Post-Quantum Cryptography in Embedded Systems: Migration Strategies for 2030 Readiness (Q23c)
The European Commission and the U.S. have issued roadmaps and timelines requiring the transition to Post-Quantum Cryptography (PQC) for software/firmware upgrades and high-risk use cases by the end of 2030 and disallowing classical cryptography by 2035. This migration timeline directly impacts the development of today’s systems, particularly in domains such as automotive, industrial, and IoT, where hardware and software often remain operational for more than ten years. Executing this migration by end of 2030 is a significant undertaking for the embedded domain. NXP, a co-designer of the NIST winner ML-KEM (FIPS 203), has been actively involved in PQC for over nine years and is a global leader in solving implementation challenges for embedded systems. In this talk, the speakers will share NXP’s practical experiences in migrating embedded systems to PQC, including proof-of-concept implementations for high-risk use cases such as secure boot, SW and FW update, diagnostics, and hybrid TLS 1.3. These efforts span microcontrollers, microprocessors, and secure elements, in collaboration with partners across critical application domains, such as automotive, industrial, and secure identity. the speakers will present impact analyses and lessons learned to help prioritize and address use cases for PQC migration in embedded systems. Attendees will gain a clear understanding and actionable insights of how to plan and execute PQC migration in embedded environments, enabling future-proof security and compliance in a rapidly evolving cryptographic landscape.