Joppe Bos, Cryptographic Research at NXP Semiconductors featured on the first episode of the latest IoT Unplugged season, as he discussed his work on standardising post-quantum cryptography (PQC) alongside the more general advantages of standardising PQC algorithms, as there is a growing, industry-wide push towards quantum-safe cryptographic solutions.
Bos highlighted the evolving threat of quantum computing which, if realised, could render existing cryptographic algorithms obsolete and result in widespread security and economic disruption. Although experts estimate a quantum computer capable of breaking cryptographic algorithms may be 10 to 15 years away, the focus is on complying with emerging PQC standards rather than waiting for the threat to materialise.
“For industry, the big question is not, when will we see a powerful enough quantum computer which poses a significant risk,” said Bos. “The big question is when will these post-quantum security standards be out there, and when do we need to comply with them?”
The migration to PQC is a complex, long-term process. Transitioning from established cryptographic systems is particularly challenging for hardware-dependent solutions like IoT devices and ATMs, which have lengthy life cycles. The industry is focusing on ensuring that secure boot processes and over-the-air updates are quantum-safe, enabling smoother transitions in the coming years.
One key lesson from the development of PQC standards is the differing security and performance priorities across industries. While Cloud providers prioritise speed, embedded systems manufacturers like NXP focus on memory efficiency and resilience against physical attacks. Hybrid cryptographic solutions, combining classical and quantum-resistant algorithms, are expected to be a temporary industry standard to ensure security during the transition.
Bos advised businesses to start preparing for PQC now by conducting a cryptographic inventory to understand where their systems rely on encryption and to anticipate the impact of migration. The transition will involve challenges such as increased key sizes and the integration of PQC into existing security protocols. Companies should engage with security vendors and standardisation efforts to ensure adaptation to a post-quantum world.
To hear ZJ’s insights into low-code software, listen into the full podcast episode, which is available on Spotify, Apple Podcasts and at the link below.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.