Embedding post-quantum cryptography in hardware: The true differentiator for long-term security

As the world races toward the post-quantum era, organizations must prepare now to secure their infrastructures — an area deeply explored in the SEALSQ Quantum Lab

But while much of the discussion focuses on which algorithm to choose, the real question for system designers is where those algorithms should live: in software (on general processors) or in hardware (secure elements, TPMs, SoCs, or dedicated chips).

Hardware anchoring fundamentally changes the security model, certification potential, side-channel resilience, execution speed, and supply-chain trust of any PQC deployment. Beyond security, hardware-level PQC delivers tangible performance advantages: by running cryptographic operations directly in silicon, systems achieve lower latency, higher throughput, and greater energy efficiency—making large-scale PQC deployments both secure and practical.

1-Two ways to implement PQC

Software-based PQC

• Implemented in firmware or application code running on general CPUs or MCUs.
• Fast to deploy and easy to update.
• Ideal for cloud, mobile, and data-center environments.
• However, it remains vulnerable to memory exposure, fault injection, and physical probing.

Hardware-embedded PQC

• Implemented inside secure microcontrollers, TPMs, or dedicated crypto chips.
• Keys are generated, stored, and used only inside tamper-resistant silicon.
• Firmware and algorithms are executed in a shielded environment with fault-detection and side-channel countermeasures.
• Typically certified under FIPS 140-3 or Common Criteria EAL5+/6+.

2- Why the location matters

The same algorithm—say, a lattice-based signature—has radically different security and performance properties depending on where it’s executed. While software implementations provide agility, hardware-anchored PQC combines mathematical strength with hardware acceleration, achieving both superior protection and faster execution.

3- The layered threat model

Quantum computers threaten mathematical assumptions—breaking RSA and ECC—but most real-world compromises still come from physical or side-channel attacks.

Implementing PQC purely in software defends against quantum math but not against lab-grade attackers who can:

• Probe a chip’s debug interface.
• Induce faults to leak private keys.
• Capture electromagnetic emanations during signature generation.
• Inject modified firmware to hijack the crypto stack.

By anchoring PQC inside a certified secure element, you address both dimensions: mathematical and physical security.

SEALSQ’s quantum-resistant products and services provide the foundational security layer required for long-term PQC adoption.

4- Standards convergence

NIST’s 2024 PQC standards define:

• FIPS 203 – ML-KEM (Kyber) for key establishment.
• FIPS 204 – ML-DSA (Dilithium) for digital signatures.
• FIPS 205 – SLH-DSA (hash-based signatures).

These algorithms are software-portable, but integrating them into certified hardware modules ensures that long-term keys (e.g., device identities or signing credentials) remain safe even when exposed to hostile environments.

Hardware vendors are now embedding these standards at silicon level—offering on-chip key generation, secure boot, and PQC acceleration—so that sensitive operations never leave the protected boundary.

In addition to stronger key protection, hardware integration ensures real-world performance. Modern secure elements and SoCs feature dedicated PQC accelerators optimized for lattice arithmetic, executing Kyber or Dilithium operations several times faster than software-only systems while consuming less power—a decisive advantage for IoT, embedded, and high-volume edge deployments.

5- When hardware-level PQC is essential

• • Government and civil identity
    Digital ID cards, passports, and health credentials demand non-repudiation and decades of cryptographic durability.
    Hardware-based PQC not only secures keys but also accelerates verification and signing operations, reducing transaction latency for large-scale identity systems while maintaining tamper-resistant protection throughout the credential’s lifetime.
    
    
  • Hardware wallets and digital custody
    Private keys for digital assets must survive quantum and physical threats alike.
    Secure elements executing PQC signatures on-chip offer faster transaction processing and lower power consumption, protecting against both remote compromise and side-channel leakage during signing.
    
    
  • Industrial and IoT devices
    Sensors, meters, and gateways are deployed for 10–20 years—well within the post-quantum horizon.
    Hardware-anchored PQC ensures device identity, secure boot, and firmware updates remain trusted even in field conditions, while on-chip PQC acceleration keeps authentication and updates efficient for constrained devices.
    
    
  • Automotive and energy infrastructure
    Electric-vehicle chargers, ECUs, and grid controllers face strict cybersecurity mandates.
    Embedding PQC directly into hardware delivers both compliance and real-time responsiveness, meeting standards like UNECE R155/R156 and NERC CIP while defending against tampering or cloned firmware.
    
    
  • Cloud roots of trust and HSMs
    Even in data centers, the hardware root—TPM, HSM, or enclave—must handle PQC keys securely.
    PQC acceleration within hardware roots of trust improves certificate-signing throughput and reduces server load, ensuring both performance and key confidentiality even if the host OS is compromised.

  6- Benefits unique to hardware anchoring

• Key life-cycle isolation – Generation, use, and destruction occur entirely within the secure element.
• True random number generation (TRNG) – Hardware entropy sources ensure unpredictable key material.
• Tamper detection and response – Voltage, temperature, and light sensors trigger zeroization on attack.
• Secure boot – The PQC firmware image itself is verified by hardware before execution.
• Certifiable assurance – Hardware platforms can achieve EAL5+/6+ or FIPS 140-3 Level 3 certification, providing measurable guarantees.
• Performance scalability – Dedicated cryptographic engines enable faster key exchanges, lower-latency signatures, and reduced energy per operation, ensuring scalability across billions of connected devices.
• Long-term maintainability – Hardware with crypto-agility can be updated with new algorithms via signed firmware while maintaining a consistent root of trust.

These benefits are embodied in our Post-Quantum RISC-V chips like the QS7001 designed to deliver secure key storage and quantum-safe identity provisioning

7- Where software-only PQC still makes sense

• Short-lived TLS sessions in trusted data centers where physical access is impossible.
• Experimental or hybrid deployments that need agility more than certification.
• Cloud HSM-as-a-service environments where the hardware root exists off-premises.

In these contexts, the key risk is not physical extraction but future decryption, so software PQC suffices. However, as soon as devices leave controlled environments, hardware protection becomes essential.

8- What to evaluate in a hardware PQC platform

When assessing secure hardware for PQC deployment, look beyond the algorithm list:

9-Industry momentum toward hardware-anchored PQC

Across sectors—from identity to finance to IoT—manufacturers are moving PQC operations directly into silicon.
Secure elements based on open architectures (such as RISC-V) are emerging with built-in support for lattice-based key exchange and signatures, hardware TRNGs, and certified tamper protection.

This convergence marks the next security baseline: quantum-safe by design, hardware-anchored by necessity.

10- Conclusion

Software can deliver agility and adaptability, but only hardware embedding can guarantee full-spectrum protection and sustained performance—mathematical, physical, and operational. Hardware PQC combines the assurance of certified tamper resistance with the advantage of native acceleration, reducing cryptographic latency and power consumption across all form factors.

As quantum-resistant chips reach commercial maturity, expect a clear divide:

• Systems relying purely on software PQC will remain theoretically secure, but vulnerable to physical compromise.
• Systems embedding PQC inside certified, tamper-resistant hardware will offer quantum-safe and physically secure trust anchors for decades to come.

In the post-quantum era, true security will be measured not only in bits of entropy and millimeters of silicon, but in the speed and efficiency with which that silicon executes quantum-safe operations. Systems that are both secure and performant will define the new benchmark for trust in the quantum age.

For organizations seeking a flexible path to quantum-safe transformation, our Quantum-as-a-Service platform offers managed access to PQC-enabled infrastructures.