The Quantum Clock is Ticking: Why Post-Quantum Security Can’t Wait

Continuing our focus on Cybersecurity Awareness Month, we examine how today's security preparations will determine the fate of data already being stolen by adversaries who plan to decrypt it once quantum computing arrives.

In our last issue we explored today’s most imminent threats and the legislative and regulatory imperatives driving mitigation measures. Today we look forward at the looming challenge of the quantum threat. We’ll boil down what you need to worry about now as you prepare for pre-quantum attacks and their post-quantum repercussions and summarize the global response and what it means for compliance planning. We’ll also give you a look at what Microchip is doing in the arena of Post Quantum Cryptography (PQC) defenses and leave you with some resources for digging deeper into these subjects.

Understanding the Threat

While there is debate over whether practical quantum computers are five, 10 or even 50 years away, the sheer scope of the cryptographic disruption they threaten is already reshaping how the world is approaching security strategies.

The issue is this: it only takes .1 milliseconds to compute or create the RSA and Elliptic-Curve Cryptography (ECC) algorithms of public-key encryption and with classic computers it takes quadrillions to septillions of years to break. Quantum computers will reduce that task to a matter of hours.

Unfortunately, it won’t be practical to simply increase the key size with RSA and ECC algorithms because today’s pre-quantum systems will then need 100 days to compute the algorithm input to protect data from future decryption.

For an overview of these and other issues related to post quantum cryptography, watch our recent Ask Our Experts episode:

Watch on YouTube.

This is why the world is adopting PQC algorithms now. The “harvest now, decrypt later” strategy being employed by cybercriminals is the greatest threat currently posed by quantum computing. As Fast Company notes, this future mass data-decryption threat is particularly acute for stolen data with a long shelf life, like medical records, legal documents, financial agreements and key intellectual property. The data you’re protecting today may outlive the encryption securing it.

Taking the right steps now will neutralize that threat and turn attention to the benefits of quantum computing. As the National Institute of Standards and Technology (NIST) says in this explainer, these benefits include the potential to accomplish many tasks that involve the interplay of complex variables, from drug design and simulations of complex molecules to the classic “traveling salesman” problem — finding the most efficient route through a number of destinations.

Governments and industries are mounting a coordinated response to quantum threats, working to secure systems while enabling quantum computing's revolutionary capabilities.

Quantum-Resistant Response Takes Shape, Including Compliance Requirements

Recognizing this urgency, governments worldwide are establishing quantum-resistant frameworks like the U.S. National Security Agency ’s Commercial National Security Algorithm Suite 2.0 (CNSA 2.0). This framework mandates post-quantum readiness for federal systems by specific deadlines, with software and firmware requiring implementation this year and exclusive use by 2030.

The European Union has launched a more infrastructure-based approach with its Quantum Europe Strategy, aimed at fostering a resilient, sovereign quantum ecosystem that fuels startup growth and market-ready applications. As explained in this Forbes article, by 2030 the EU intends to deploy fully operational quantum-safe communication networks across member states as a steppingstone toward a federated quantum internet.

Meanwhile, the landmark standardization of the first three post-quantum cryptographic algorithms in August 2024 by the U.S. National Institute of Standards and Technology (NIST) provides the technical foundation organizations need to begin the transition. These post-quantum encryption standards secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy, and NIST is encouraging computer system administrators to begin transitioning to the new standards as soon as possible.

As a result of these efforts, you will increasingly see standards-based post-quantum algorithms being integrated into a growing variety of semiconductor products. The algorithms will join other defense-grade security features including anti-tamper mechanisms and a secure enclave for secure boot and platform integrity.

As this IEEE Spectrum article points out, every computer, laptop, smartphone, self-driving car or IoT device will have to fundamentally change the way they run cryptography. A new class of quantum-resistant semiconductor products is making it easier to protect data now from decryption later, and to meet compliance requirements as deadlines approach. These products implement quantum-resistant cryptography in immutable hardware to block attack paths that are possible on software implementations.

For instance, embedded controllers are now available that include NIST-standardized Module-Lattice-Based Digital Signature Algorithms (ML-DSA), Merkle stateful hash-based Leighton-Micali Signature (LMS) verification and Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM). This provides quantum resistance without the vulnerabilities of software-only approaches.  Microchip has done this with its MEC175xB devices to help ensure long-term data protection without compromising existing functionality.

Likewise, high-performance microprocessors are beginning to feature post-quantum cryptographic capabilities in addition to features like Time-Sensitive Networking (TSN) for mission-critical applications. An example is Microchip’s quantum-resistant PIC64HX MPU, designed to solve the emerging challenges of artificial intelligence, real-time processing and quantum-resistant security while addressing the unique demands of intelligent edge designs.

Hardware-based approaches like these also offer superior security against side-channel attacks that could expose cryptographic keys through power consumption or timing analysis, while the immutable implementation prevents tampering.

The Path Forward

The transition to post-quantum cryptography isn’t a single project, it’s a fundamental shift requiring crypto-agility throughout our systems.

Organizations should begin now by considering steps like:

Inventorying cryptographic assets across their entire infrastructure, including embedded systems, cloud services and third-party integrations.

Adopting hybrid approaches that combine traditional and post-quantum algorithms, providing security against both classic and quantum attacks while standards continue evolving.

Engaging with suppliers and vendors to understand their post-quantum roadmaps and ensure compatibility across the supply chain.

 Leveraging a hardware-based approach to assist with the transition to PQC defenses. This requires that devices be flexible enough to support both the CNSA 1.0 and CNSA 2.0 cryptographic standards through configurable secure boot solutions so disruptive overhauls aren’t required in the future. Look for solutions with sufficient computational resources for complex cryptographic operations without excessive power consumption.

A Responsibility We Share

As we reflect on cybersecurity’s evolution this October, post-quantum computing represents both our greatest opportunity and most critical challenge. The organizations that act now to address cybersecurity threats, before quantum computers achieve cryptographic relevance, will not only protect their own assets but also contribute to a broader digital landscape that is less target-rich for cyber-attackers.

The quantum clock is ticking, but we’re not powerless against it. Through thoughtful preparation, innovative engineering and collaborative industry effort, we can build systems that protect data from future decryption and remain secure as we enter the quantum age. The question isn’t whether quantum computers will break today’s encryption–it’s whether we’ll be ready when they do.

Ready to explore post-quantum solutions for your next design? Learn more about quantum-resistant approaches and the tools available to help you prepare for tomorrow’s security challenges:

● Microchip Blog: Could Brute Force Attacks in a Post-Quantum Computing World Lessen the Time It Takes to Gain Entry?

● Microchip Video: Shields UP #15 - Post Quantum Suite Q™ for Embedded Devices

● Microchip Video: Shields UP #6 - The Importance of Quantum Resistance for Critical Security Functions

● Microchip Press Release: Microchip Expands 64-bit Portfolio with High-Performance, Post-Quantum Security-Enabled PIC64HX Microprocessors

● Microchip Press Release: Microchip Brings Hardware Quantum Resistance to Embedded Controllers

Learn more about specific Microchip solutions for post quantum cryptography:

● MEC175xB: These embedded controllers offer integrated PQC support—including ML-KEM, ML-DSA and LMS algorithms—to future-proof embedded platforms.

● PIC64HX: This family of microprocessors (MPUs) are designed for mission-critical applications that demand high-performance edge computing, Time-Sensitive Networking (TSN) Ethernet connectivity and switching, defense-grade security including post-quantum cryptography and unparalleled fault tolerance and reliability.

Thanks for diving into this edition of the Microchip Insider. Subscribe to stay ahead of the curve on embedded innovations, industry trends, and the technology shaping tomorrow's infrastructure.

Connect with us across our channels:

LinkedIn | X | Facebook | Instagram