Post-Quantum Cryptography—Securing Semiconductors in a Post-Quantum World

Quantum computing isn’t just a step forward. It's a leap. It has the potential to fundamentally upend computing and set an entirely new standard, allowing computers to solve complex problems and overcome optimization barriers that were previously thought impossible. 

Google recently achieved “quantum supremacy”—a theoretical benchmark at which a quantum machine performs a task far beyond the capabilities of a non-quantum supercomputer (Figure 1). The experiment, which Google carried out to demonstrate the potential of quantum computing, would have taken a classic supercomputer almost 50 years to complete. Much is said of the AI revolution, but quantum computing will prove to be the big game changer.
 

Figure 1. Google’s quantum AI computer. Image used courtesy of Google Quantum AI

However, while quantum computing promises to deliver extraordinary leaps forward in processing power, it also has the potential to render today’s public key cryptography obsolete. As semiconductor technology advances, the role of cryptography in securing integrated circuits has become core to their development.

Application-Specific Integrated Circuits (ASICs), are custom-designed for specific tasks, often embedded in devices in environments where security is critical, such as in communications, financial systems, and defense applications. The cryptographic algorithms embedded in these chips are the first line of defense against unauthorized access and data breaches. However, as quantum computing rises to supremacy, the cryptographic methods that have long protected these systems are now under threat. 

Quantum computers, unlike classical machines, can process complex calculations at unprecedented speeds, threatening to unravel the encryption that currently safeguards sensitive data. This looming challenge has spurred the development of Post-Quantum Cryptography (PQC), a new class of cryptographic algorithms specifically designed to resist quantum attacks. These algorithms are not just theoretical. They are rapidly being integrated into the next generation of ASICs, ensuring the products using these specialized chips remain secure against future quantum threats. 

The Evolution of Cryptography in ASICs

Hardware accelerators are preferred over software implementations for cryptographic functions in ASICs due to several key advantages. Firstly, they offer significantly lower latency and higher throughput, meeting the stringent performance requirements of modern applications. Secondly, by offloading cryptographic tasks from the CPU, hardware accelerators reduce the overall load on the system’s main processor, allowing it to handle other critical tasks more efficiently. Lastly, hardware accelerators enhance security by providing dedicated, tamper-resistant environments for cryptographic operations, which are less vulnerable to side-channel attacks. 

Initially, classical cryptographic algorithms like AES (Advanced Encryption Standard) and RSA (Rivest-Shamir-Adleman, named after the three inventors who pioneered it) provided robust enough security for data in sectors ranging from finance to telecommunications. These algorithms, based on the principles of symmetric and asymmetric encryption, were embedded into ASICs as hardware accelerators to ensure that sensitive data remained protected during transmission and storage. However, as conventional computational power increases and threats become more sophisticated, the limitations of these algorithms have begun to surface. 

Both are vulnerable to brute force attacks, where hackers use trial and error to guess an encryption key. Until recently, brute force attacks on AES or RSA encrypted systems were virtually impossible or would take so long to achieve that it was barely worthwhile. While AES with 256 key size is still considered secure against quantum computers, in 2023, one researcher discovered a flaw in RSA that has existed for more than 25 years, but it’s only as computing power has evolved that this flaw has begun to pose a real problem. 

This has led to the development of advanced techniques such as Elliptic Curve Cryptography (ECC), Elliptic Curve Digital Signature Algorithm (ECDSA) which are higher performance, more secure, smaller key size, replacements of RSA. The ECC/ECDSA algorithm is computationally much more complex than RSA and in nearly all use cases require hardware acceleration.

These algorithms with relatively compact hardware accelerators can be used in resource-constrained environments like embedded systems. However, even these algorithms will eventually be thwarted by quantum computing as it becomes more readily available. A quantum computer has the potential to solve complex mathematical problems, like factoring large prime numbers, exponentially faster than classical computers, rendering current encryption methods like RSA, ECC, and ECDSA potentially vulnerable, while AES with 256 key size is still considered secure against quantum computers.

The Rise of Post-Quantum Cryptography (PQC)

This impending threat has accelerated the shift towards PQC, signalling a new phase in the evolution of cryptography hardware accelerators within ASICs.

PQC algorithms are specifically designed to be secure against the power of quantum computing. Among the most promising are CRYSTALS-Kyber, an asymmetric key encapsulation mechanism to replace the functionality of the ECC algorithm and CRYSTALS-Dilithium, a lattice-based digital signature scheme to replace the ECDSA.

Both have been now standardised by the National Institute of Standards and Technology (NIST) as part of their post-quantum cryptography standardization process. These PQC algorithms are an order of magnitude more complex than the classical algorithms generally requiring hardware acceleration for the majority of application use cases. For backward compatibility most systems will also be required to support classical cryptography as well. 

The silicon resources of a cryptographic accelerator depend on the cryptographic operations to be supported, performance required (signing/key generation time or throughput) and the maximum bits in the key size you need to support for each type algorithm (Table 1).
 

Table 1. Overview of cryptography algorithm complexity

Integrating these algorithms into ASICs is not just a theoretical exercise but a necessary step in future-proofing digital security. By adopting PQC, we can ensure that our critical infrastructure remains secure even as quantum computing becomes more widespread, marking a critical moment in the evolution of cybersecurity. 

Implementation Timelines and Legislation

Implementing PQC now is crucial to proactively safeguard sensitive data against future quantum threats, preventing potential data harvesting attacks. A data harvesting attack, often referred to as a “harvest now, decrypt later” attack, involves adversaries stealing encrypted data today with the intention of decrypting it in the future once quantum computers become available. This type of attack poses a significant risk, as data harvested now could be vulnerable to decryption in the future, compromising its confidentiality and integrity.

The risks associated with quantum computing were once as ethereal and difficult to define as the technology itself—a problem that felt so distant it was hardly worth worrying about. Technology waits for no one, however, and as the risks associated with quantum computing become more apparent, governments and regulatory bodies are stepping up efforts to enforce stronger cybersecurity measures.

Recent legislation, such as the EU Cyber Resilience Act, mandates that devices, including ASICs, incorporate more advanced security features to protect against emerging threats, including quantum threats. This legislation is driving a wave of redesigns and upgrades, as companies strive to ensure that their products meet these new standards and are resilient against both current and future vulnerabilities. This legislation is set to enter into force by the end of 2024, with manufacturers required to place compliant products on the market by 2027.

The United States Department of Homeland Security (DHS) has provided guidance (Figure 2) on the timescales for the implementation of PQC. DHS has stated that each using organization should develop a plan for systems transitions upon publication of the new post-quantum cryptographic standard (August 2024) and be fully prepared by 2030 when they believe quantum computers are potentially available. They also state the transition plans should consider creating cryptographic agility to facilitate future adjustments and enable flexibility in case of unexpected changes. The full infographic is available on the DHS website.

Figure 2. Timeline from DHS’s ‘Preparing for Post-Quantum Cryptography Infographic.’ Image used courtesy of Department of Homeload Security.

The push for PQC is not just about staying ahead of technological advances; it’s increasingly a matter of regulatory compliance. As these laws take effect, companies that fail to adopt PQC and other enhanced cryptographic measures risk not only data breaches but also legal and financial penalties. The integration of both classic cryptography and PQC algorithms in ASICs is therefore becoming a critical strategy for companies looking to secure their products in an era of heightened cybersecurity awareness. 

What Does This Mean For The Product Landscape?

Classical and PQC cryptographic accelerators are becoming essential building blocks in any ASIC, to the extent that they are now likely to be as significant as the selection of a CPU. The first ASICs likely to incorporate these accelerators will be those used in network infrastructure, where high throughput requirements necessitate hardware accelerator support. For ASICs of 28 nm and below, the silicon overhead is manageable, making it a viable option to future-proof ASIC technology. 

The adoption of these technologies is already in progress. PQC and classical hardware accelerator libraries are being developed and licensed. However, given the long development cycle (typically 2–3 years) of these complex ASICs, FPGA-based (Field-Programmable Gate Array) accelerators will serve as a bridging solution, quickly migrating to an ASIC if volumes and performance demand it.

Unlike traditional processors, which execute instructions in a predefined sequence, FPGAs can be programmed to implement custom hardware circuits tailored to particular workloads. A companion ASIC would use classical encryption to secure the connection to the main system ASIC and add high-throughput PQC functionality via PCIe or similar low-latency, high-speed serial protocols.

In 2025 it’s likely that “post-quantum readiness” will become a major selling point for many networking, communication and industrial products in the coming years, but whatever the product—PCQ support is no longer something that can be ignored. 

Featured image used courtesy of EnSilica