Lattice Blog


Preparing for Post-Quantum Security Environments with Lattice FPGAs

Preparing for Post-Quantum Security Environments with Lattice FPGAs
Posted 09/08/2023 by Mamta Gupta Director of Security and Comms segment marketing, Eric Sivertson, VP of Security Business

Posted in

A new era of innovation is on the horizon amid the rise of quantum computing. This emerging technology harnesses the laws of quantum mechanics by fusing aspects of computer science, physics, and mathematics to rapidly solve problems too complex for classical computing. Google, for example, has already developed a quantum computer that operates 158 million times faster than the world’s most powerful existing supercomputer. The convergence of quantum computing with artificial intelligence (AI) and machine learning (ML) will fundamentally redefine technology’s impact on humankind and raise the ceiling for enterprise digital transformation.

However, the rise of quantum computing also signifies a new era of cybersecurity risk. Expected to hit the market by 2030, quantum computers will pose a major cybersecurity threat due to their unrivaled ability to compromise the public key infrastructure (PKI) cryptographic algorithms classical computing systems operate on today. In theory, leveraging quantum computers could allow cybercriminals to bypass PKI-based security controls and steal sensitive data for ransomware, sabotage, or critical infrastructure attacks more easily than ever before.

While once considered a distant problem, breakthroughs in quantum technology development are outpacing initial estimates and making the threat of quantum-powered cyberattacks all the more imminent. The urgency of the situation reached new heights in August 2023, when the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST) published a joint statement that called for accelerated Post-Quantum Cryptography (PQC) migration. The three regulatory bodies recommended that “all organizations, especially those in critical infrastructure sectors, begin early planning for migration to PQC standards by developing their own quantum-readiness roadmap.”

This is because PQC migration won’t happen overnight. Most cryptographic products, protocols, and services that rely on common PKI algorithms (RivestShamir-Adleman [RSA], Elliptic Curve Diffie-Hellman [ECDH], and Elliptic Curve Digital Signature Algorithm [ECDSA]) will need to be updated, replaced, or altered to employ quantum-resistant PQC algorithms. Through the integrated adoption of Lattice Field Programmable Gate Arrays (FPGAs), organizations can help position themselves to facilitate PQC migration and streamline readiness for a post-quantum future.

The Need for PQC Cyberdefense

At its core, PQC migration encompasses a foundational shift from PKI cryptographic algorithms to build resilience against quantum-powered cyberattacks. These attacks would apply a mathematical method called Shor’s Algorithm to determine the prime factors of large integers within PKI algorithms. Current PKI security controls are constructed around the difficulty of factoring these large integers, rendering them highly vulnerable in post-quantum environments. Transitioning from PKI algorithms to PQC will provide dual protection against both classical and quantum computing attacks.

The existing security standards adhered to by organizations in critical infrastructure sectors do not incorporate PQC algorithms and are therefore incapable of defending against quantum threats. For example, Industrial Control Systems (ICS) follow the PKI-based IEC 62334-4-2 security standards for risk assessments, policies, and requirements of system components. More than 40 percent of global ICS computers were targeted by traditional cyberattacks in 2022. Had those been quantum-powered attacks, the consequences would have been severe – and not just from an operational downtime or monetary loss standpoint. Considering nuclear power plants, water treatment facilities, and electrical grids all rely on ICS computers to operate safely, lives are potentially at stake. PQC cyberdefense will be critical to preventing that from happening.

Driving PQC Migration with Lattice FPGAs

It’s important to remember that the post-quantum era is no longer just a hypothetical scenario far off in the distance. Any system developed between now and 2025 will likely operate over a 10-year lifespan that extends into quantum computing environments — meaning now is the time to begin migrating toward PQC-based infrastructure. Integrating Lattice FPGAs within current and future systems can help facilitate PQC migration as part of a post-quantum readiness roadmap.

FPGAs allow products to be easily retrofitted for adherence to evolving security standards. With innate flexibility, programmability, and parallel processing functions, they can streamline over-the-air firmware updates that enable developers to proactively refine embedded hardware with PQC algorithms and patch PKI vulnerabilities within existing systems. Lattice FPGAs incorporate these “crypto agile” capabilities in real-time hardware Root of Trust (HRoT) products to deliver enhanced protection of server platforms and other connected device applications to protect an organization’s total attack surface. The unique crypto-agility designed into some of the Lattice’s latest ROT device families allow for seamless in-field updates to implement PQC algorithms as they mature. To incorporate new algorithms securely and seamlessly and to fix bugs in released cryptography algorithms, crypto agility is a must as the industry prepares for the PQC migration.

Above all, prioritizing proactivity over reactivity is non-negotiable for combatting new threat actor tactics, techniques, and procedures (TTPs). With the probability of quantum computing attacks rising, Lattice FPGA adoption can help enable cyber resilience today and in the post-quantum world. Lattice is in close collaboration with leaders across the cybersecurity sector to help our customers remain PQC compliant as security standards evolve.

To learn more about Lattice’s diverse FPGA and solution stack portfolio, and how Lattice can help facilitate PQC migration, contact our team today.