With workable quantum threats expected by 2033, a first wave of hardware-level quantum-resistant computers in 2025 is on the way

The potential introduction of quantum computers by 2033 capable of breaking asymmetric cryptography may soon put non-quantum-protected computers at risk of computer attacks.

The US government has since outlined specific recommendations around migrating to quantum-resistant cryptographic algorithms for firmware signing, recommending quantum-resistant cryptography be used from 2025, and be required from 2030, for sensitive systems.

This month, one major manufacturer of computers has launched the first wave of hardware-level compliance with Post-Quantum Cryptography (PQC) migration, given that computer refresh cycles typically occur every three to five years in view of the need to extend hardware shelf lives for sustainability.

The process involves embedding protection against quantum computer hacks at the chip level. By isolating the firmware chip from the processor and operating system, the risk of data breaches and unexpected downtime can be reduced.

The firmware chip in question, called an “Endpoint Security Controller (ESC)” by Hewlett Packard (HP), will be available in selected models of workstations and business computers. The methodology of protecting computer firmware first came into use in 2013 in the firm’s premium laptops. The current version is touted as the fifth refinement of the ESC microprocessor platform featuring the following attributes:

  • It introduces post-quantum cryptography to protect firmware code now
  • It physically isolates itself from the main processor and operating system
  • It starts running before, and independently of, the CPU, validating that the BIOS and other critical firmware have not been tampered with, before allowing the system to boot
  • It stores clean copies of firmware in isolated flash memory that it can restore if corruption is detected

Given the current uncertainties about the development trajectory of quantum threats, no one can actually be certain that today’s first wave of post-quantum cryptography at the hardware level will.

actually be viable. However, it is certainly a step in the right direction, and more hardware manufacturers are expected to comply with PQC regulations around the world.