[Blog] Crypto-Agility and Hardware Trust: Preparing for Q-Day

The transition to post-quantum cryptography (PQC) is not a theoretical future event. It is the largest cryptographic migration in modern history, already shaping product roadmaps, standards bodies, and infrastructure planning across servers, AI datacenters, telecom, industrial automation, and critical systems.

In this interview, we sat down with Mamta Gupta, a leader driving Lattice’s quantum-safe security strategy, to discuss Quantum Day (Q-Day) readiness, crypto-agility, Security Protocol and Data Model (SPDM), the role of FPGAs, and the future of trust anchored in hardware.

Why Quantum Changes Everything

Q: How do you see the timeline for Q-Day impacting enterprise security planning today?

A: The timing pressure of Q-Day for enterprises doesn’t come from speculating when quantum computers will arrive. It comes from the combination of Harvest-Now-Decrypt-Later (HNDL) threats and the multi-year migration window required to fully transition critical systems. Attackers are already harvesting encrypted data with long-term value, such as healthcare archives, corporate and state secrets, proprietary industrial logs, firmware signing records, AI training data, and more. When quantum computers achieve cryptographic relevance, that stolen dataset becomes instantly exploitable.

Meanwhile, enterprises need years to update identity systems, firmware signing, authentication flows, device attestation, secure provisioning, code-signing infrastructure, and cross-vendor interoperability. This is not a software-only patch cycle.

The regulatory side is especially clear:

• CNSA 2.0 is now the defining requirement for organizations doing business in the U.S.
• Servers and telecommunications systems must begin transitioning by 2026.
• All other federal-aligned or regulated systems are expected to transition by 2030.

The result is simple: we are already in the transition period. The companies that start now will be compliant, interoperable, and trusted. The companies that wait will run out of runway, leaving themselves and potentially their customers at risk.

Post-Quantum Cryptography & Crypto-Agility

Q: What does crypto-agility mean in practice for organizations facing PQC migration?

A: Crypto-agility means your system can adapt as cryptography changes without redesigning hardware or rewriting your entire security stack. In practice, it means separating cryptography from system architecture. With crypto-agility, you should be able to move from ECC to ML-DSA and to the next PQC algorithm without breaking your boot flow, identity, attestation, or provisioning.

Benefits include:

• Supporting transitional modes for real-world supply chains that require classical backward compatibility as vendors transition to PQC as the default.
• Enabling secure, hardware-anchored updates in the field. PQC migration must use devices that can safely rotate keys, update certificates, or adopt new algorithms without losing trust.
• Preparing for algorithm churn—not just innovation. Different nations and regulatory bodies may adopt different PQC choices or move at different speeds. Our low power FPGAs can support geo-specific cryptography, letting systems meet U.S., EU, and APAC requirements without lengthy silicon cycles.
• Designing for uncertainty. PQC is still evolving; parameters may shift, and security standards may update. Crypto-agile systems absorb those changes smoothly.

In short, crypto-agility isn’t a “nice to have” anymore. It’s the only realistic way to operate through the next decade as PQC standards mature globally. Crypto-agile FPGAs make this possible.

Lattice’s Role in the Quantum-Safe Trust Stack

Q: How is Lattice addressing CNSA 2.0 compliance and modern cryptographic strategies?

A: Our approach to addressing CNSA 2.0 compliance and modern cryptographic strategies is straightforward: deliver a hardware Root of Trust and control-plane architecture that is fully aligned to CNSA 2.0 requirements and capable of absorbing future post-quantum evolution.

Key elements include:

• ML-DSA and ML-KEM acceleration in hardware for both bitstream protection and user data
• XMSS/LMS anchoring for long-lived identity and bitstream protection
• PQC-wrapped provisioning flows for secure manufacturing and lifecycle trust /li>
• SPDM 1.2 and 1.4 with PQC-ready key establishment and attestation
• Instant-on hardware enforcement for boot, recovery, and platform integrity
• Lifecycle security — anti-rollback, hierarchical key management, monotonic counters, secure debug, authenticated update

There is a growing conviction that post-quantum security must be built around provable, hardware-anchored trust to provide long term resilience and protection.

Q: Why are low power FPGAs pivotal for post-quantum security in edge and industrial systems?

A: Edge, Industrial, and telecom platforms sit at the intersection of determinism, low power, and long lifecycles. PQC disrupts all three, and low power secure FPGAs solve this precisely:

• Deterministic execution for PQC algorithms and control-plane enforcement
• Physical isolation from the host processor — essential for trust anchors
• Silicon flexibility to absorb future algorithm changes
• Ultra-low power profiles are ideal for radios, industrial gateways, automotive systems, and power-sensitive infrastructure
• Lifecycle viability across deployments that last 10–15 years

We believe PQC is fundamentally a hardware problem, and low power FPGAs are the most efficient and practical way to implement quantum-safe trust at scale across the edge and industrial markets.

Beyond Algorithms: The Technology Ecosystem Driving Quantum-Safe Adoption

Q: What technology initiatives is Lattice pursuing to accelerate quantum-safe adoption?

A: We’re building a complete quantum-safe manageability and control-plane stack, not isolated features, to address and accelerate PQC.

Major initiatives include:

• PQC-Protected Manageability Architecture: Quantum-safe authentication, control, telemetry, and lifecycle operations across servers, AI systems, and industrial devices.
• Industry-first PQC-Fortified Platform Firmware Resiliency (PFR): Ensuring firmware integrity and recovery using LMS/MLDSA and hardware-anchored attestation.
• PQC-Enabled Hardware Root of Trust: Device identity, secure boot, and attestation based on CNSA 2.0 prescribed post-quantum primitives.
• SPDM 1.2 and 1.4 with PQC support: Secure device-to-device trust establishment designed for multi-vendor environments and long-life deployments
• Crypto-Agile Architecture: Allowing operators to adopt new PQC algorithms without hardware redesign or requalification.

These initiatives reflect the emerging “New Trust Stack” — focused on hardware identity, quantum-safe attestation, control-plane enforcement, and lifecycle trust.

The Most Common Misconception

Q: What is the biggest misconception you see about PQC today?

A: The biggest and most concerning misconception about PQC today is the belief that PQC is a software upgrade. We believe PQC is fundamentally a hardware-based issue.

PQC affects:

• Boot and recovery flows
• Firmware signing and validation
• Device identity
• Attestation (SPDM)
• Control-plane enforcement
• Secure provisioning and lifecycle management

Software alone will struggle to deliver deterministic timing, hardware isolation, or invariant roots of trust. Retrofitting PQC entirely in software will face an uphill task to deliver the assurance needed for regulated markets. Quantum-safe cyber resiliency is a hardware-anchored challenge.

Looking Beyond the Horizon

Q: As you look beyond the horizon and anticipate where today’s PQC technologies will eventually reach their limits, how is Lattice preparing for the next set of requirements — such as quantum-grade randomness?

A: At Lattice, we always try to look past the current transition to provide timely solutions for various present and future security threats. PQC solves the immediate threat of HNDL but brings new demands of bigger keys. As PQC algorithms grow more complex and key sizes increase, the system’s entropy source becomes the new bottleneck.

Eventually, classical randomness will not be enough, and Quantum Random Number Generator (QRNG) is going to become foundational. QRNG is critical as PQC key generation requires large volumes of high-quality randomness, and Classical True Random Number Generators (TRNGs) and Pseudorandom Number Generators (PRNGs) are subject to environmental noise and long-term bias. QRNG offers physically irreducible randomness with no algorithmic structure, and it strengthens identity, boot integrity, session key establishment, and attestation.

At Lattice, we are not just implementing the current standards, we are preparing for what comes after them. Our secure-control FPGAs, such as Lattice MachXO5-NX TDQ FPGAs, are designed to have the flexibility to adopt technologies like QRNG as they become essential.

Quantum-safe security is no longer defined by algorithms. It is defined by the trust architecture that surrounds them. Organizations that move now, with hardware-anchored roots of trust, crypto-agile designs, and PQC-ready manageability, will be the ones still trusted ten years from today.

To explore how Lattice’s quantum-safe technologies can help your organization stay ahead of evolving threats, visit Lattice FPGA Security Solutions page. If you’d like to learn more or discuss how to bolster your PQC readiness, contact us today.