Post-quantum cryptography and the future of embedded security

Quantum computing is advancing rapidly, and with it comes the risk that today’s cryptography may no longer be sufficient. For embedded systems – often designed for long lifecycles and limited updatability – this transition poses particular challenges. What needs to change, and how can organizations prepare without redesigning entire device generations?

Why older embedded devices are especially at risk

Many existing embedded devices were never built with the computational strength or architectural flexibility required for post-quantum security. They often lack trusted execution environments, trusted-platform modules, or other forms of specialized hardware security. At the same time, their lifecycles commonly extend to ten or even twenty years — particularly in industrial IoT settings.

This long service life becomes a liability when cryptographic mechanisms age. Firmware may not be updateable, network stacks are often fixed, and bandwidth limitations restrict the exchange of large post-quantum keys or signatures. Even upgrading or replacing PKI infrastructures is difficult, since legacy systems depend on protocols that cannot easily be modernized. As a result, outdated cryptography may remain in active use long after it is considered insecure.

Where PQC retrofitting is most critical

Retrofitting becomes essential wherever systems rely on public keys, device identities, or secure communication. Industrial controllers, networked sensors, ECUs, robots, and other devices that depend on PKI are all prime candidates.

Another sensitive area is secure boot. If firmware authenticity and integrity are checked using classical algorithms, a future quantum attack could undermine the foundational trust of the device. Ensuring that secure-boot mechanisms remain robust even when classical asymmetric cryptography is broken is one of the most urgent PQC challenges.

Two practical approaches: crypto-agile hardware and protected supply chains

A key realization for the industry is that post-quantum migration will not be a one-time shift. Algorithms will evolve, recommendations will change, and systems must remain crypto-agile.

1. PQC-ready secure elements

If a device architecture already uses an external secure element, the transition becomes significantly easier. A secure element available as a USB, SD, or SSD form factor can be replaced by a hardened generation that supports the latest algorithms — without redesigning the entire device. This makes the secure element the central touchpoint for cryptographic updates.

2. Protecting firmware integrity across the supply chain

Many embedded devices implement secure-boot logic in mask-ROM – immutable once produced. Updating it would require a new silicon mask, involving high cost and long development cycles. A more practical approach is to let an external PQC-ready secure element validate firmware signatures before releasing cryptographic keys to the system. This ensures long-term integrity without altering the device’s internal architecture.

Why storage products pose their own PQC challenges

Flash-based storage devices such as SSDs or e.MMC modules complicate PQC integration. Their controllers are typically monolithic, with cryptographic functions hardwired into the controller logic. Adding PQC-capable hardware IP to an SSD controller requires considerable redesign and long development phases.

To overcome this, a modern approach is emerging: combining NAND flash, a flash controller, and a secure-element–grade security controller within a single storage module. This allows all PQC-related operations to be handled by the dedicated security component, not the flash controller MCU. It also enables ongoing crypto agility, as the secure element can evolve independently of the storage controller.

What would a best practice for PQC retrofitting look like?

There is no single framework yet, but one principle defines all successful strategies: crypto agility. Systems should be designed to exchange algorithms over time, migrate between PQC standards, and physically replace components that hold key material. One effective approach is to use modular or replaceable secure elements. When these elements reside on an SSD or other removable storage device, swapping the storage medium effectively upgrades the entire security capability of the system — without touching the underlying hardware.

Is the industry ready to make existing systems PQC-secure?

A full hardware redesign merely for cryptographic reasons is rarely attractive. Costs, downtime, and certification hurdles can quickly outweigh the benefits. This is why acceptance remains low when PQC migration requires rebuilding entire architectures.

However, the picture changes when companies can retrofit systems by replacing only a security module, such as a secure element, SD card, or PQC-ready SSD. This reduces risk, cost, and operational disruption, making post-quantum readiness far more feasible.

The role of storage in lifecycle and supply-chain security

Many devices ship with onboard key material, such as onboarding keys, fallback symmetric keys, or transport-lock secrets. PQC-ready secure-storage products protect these keys from the very beginning, while also ensuring that decades later, updates can still be authenticated securely.

Why does this matter? Because the ability to prove that an update is addressed to the real device, not a cloned or manipulated system, becomes a cornerstone of post-quantum resilience. Storage products that integrate secure elements provide exactly this foundation, supporting the entire device lifecycle from manufacturing to long-term operation.

Want to future‑proof your devices against post‑quantum threats? Reach out to Swissbit – our experts are ready to support your next steps.