We are looking forward to exhibiting at Embedded World, Nuremberg on Stand No. 4-378.
Whether it’s quantum-safe secure boot, side-channel protection against physical attack, or PQC-secure TLS, PQShield demonstrates cryptography IP that’s ready for the next generation and beyond.
There’s little doubt that the advance in quantum computing poses a serious threat to legacy cryptography, and with regulatory compliance as drivers (CNSA 2.0, SPDM 1.4 and the CRA for example), post-quantum cryptography (PQC) is fast becoming a critical must-have for embedded systems.
PQShield’s UltraPQ Suite demonstrates post-quantum cryptography that’s designed to be ultra-small, ultra-fast and ultra-secure, providing the high performance and security you need, with the lowest footprint.
PQC Secure Boot Firmware/OS Verification upgrade in under 5KB RAM
Secure boot is a critical function for embedded systems, whether in networking equipment, industrial devices, or commercial IoT.
That’s why we’ve designed PQMicroLib-Core – providing ML-DSA Verify Only for secure boot, designed for ROM and early boot stages. It deploys in less than 5KB, proving that PQC can be utilized in low footprint environments. What’s more, PQMicroLib-Core is a software solution, making it deployable in brownfield devices, avoiding costly rip and replace of hardware units.
Side-channel protection with PQMicroLib-Core
It matters because embedded devices rely on long-lived cryptographic secrets, and in some cases these devices are expected to remain secure in the field for 10-20 years. Device identity keys, TLS authenticaion keys and firmware signing keys could be prime targets, not just for future attack, but also for interception today with a view to decrypting when the technology becomes available – the so-called Harvest-Now-Decrypt-Later attack (HNDL).
That’s why we’ve focused on side-channel protection for PQMicroLib-Core – providing state-of-the-art DPA (Differential Power Analysis) protection for ML-DSA Verify and ML-KEM Decapsulation. For brownfield devices, our countermeasures can be deployed in software updates, meaning no special hardware is required.
Meanwhile, for next generation greenfield devices, PQShield’s PQPlatform hardware provides DPA and Fault Injection protection, designed to provide high assurance.
Drop-in PQC secure comms TLS with PSA APIs and MbedTLS
This year at Embedded World, we’re also demonstrating PQC-enabled embedded TLS, featuring PQMicroLib-Core integrated with PSA Crypto APIs and MbedTLS. When it comes to interconnectivity, particularly of IoT devices, TLS is the standard protocol for communications, and with the advent of the quantum threat, as well as HNDL, TLS will need to incorporate hybrid and post-quantum key exchange.
That’s why PQShield developed a solution that fits constrained embedded devices. The use of standard, portable APIs provides flexibility in the face of changing threats, and helps future-proof security on existing solutions in the field.
PQShield’s mission is to keep the global supply chain protected against the cryptographic threats of tomorrow and today, and we know that much of that depends on the foundational layer of embedded devices.
Find out more about our products on our website, or alternatively come and find us on stand 4-378!