Secure boot with PQC – the practical challenge for embedded devices
Secure boot is essential for embedded devices. That’s because it’s a process that creates a cryptographic chain in which every piece of software verifies the digital signautre of the next piece, allowing it to execute, forming the foundation of a root of trust. It’s a key target for attack. With the quantum threat in play, guaranteeing the security of embedded devices is more difficult for a number of reasons:
- PQC algorithms actually increase RAM, flash, and key size requirements, putting extra pressure on limited memory resources.
- Brownfield devices cannot usually afford to be redesigned, making rip-and-replace not a feasible option.
- Products often need to remain in use for 10-20 years, a window in which quantum threats to their cryptography are extremely likely.
The challenge: how do you deploy post-quantum cryptography without exceeding the available memory space, and, crucially, in a way that is sustainable without a costly hardware redesign?
PQMicroLib-Core
PQShield’s solution is PQMicroLib-Core, an extremely small cryptographic library that packs all the power of the latest post-quantum algorithms. It’s been specifically designed to add NIST-standardized quantum resilience to early boot and ROM stages in under 5 KB, allowing device and chip manufacturers to introduce PQC signature verification to the secure boot chain. Additionally, because it’s deployed by software, there’s little need to change silicon or replace hardware architecture, making cryptographic agility simple, and protecting long-lasting devices in the field for years to come.