Post-Quantum Cryptography: Harvest Now, Decrypt Later

The Race Has Started

Quantum computing promises breakthroughs in medicine, materials science and artificial intelligence. But it also threatens the very foundation of digital security as it exposes. Asymmetric cryptographic algorithms like RSA and ECC, which protect everything from online banking to government secrets, could be broken in hours by a sufficiently powerful quantum computer using Shor’s algorithm. This looming threat has sparked a global race to adopt Post-Quantum Cryptography (PQC), a new class of cryptographic algorithms designed to withstand quantum attacks and protect sensitive data well into the future.

Quantum Decryption Starts Before Quantum Computing

Even though practical quantum computers may be years away, the risk is already here. Adversaries can harvest encrypted data today and decrypt it later once quantum capabilities mature—a tactic known as “harvest now, decrypt later.” This is particularly concerning for data with long-term value—such as classified government files, medical records or intellectual property—that must remain confidential for decades. For example, a smart meter in a home energy system must securely communicate for 10–15 years. Embedding PQC in its hardware warrants that it remains secure even as quantum threats emerge. That’s why governments and industries are moving fast to implement PQC—to confirm that today’s data remains secure tomorrow.

What Is Post-Quantum Cryptography?

Post-quantum cryptography refers to cryptographic algorithms designed to resist attacks from quantum computers. Unlike RSA and ECC, which rely on mathematical problems that quantum computers can solve efficiently, PQC algorithms are built on problems that remain hard even for quantum machines—such as module lattice-based constructions and hash-based signatures.

Classical vs. Quantum Impact:

• RSA/ECC: Vulnerable to Shor’s algorithm; impractical to scale key sizes for quantum resistance.
• AES/SHA: Only mildly impacted by Grover’s algorithm; doubling key sizes restores security.

One of the most promising foundations for PQC is module lattice-based cryptography. It relies on complex mathematical structures called numerical lattices, which are grids of points in multi-dimensional space. These lattices form the basis for cryptographic problems that are extremely difficult to solve—even for quantum computers.

Two key problems underpin lattice-based cryptography:

• Shortest Vector Problem (SVP): Finding the shortest non-zero vector in a lattice, which is computationally hard.
• Closest Vector Problem (CVP): Finding the lattice point closest to a given target point, also resistant to both classical and quantum attacks.

An advanced form known as module-lattice-based cryptography enhances efficiency and scalability, making it especially suitable for hardware implementation. These algorithms are the basis for NIST’s selected PQC standards, such as ML-KEM and ML-DSA, and are already being deployed in secure hardware solutions.

Aligning With CNSA 2.0 and NIST Standards

To address the quantum threat, the National Security Agency (NSA) introduced the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), which outlines the transition to post-quantum cryptographic algorithms. While CNSA 1.0 relied on public key algorithms that are now considered vulnerable to quantum attacks, CNSA 2.0 incorporates quantum-resistant alternatives. Notably, symmetric key cryptography—such as AES and SHA—can remain secure in a post-quantum world by simply increasing key sizes (e.g., AES-256).

When transitioning to CNSA 2.0, organizations must consider several key factors:

• Key and signature sizes: Post-quantum algorithms often require significantly larger keys and signatures, which can impact storage and transmission.
• Performance overhead: The time required to encrypt, decrypt, sign and verify messages may increase, especially on constrained devices.
• Bandwidth and protocol impact: Larger cryptographic artifacts can increase the amount of data transmitted over the wire, affecting network performance and protocol compatibility.

These considerations are critical when designing or upgrading systems that must remain secure for a decade or more—such as data center and edge products, smart meters, automotive ECUs or industrial control systems.

Government Mandates: CNSA 2.0 Timeline

The U.S. National Security Agency (NSA) has published the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), which mandates a phased transition to PQC:

Note: Industry trends are pointing to significant adoption of PQC algorithms in 2027 production platforms.

In addition to the NSA, organizations like NIST, ETSI and the German BSI are also driving PQC standardization, underscoring its global importance.

PQC in Hardware: A Critical Piece of the Puzzle

While much of the PQC conversation centers on software, hardware plays a vital role in enabling secure, scalable and efficient cryptographic operations. Hardware-based implementations of PQC algorithms offer several key advantages:

• Performance optimization: Hardware accelerators can execute cryptographic operations faster and with lower latency than general-purpose CPUs running software.
• Energy efficiency: Dedicated cryptographic hardware consumes less power than software running on a CPU, which is especially important for battery-powered or embedded devices.
• Tamper resistance: Hardware can be physically hardened to resist probing, fault injection and other forms of physical attack.
• Secure key storage: Keys can be stored in isolated, non-exportable memory regions, reducing the risk of leakage or unauthorized access.
• Reduced attack surface: Hardware implementations can minimize exposure to software vulnerabilities such as buffer overflows or side-channel timing attacks.
• Consistency and reliability: Hardware modules often operate with predictable timing and behavior, which helps mitigate timing-based side-channel attacks.

Embedded systems, secure elements, SoCs, GPUs, etc. are increasingly being designed to support PQC, supporting long-term viability and compliance with emerging standards.

Hybrid Cryptography: Bridging Today and Tomorrow

Hybrid mechanisms combine pre-quantum (Classic Cryptography) and post-quantum algorithms:

• Key Establishment: Use both ECDH and ML-KEM, then derive a shared key via KDF.
• Signatures: Concatenate ECDSA and ML-DSA signatures; both must validate.

This approach provides resilience against both classical and quantum threats during the transition period.

Microchip’s PQC-Ready Hardware

We are actively supporting the post-quantum transition with a growing portfolio of hardware solutions designed to meet the emerging FIPS 203, FIPS 204 and FIPS 208 specifications. These solutions are engineered to enable secure implementations across the full range of application domains outlined in the CNSA 2.0 migration timeline—from firmware signing and secure web services to legacy systems and specialized equipment.

The MEC175xB embedded controller family was the first in our lineup to support PQC-readiness for low-power laptops and industrial applications. Detailed information on the MEC family is available under NDA by requesting documents through the Secure Document-Request Access tab in the myMicrochip Secure Document Extranet (SDE).

Following that, the Switchtec™ Gen 6 PCIe^® Switches were introduced with PQC support.

To further support secure deployments, we offer secure key provisioning services that allow customers to inject cryptographic secrets into hardware at scale—while maintaining end-to-end protection of keys throughout the provisioning and backend infrastructure.

Explore our PQC-ready portfolio and developer resources to start future-proofing your designs today.

Final Thoughts: The Time to Act Is Now

Post-Quantum Cryptography is not a distant concern—it’s a present-day imperative. With clear government mandates and real-world threats. Industries must begin their PQC journey today. Hardware solutions are a critical part of this transition, and our offerings provide a secure, flexible foundation for future-ready systems.

Secure your systems now—before quantum computers make today’s cryptography obsolete.