Abstract
Standards-based PQC TLS upgrade without hardware redesign
The Challenge
IIoT and embedded devices rely heavily on TLS to secure connectivity to cloud and backend services. These devices are expected to remain deployed in the field for 10–20 years, while quantum-enabled attacks are projected to become realistic within the same timeframe. As the industry transitions toward post-quantum and PQ/T hybrid TLS, embedded teams face structural barriers. For example, PQC integration into TLS is resource-intensive, putting pressure on brownfield devices with fixed RAM/flash that cannot be upgraded. In addition, many TLS stacks require custom crypto integration, and manufacturers are looking for standardized PQC to avoid vendor lock-in. Chip vendors also face ecosystem challenges, such as the lack of ready-to-use PQC reference integrations. Certification and interoperability requirements remain high, and there is a risk of fragmentation across SDKs. The result is a growing gap between what embedded teams can realistically deploy, and PQC-readiness requirements.
The Solution
PQShield delivers a standards-based drop-in PQC TLS stack built on:
- PQMicroLib-Core (PQC algorithms)
- PSA Crypto APIs (portable and interoperable abstraction)
- MbedTLS (TLS protocol layer and certificate management)
This architecture enables seamless migration to post-quantum secure communications without proprietary lock-in. PQMicroLib-Core provides groundbreaking PQC-enabled embedded PSA/TLS integration in a pure software deployment. It’s ideal for OTA upgrades, and is designed for constrained MCUs along a standards aligned integration path.
