By Matt Schumacher, Principal Digital Engineer, Mercury Systems
The Quantum Computing Threat
For decades, digital security has rested on the premise that certain mathematical problems are so difficult that even the fastest computers would be unable to solve them in a reasonable timeframe. Public-key cryptography depends on this assumption and secures everything from classified communications to online banking.
However, quantum computers can break these public-key algorithms.
Unlike classical computers, which process information as bits in ones and zeros, quantum computers use quantum bits, or qubits, that can exist in multiple states simultaneously. This property, known as superposition, allows quantum computers to explore vast numbers of solutions in parallel. When combined with another quantum property called entanglement, quantum computers can solve certain mathematical problems exponentially faster than any traditional machine.
The math problems quantum computers excel at solving, such as factoring large numbers and computing discrete logarithms, are exactly the problems that today's most widely used cryptography algorithms rely on. RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman key exchange all become vulnerable once a sufficiently powerful quantum computer exists.
How Close Are We?
While today's quantum computers are not yet powerful enough to break modern encryption, the trajectory is clear. Governments and technology companies worldwide are investing in quantum computing research. Progress is accelerating, and more importantly, adversaries don't need to wait for a quantum computer to arrive. They can harvest data today and decrypt it later once the quantum computing technology matures. This "harvest now, decrypt later" strategy means that sensitive information with a long shelf life is already at risk.
These concerns led the U.S. National Institute of Standards and Technology (NIST) to finalize its first post-quantum cryptography (PQC) standards in 2024 with ML-KEM for key encapsulation and ML-DSA for digital signatures. The NSA’s CNSA 2.0 guidance now mandates that national security systems begin transitioning to these quantum-resistant algorithms immediately, with full adoption required by 2030.
Beyond Algorithmic Security: Addressing the Physical Threat
Post-quantum algorithms protect against remote, mathematical attacks. But what about physical ones?
When cryptographic operations run on hardware, the device itself becomes an attack surface. Every computation consumes power, emits electromagnetic signals, and takes a measurable amount of time. These physical characteristics, known as side channels, can reveal information about the secret keys being processed inside the device.
An adversary with physical access to hardware doesn't need a quantum computer. With relatively modest equipment, they can monitor these side-channel emissions and extract the cryptographic keys.
Why This Matters for Defense
For systems operating in secure data centers, the risk of physical access may be limited. But aerospace and defense platforms routinely operate in environments where hardware can be captured, stolen, or accessed by adversaries.
The U.S. Department of War has long recognized this and establishes anti-tamper requirements specifically to prevent adversaries from extracting sensitive technology and information from captured systems. Hence, Mercury believes that side-channel attacks resistance is a core component of meeting these requirements.
Deploying a new post-quantum algorithm does not automatically provide this protection. A PQC implementation without side-channel resistance is like installing a stronger lock on a door that can be bypassed entirely; it addresses one threat while leaving another wide open.
Building Security into the Silicon
The new PQC algorithms are more computationally complex than their predecessors, which makes hardening the implementations against physical attacks a critical and difficult design challenge.
Mercury's PQ Ultra is a full hardware accelerator with integrated side-channel resistance for both ML-KEM and ML-DSA. Unlike software implementations or unprotected hardware accelerators, PQ Ultra implements countermeasures directly into the hardware datapath, achieving unmatched power, performance, and area metrics with side-channel attack resistance.
Integration with Mercury’s KeyGuard hardware key manager and SecRun runtime cryptography engines creates a complete, side-channel resistant hardware root of trust. This comprehensive security platform protects the entire cryptographic key lifecycle from generation and storage through operational use.
The Path Forward
The post-quantum migration is necessary, and the urgency is real. But quantum resistance is not the finish line. It's one layer of a defense-in-depth strategy.
For any system where an adversary might gain physical access to the hardware, cryptographic implementations must be resistant to both quantum-enabled mathematical attacks and real-world physical attacks. Only by addressing both threats can systems remain secure in contested environments.
To learn more about how Mercury can help you prepare for the post-quantum future, visit us at booth #211 at the GOMACTech conference in New Orleans, March 9-12, or contact us at sales@mrcy.com.
