple PQC algorithms such as LMS, XMSS, ML-DSA, andML-KEM, achieving "crypto agility" that can adapt to future changes. For more details, please click the button below. 

Inquiry

Please feel free to contact us with any questions about product details or technical information.

Lattice Manufacturer Information Top