top of page
Search

The Emergence of Quantum Computers and Their Impact on the Security of Embedded Devices

Published on: July 24, 2025

Estimated reading time: 9 minutes

Edited by: Isabella Donders


ree

The creation and development of quantum computers marked the start of a new era in computing. In the last few decades, extensive research has been dedicated to advancing this technology, resulting in increasingly powerful prototypes. However, alongside these enthusiastic research advancements, quantum computing also poses a serious threat to modern cybersecurity.


In this blog post, we will explore the fundamental principles of quantum computers, including an overview of Grover’s and Shor’s algorithms, and why they pose a risk to today’s cryptographic systems. In response, national and international agencies have begun establishing timelines and deadlines for the transition to quantum-resistant solutions. This has also led to the development of post-quantum cryptographic algorithms, which are new techniques specifically designed to protect systems against quantum attacks. Finally, we will look at how this emerging threat impacts embedded systems and what is being done in this space through the European-funded QUBIP project, which aims to address quantum security challenges in real-world devices.


What are Quantum Computers?


A quantum computer is a type of computer that uses the principles of quantum mechanics to process information in a fundamentally different and much faster way than traditional (classical) computers. Specifically, a classical computer uses bits to store information (that means, 0 and 1), while a quantum computer uses quantum bits (qubits), which can be both 0 and 1 at the same time, thanks to the quantum property called superposition. Qubits can be linked in such a way that the state of one instantly influences the state of another, no matter how far apart they are. Quantum computers are highly useful in a wide range of applications. For example, they have the potential to break certain cryptographic systems, simulate molecules for drug discovery, solve complex optimization problems, and model quantum physical systems.


Quantum computers are still in the experimental phase and remain in the early stages of development. One of their biggest challenges is their sensitivity to environmental factors like temperature and noise, which can lead to errors. Despite the intense research efforts in this field, quantum computers are not yet ready for widespread practical use; however, they are expected to become viable in the relatively near future (as shown in the IBM Quantum roadmap).


Quantum computers hold great promise as a technological improvement, but they also introduce significant risks. In particular, their powerful computational capabilities could enable the use of quantum algorithms capable of breaking cryptographic systems that are currently considered secure, such as the RSA digital signature scheme and the Diffie-Hellman key exchange mechanism. To address this, we must be prepared for the emergence of quantum computers through preparation and a strategic transition from classical to post-quantum cryptography.


The Transition to Post-Quantum Cryptography


Quantum algorithms highlight the profound impact that quantum computing can have on various fields. Two main quantum algorithms demonstrate the power of quantum computation: Grover’s and Shor’s algorithms. 


Grover’s algorithm is well-known for its ability to accelerate database searches, while Shor’s algorithm is famous for its capability to factor large integers exponentially faster than classical algorithms. These two algorithms have a different impact on classical cryptography:


  • Grover’s algorithm affects symmetric key cryptographic systems by offering a quadratic speedup for unstructured search problems, enabling a faster brute-force search through the key space of the cryptographic system.

    • To counter the threat posed by quantum computers, the typical approach in this case is to use longer key lengths for these symmetric cryptographic systems.


  • Shor’s algorithm impacts asymmetric key cryptographic systems by solving the integer factorization and discrete logarithm problems exponentially faster than classical methods.

    • The successful implementation of Shor’s algorithm on a large-scale quantum computer would compromise many existing cryptographic systems, making it essential to develop new asymmetric key cryptographic schemes to maintain security.


In response to this threat, in 2016, the National Institute of Standards and Technology (NIST) launched a competition to identify new cryptographic systems for key exchange and digital signatures that are not based on factorization or discrete logarithm problems, unlike classical algorithms. These competitions resulted in three standards that describe three new standardized algorithms:



These algorithms were chosen for their robust security characteristics, efficient implementation, and resistance to both classical and quantum cryptanalysis. Additional algorithms are in the process of being standardized, and research is ongoing, both in testing the already standardized algorithms and in developing new secure cryptographic schemes.


Notably, many of the new schemes are based on mathematical problems that are either entirely new or newly applied in the field of cryptography. This raises an important question: ‘Should we rely on classical algorithms with well-established security, even though they may become vulnerable in the quantum era, or should we adopt newer algorithms designed to resist quantum attacks, despite their foundations being less time-tested?’. 


To address this question, hybrid schemes have been defined. A hybrid scheme is a cryptographic approach that combines classical algorithms with post-quantum algorithms to enhance security during the transition to the quantum computing era. This approach offers the maturity and confidence of classical algorithms on one side, and the quantum resistance of post-quantum algorithms on the other. This approach also enables gradual migration to post-quantum systems without abandoning trusted infrastructure. NIST does not mandate the use of hybrid schemes but acknowledges their potential value during the transition.


At the same time, national security agencies have begun setting clear timelines for migration. For example, the U.S. National Security Agency (NSA) issued its CNSA 2.0 guidelines in 2022, requiring all National Security Systems to adopt post-quantum (PQ) algorithms by 2035. Another notable initiative is the roadmap and timeline released by the EU Member States, with support from the European Commission. This document outlines a series of recommendations for Member States to follow in order to achieve a coordinated transition to post-quantum cryptography (PQC), along with actions to ensure that all stakeholders are adequately informed about the cryptographic risks posed by quantum technologies. These initiatives represent a strategic push toward cryptographic agility, aimed at safeguarding critical infrastructure against emerging threats.


However, the transition to post-quantum cryptography involves more than just adopting post-quantum or hybrid schemes; it also requires phasing out classical algorithms that are no longer secure. This gradual deprecation and eventual disallowance is, for example, addressed in NIST IR 8547. A clear example of this evolution is the transition from TLS 1.2 to TLS 1.3, the latest version of the protocol. This shift represents a major simplification and modernization effort aimed at enhancing security, performance, and clarity. Indeed, TLS 1.2 supports dozens of cipher suites, many of which rely on weak or outdated algorithms such as RC4, CBC modes, and SHA-1. In contrast, TLS 1.3 eliminates these insecure components and introduces a much smaller, more secure set of cipher suites.


The Impact of Post-Quantum on Embedded Devices


While general-purpose systems can often be updated or reconfigured with relative ease, embedded systems pose unique challenges due to their constrained nature and long deployment lifespans. This makes them particularly vulnerable in a post-quantum world and requires early and strategic preparation.


Post-quantum cryptography in constrained environments is not a straightforward task. Many of the post-quantum algorithms have significantly larger key sizes and require more computational resources than classical algorithms. This introduces a trade-off between security and performance, especially in devices with limited memory, processing power, and energy availability.


Another crucial concept is cryptographic agility, the ability to easily swap out cryptographic algorithms in response to new threats or standards. For embedded systems, this means designing software and hardware in a modular way, using updatable secure elements or firmware, and avoiding hard-coded cryptographic primitives wherever possible. Agility ensures that systems deployed today can be upgraded tomorrow without costly or impractical overhauls. For example, a cryptographically agile secure upgrade mechanism might use a modular bootloader that supports multiple signature verification algorithms, a configurable secure element or firmware that can be updated to support new cryptographic standards, and a mechanism to update the public key and algorithm used for signature verification through the secure upgrade process itself. This approach will allow updates in this transition period, not requiring a full hardware replacement or manual reprogramming, which would be costly and potentially infeasible at scale.


The evolving PQC landscape is also relevant for device manufacturers, as well as member states, in light of the implementation of the Cyber Resilience Act (CRA). This Act lays out requirements for products placed on the market from December 11th, 2027. Cryptographic agility, as explained in the previous paragraph, is to be considered when developing new products. The CRA includes several requirements on the protection of integrity and confidentiality of data, both in transit and at rest, and one prominent way to achieve this is through encryption. As outlined above, manufacturers should prepare for a new era in cryptography, closely following the newest developments in post-quantum cryptography. In addition, a quantum-safe upgrade path is to be considered, where it is suggested that software or firmware upgrade procedures include quantum-safe signatures. In this document, the NIS Cooperation Group advises the various stakeholders involved in the creation of harmonized standards, as well as the member states implementing the CRA, to consider the PQC transition timelines.


For more information about the CRA, see our blog post RED DA and CRA: How the Newest EU Cybersecurity Legislations Impact Your Products.


Another key action to be taken is to evaluate the cryptographic footprint of embedded systems. This involves identifying where and how cryptography is used (secure communication, authentication, firmware updates, secure boot processes). Most of these rely on public-key algorithms that are susceptible to quantum attacks and will need to be replaced with post-quantum cryptographic equivalents. An example of cryptographic footprint is the CBOM (Cryptographic Bill Of Material); it is an extension of the CycloneDX standard for Software Bill of Materials (SBOM), which provides an abstraction that allows modelling and representing crypto assets in a structured object format.


To learn more about SBOM, see our blog, All you need to know about SBOM management, and explore the ARIANNA Platform.


Addressing quantum threats in embedded systems is not only a technical challenge, but also an organizational and strategic one. Collaboration with vendors, ongoing education of development teams, and alignment with evolving standards are all necessary to ensure a coordinated and timely migration. Moreover, it is essential to begin integrating post-quantum cryptographic algorithms into development cycles now, even if only in experimental branches.


European Funded Project QUBIP


To address the challenges posed by the advent of quantum computers and to support a smooth transition to post-quantum cryptography across protocols, networks, and systems, Security Pattern is actively collaborating in the European QUBIP (Quantum-safe communication for critical infrastructures and businesses) project. It is an European research and innovation project focused on preparing digital infrastructures for the quantum era. The project started in September 2023 and will end in August 2026. Security Pattern is part of the QUBIP consortium, together with ten other universities and companies. Participants in the consortium, besides Security Pattern, are:

Fondazione LINKS, Politecnico di Torino, Telsy S.P.A., Agencia Estatal Consejo Superior de Investigaciones Científicas, Telefónica Investigación y Desarrollo SA, Universidad Politécnica de Madrid, Tampereen Korkeakoulusaatio SR, Red Hat Czech S R O, Smart Factory S.R.L., Fundación Cibervoluntarios.


The project aims to develop, integrate, and test quantum-safe cryptographic solutions to protect sensitive communications and systems. Its main goal is to establish a reference and replicable transition framework by leveraging the return on experience from practical post-quantum cryptography adoption exercises. The project culminates in three real-world use cases: quantum-secure IoT-based digital manufacturing, quantum-safe internet browsing, and quantum-secure software network environments for telecommunications operators.


Security Pattern is primarily engaged in the quantum-secure IoT-based digital manufacturing use case. In this context, we define and apply post-quantum solutions for embedded devices, with a particular focus on those operating in constrained environments, primarily targeting secure communication between hardware components. We also implemented a hybrid post-quantum extension of the MbedTLS software library, which provides TLS and cryptographic functions with a small amount of memory.


How Security Pattern Can Help


Security Pattern has supported device manufacturers with their cybersecurity challenges, including cryptography, for over seven years. The company was founded by Guido and Filippo in 2017, both having strong backgrounds in cryptography and security of embedded systems. Guido is the co-author of more than 40 scientific papers on cryptography, implementation of cryptographic algorithms, side channel, and fault attacks. He participated in the program committee of several conferences and workshops and was part of the steering committee of CHES (Cryptographic Hardware and Embedded Systems) from 2013 to 2019. He also collaborated with Joan Daemen, Michael Peeter, and Gilles Van Assche in the design of Keccak, the cryptographic algorithm winner of the NIST SHA-3 competition, which is used in many different blockchains like Ethereum.

Filippo is the author of 4 registered patents in the field of secure cryptographic implementations, and has developed a wide experience in building cryptographic components with different needs in terms of performance, footprint, and security.


Security Pattern’s mission is to help creators of intelligent connected devices to design, implement, and operate their systems with a sustainable security level. We do this by offering both evaluation and implementation consultancy services (such as the implementation or review of secure boot, architecture reviews, and testing), as well as training, and vulnerability management through the ARIANNA Platform. 


We actively participate in the cryptographic research community, participate in conferences, and have authored over 50 papers. 


Security Pattern’s cybersecurity experts have been supporting Device Manufacturers since 2017.




 
 
 

Comments

Commenting on this post isn't available anymore. Contact the site owner for more info.
bottom of page