First stage boot constraints when attempting deployment with PQ/T (hybrid)
It’s possible that devices have a long life span. In certain industries, embedded components could be in use long after the point at which quantum computing becomes a relevant threat. This makes it all the more important for devices to be quantum ready today. However, mandated crypto-agility and PQ/T make it difficult to apply in situations where resources like silicon area, memory, and energy consumption are constrained. Additionally, for secure boot for embedded devices, the public key is fixed in the hardware and can’t be updated post-manufacture.
The solution
Our PQPlatform family of products can deploy hash-based signature schemes, as well as lattice-based cryptography algorithms specified by the NIST standards. LMS and XMSS are the only two quantum-safe algorithms that can be deployed in a non-hybrid configuration, and unlike the newer algorithms, are likely to require fewer parameter adjustments in future. This makes LMS and XMSS ideal for verification in first stage boot loaders. We can optimize for resource-constrained devices, connecting to the main CPU of the embedded device, allowing much shorter secure boot times.
