Feature

Quantum hacking: Race to quantum-proof encryption moves into computer chips

The battle to protect sensitive data from future quantum computers is shifting beyond algorithms and into the processors that power phones, servers, industrial equipment and critical infrastructure.

Every encrypted message, financial transaction, medical record and government document created today could remain stored somewhere for years.

Although that information may be secure against current computers, cybersecurity experts are preparing for a future in which sufficiently powerful quantum machines could defeat some of the public-key encryption systems protecting modern communications.

The concern has created a race to develop post-quantum cryptography, a new generation of mathematical techniques designed to withstand attacks from both conventional and quantum computers.

However, creating quantum-resistant algorithms is only part of the challenge. Those algorithms must also be integrated into the physical hardware used across the global digital economy.

That task is pushing post-quantum security into the semiconductor industry, where chipmakers are exploring how quantum-resistant protections can be embedded directly into processors and specialised security components.

A new partnership between Swiss cybersecurity company SEALSQ and United States semiconductor manufacturer GlobalFoundries illustrates how rapidly these fields are beginning to converge.

The companies announced a strategic memorandum of understanding on 8 July to jointly develop post-quantum security technology, secure chiplet architectures and cryogenic semiconductor components for future quantum computing systems.

The quantum threat is already shaping security decisions

Modern public-key cryptography relies heavily on mathematical problems that conventional computers find extremely difficult to solve.

RSA security, for example, depends on the difficulty of factoring very large numbers. Elliptic-curve cryptography relies on a different mathematical problem, but one that is also considered impractical for conventional computers to reverse at useful security levels.

These systems are used for secure web connections, digital signatures, software updates, financial services, identity systems and encrypted communications.

A sufficiently capable quantum computer could change that equation.

Quantum algorithms could theoretically solve some of these mathematical problems far more efficiently than classical machines, potentially undermining widely used public-key systems such as RSA and elliptic-curve cryptography.

The United States National Institute of Standards and Technology, known as NIST, says a cryptographically relevant quantum computer could potentially reduce calculations that would take conventional computers billions of years to a matter of days or hours.

However, no machine capable of doing this currently exists, and researchers remain uncertain about when, or whether, such a system will be built. Estimates range from several years to several decades.

That uncertainty does not remove the immediate risk.

Attackers can collect encrypted information today and store it until more powerful decryption technology becomes available. The strategy is commonly described as “harvest now, decrypt later”.

This is particularly concerning for information that must remain confidential for many years, including intelligence records, health data, defence information, intellectual property and long-term financial documents.

NIST warns that moving from one generation of cryptography to another can take between 10 and 20 years because new protections must be incorporated into hardware, software, standards, products and services.

New algorithms are only the beginning

In August 2024, NIST finalised its first three post-quantum cryptography standards following an international evaluation process that lasted approximately eight years.

The standards include algorithms for key establishment and digital signatures, providing alternatives to cryptographic systems that could become vulnerable to quantum attacks.

NIST urged organisations to begin integrating the standards immediately, acknowledging that replacing deeply embedded cryptographic infrastructure would be a lengthy process.

Post-quantum algorithms are intended to run on conventional computers. Organisations do not need quantum hardware to use them.

However, deploying them can introduce new technical complications.

Quantum-resistant algorithms may use larger keys, signatures or encrypted messages than current systems. Depending on the algorithm and implementation, they may also require more memory, processing capacity or energy.

These demands become particularly important in constrained environments such as smart cards, industrial sensors, connected vehicles, medical equipment and internet-connected devices.

Updating software on a server may be relatively straightforward. Replacing cryptographic functions built into a physical chip can be significantly more difficult, particularly when the device is expected to operate for decades.

NIST’s migration guidance therefore advises organisations to identify where vulnerable cryptography is being used across hardware, software and services, then develop roadmaps for replacing it.

The next phase of the post-quantum transition is consequently becoming a hardware engineering problem as much as a mathematical one.

Building quantum-safe security into silicon

The SEALSQ and GlobalFoundries collaboration will focus partly on creating reusable security components that semiconductor designers could incorporate into future processors.

Working with chip architecture company MIPS, which is owned by GlobalFoundries, the companies plan to develop pre-certified post-quantum security intellectual property blocks.

In semiconductor design, an IP block is a reusable circuit component that performs a particular function. Rather than designing every security feature from the beginning, manufacturers can integrate a tested component into a larger processor.

The proposed post-quantum blocks would allow cryptographic operations to run directly in hardware.

Hardware acceleration can improve performance and reduce the burden placed on a device’s main processor. It may also provide stronger isolation for sensitive operations than a software-only implementation.

The partners are also planning Chiplet Hardware Security Module components.

Chiplets are smaller semiconductor components designed to be combined within a larger package. Instead of manufacturing an entire complex processor as one large piece of silicon, designers can assemble different chiplets, each optimised for a particular task.

A security chiplet could provide dedicated cryptographic processing, key storage or identity functions alongside separate computing, networking or artificial intelligence components.

The planned components are intended for applications including hardware security modules and secure enclaves.

Hardware security modules are specialised devices used to generate, protect and manage cryptographic keys. Banks, payment providers, cloud platforms, governments and large enterprises use them to protect highly sensitive operations.

Secure enclaves create isolated areas within a computing system where protected data and code can be processed separately from the main operating environment.

Adding post-quantum capabilities to these systems could allow organisations to upgrade critical cryptographic infrastructure without redesigning every part of the surrounding platform.

Why certification matters

The proposal to create pre-certified security blocks could be particularly significant.

Cryptographic hardware must do more than perform the correct mathematical calculations. It must also resist physical attacks, implementation flaws, power analysis, timing attacks and attempts to extract secrets from memory.

An algorithm may be mathematically secure while its implementation remains vulnerable.

Certification provides independent evidence that a component has been designed and tested against recognised security requirements. For chipmakers and device manufacturers, integrating an already assessed security block could reduce development time and simplify compliance.

However, certification is not permanent protection.

New vulnerabilities, cryptanalytic discoveries and implementation weaknesses can emerge after a chip enters production. Hardware must therefore be designed with cryptographic agility, allowing algorithms or parameters to be updated when standards change.

This presents another challenge for long-lived devices. Software can often be patched remotely, while fixed hardware functions may be difficult or impossible to modify.

The most resilient designs are likely to combine hardware-based protection with enough flexibility to support future security updates.

Protecting against quantum computers while helping to build them

The partnership is not limited to defending conventional systems from future quantum attacks.

SEALSQ and GlobalFoundries also intend to develop semiconductor technology that could support quantum computers themselves.

Many leading quantum computing architectures require extremely low operating temperatures. Some quantum processors function at temperatures only fractions of a degree above absolute zero.

At these temperatures, conventional electronics may become inefficient or unreliable. Connecting room-temperature control systems to extremely cold quantum processors also creates engineering challenges involving wiring, heat and signal integrity.

The companies plan to explore cryoelectronic application-specific integrated circuits, or ASICs, designed to operate at ultra-low temperatures.

These specialised chips could manage control, communication or signal processing functions closer to a quantum processor, potentially reducing the amount of wiring and heat entering the cryogenic environment.

The work will build on GlobalFoundries’ Quantum Technology Solutions business and SEALSQ’s quantum ASIC development ambitions. The companies say they expect to use GlobalFoundries’ manufacturing operations in the United States.

CMOS could play a major role in the quantum era

Most processors used in current computers, smartphones and internet infrastructure are manufactured using complementary metal-oxide-semiconductor technology, commonly known as CMOS.

CMOS manufacturing has supported decades of semiconductor development by allowing engineers to produce increasingly complex, power-efficient and affordable integrated circuits.

Although quantum processors operate differently from conventional computers, established semiconductor manufacturing methods could still play an important role in scaling quantum technology.

GlobalFoundries and SEALSQ argue that CMOS platforms could provide the reliability, manufacturing capacity and cost efficiency needed to support commercially viable quantum systems.

This does not mean conventional semiconductor factories can immediately begin mass-producing fully capable quantum computers.

Different quantum architectures use different materials, control systems and manufacturing requirements. Considerable research is still needed before large-scale, fault-tolerant quantum computing becomes practical.

However, established semiconductor processes could be used to manufacture supporting electronics, control chips, communication components and some types of quantum devices.

Security, manufacturing and national sovereignty converge

The collaboration also reflects growing concern about the security of global semiconductor supply chains.

Advanced chips are increasingly viewed as strategic infrastructure because they underpin communications, defence systems, artificial intelligence, transport, healthcare, energy and financial services.

Governments in the United States and Europe have introduced policies intended to expand domestic semiconductor production and reduce dependence on overseas manufacturing.

SEALSQ and GlobalFoundries say their partnership is intended to support trusted and traceable semiconductor production aligned with European and American sovereign supply-chain priorities.

For post-quantum security, manufacturing provenance could become especially important.

A cryptographic component may be mathematically robust but still vulnerable if its design, fabrication or supply chain has been compromised. Trusted manufacturing aims to reduce the risk of hidden modifications, counterfeit components or unauthorised access to sensitive design information.

The emerging quantum-security ecosystem will therefore require more than secure algorithms.

It will need trusted hardware, resilient manufacturing, secure communications, protected key management, cryptographic agility and reliable supply chains.

A strategic agreement, not a finished product

Despite its ambitious scope, the partnership remains at an early stage.

The announcement is a memorandum of understanding rather than the launch of a completed chip or commercial security platform.

The proposed post-quantum IP blocks, security chiplets and cryogenic ASICs must still move through design, development, testing, certification and manufacturing.

Technical and commercial details, including performance targets, production schedules and customer availability, have not yet been announced.

Quantum computers capable of defeating current public-key encryption also remain theoretical rather than operational.

Nevertheless, the agreement highlights a significant change in how the industry is approaching the quantum threat.

The transition to post-quantum security is no longer confined to cryptographers developing new algorithms. It is moving into semiconductor design, processor architecture, manufacturing and the physical infrastructure of computing.

The most important quantum-security work may begin years before a cryptographically relevant quantum computer exists.

By the time such a machine arrives, the systems that protect sensitive information will need to have already changed.

For governments, businesses and technology manufacturers, the race is not simply to invent quantum-resistant mathematics. It is to place that mathematics inside the billions of devices on which the digital world depends.

Leave a Reply

Your email address will not be published. Required fields are marked *