PQShield – one step ahead of the quantum threat

When it comes to the security of tomorrow, the time to prepare is today, and at PQShield, we’re focused on shaping the way the digital world is protected from the inevitable quantum threat. We deliver real-world, quantum-safe hardware and software upgrades, and it’s our mission to help modernize the legacy security systems and components of the world’s technology supply chain.

Based in the UK, PQShield began as a spin-out from the University of Oxford, and is now the largest collaboration of post-quantum cryptographers under one roof, anywhere in the world. We’re also world-leaders in advanced hardware side-channel protection, and we’re a source of truth, providing clarity to our stakeholders at every level. With teams across 10 countries, covering EU, UK, US and Japan, we’ve been involved in the PQC conversation globally, working with industry, academia, and government.

Within a decade, the mathematical defenses that currently keep online information safe will be at risk from a cryptographically relevant quantum computer, sufficiently powerful to break those defenses. In fact, even before quantum technology exists, there’s a significant risk of ‘harvest-now-decrypt-later’ attacks, poised to extract stolen information when the technology to do so becomes available. We believe it’s critical that industries, organizations, governments, and manufacturers are aware of the threat, and follow the best roadmap to quantum resistance.

This is a critical moment. With the recent push for legislation in the US, such as NSM-10 and HR.7535, as well as CNSA 2.0 and the National Cybersecurity Strategy, federal agencies and government departments are now mandated to prepare and budget for migration to full PQC by 2033. Meanwhile in Europe, organizations such as ANSSI (French Cybersecurity Agency) and BSI (German Federal Office for Information Security) have published key recommendations on deployment scenarios, and in the UK, the National Cyber Security Centre (NCSC) are recommending next steps in preparing for post-quantum cryptography. International influence is also growing quickly. We recently presented at the European Parliament, attended a roundtable discussion at the White House, and we’ve been key contributors to the World Economic Forum on regulation for the financial sector. There’s no doubt that the world is waking up to the quantum threat.

PQC is also finding its way into major applications. Recently, Apple unveiled a major update, introducing their PQ3 protocol for post-quantum secure iMessaging. This follows Signal’s large-scale update to post-quantum messaging (referencing PQShield’s research in this domain), as well as Cloudflare’s deployment of post-quantum cryptography on outbound connections. Google Chrome version 116 also includes hybrid PQC support for browsing, and AWS Key Management service now includes support for post-quantum TLS. Other providers are certain to follow.

In addition, the publication of the finalized NIST PQC standards, 2024 is set to kickstart even more widespread awareness and adoption. It’s certainly a point that the team at PQShield have been working towards; our ‘think openly, build securely’ ethos has helped us contribute directly to the NIST project, and we’ve created a portfolio of forward-thinking solutions using the expected algorithms. Our products are already in the hands of key customers such as Microchip, AMD, Raytheon, Tata Consulting Services, and many more.

PQShield’s goal is to stay one step ahead of the attackers, and we believe our security portfolio can help. With our FIPS 140-3-ready software libraries, our side-channel protected hardware solutions, and our embedded IP for microcontrollers, we’re aiming to provide configurable products that maximise high performance and high security for the technology supply chain. We’ve understood the reality of the quantum threat, and at PQShield we’re focused on helping the world to defend against it.