Blog
Using Post-Quantum Cryptography in Embedded Systems for Automotive Applications
Januar 7, 2012
As embedded systems continue to evolve, so do the threats targeting them. In automotive, industrial, and defense environments where devices may remain deployed for 10–30 years security decisions made today must remain valid well into the future. One of the most significant emerging risks is the rise of quantum computing, which will fundamentally break many of today’s cryptographic foundations.
This article explores how post-quantum cryptography (PQC) impacts embedded and automotive systems, why traditional cryptography such as RSA and elliptic-curve algorithms are no longer future-safe, and how organizations can prepare for a quantum-resilient future.
Modern embedded systems rely heavily on public-key cryptography for:
• Secure boot and firmware authentication
• Secure diagnostics (UDS)
• ECU authentication and secure communication
• OTA update protection
However, quantum computers running Shor’s algorithm will be able to efficiently break the mathematical foundations of:
• RSA
• Elliptic Curve Cryptography (ECC) (ECDSA, ECDH, EdDSA, etc.)
This makes these algorithms unsuitable for long-lifecycle systems such as automotive ECUs, heavy-duty vehicles, and industrial controllers especially given the risk of “harvest now, decrypt later” attacks.
To address this, NIST has finalized a new generation of quantum-resistant algorithms designed to replace classical public-key cryptography.
As of 2025, NIST has standardized:
• ML-KEM (Module-Lattice Key Encapsulation Mechanism) – for key exchange
• ML-DSA (Module-Lattice Digital Signature Algorithm) – for digital signatures
• SLH-DSA (Stateless Hash-Based Signatures) – alternative signature scheme
• HQC – added as a backup KEM for algorithmic diversity
These algorithms are designed to resist both classical and quantum attacks and form the foundation of future secure systems.
Important:
RSA and all elliptic-curve–based algorithms are not post-quantum secure.
AES-256 remains safe, as quantum attacks only reduce its effective strength to ~128 bits.
Post-quantum cryptography introduces real engineering challenges especially for resource-constrained, real-time environments.
Key Challenges
• Resource Constraints PQC algorithms require significantly more memory, computation, and bandwidth than ECC or RSA.
• Real-Time Constraints Large keys and signatures can introduce latency, which is problematic for CAN, CAN-FD, J1939, and real-time control networks.
• Long Product Lifecycles Automotive and industrial systems must remain secure for decades, making early design decisions critical.
The table below highlights why adopting PQC in embedded systems requires careful design tradeoffs:
| Algorithm Family | Key Size (Bytes) | Signature Size (Bytes) | Approx. Cycles (Cortex-M4) | Suitability for Real-Time Embedded |
|---|---|---|---|---|
| ECC (current) | ~32 | ~64 | Low (thousands) | Excellent |
| ML-DSA (PQC) | ~1–3 KB | ~2–5 KB | High (millions) | Challenging, requires optimization |
| Ascon (lightweight / hybrid use) | Small | Small | Medium | Promising for CAN integration |
This comparison highlights why a direct replacement of ECC with PQC is not always feasible and why hybrid and phased approaches are critical.
Combining classical and post-quantum algorithms provides immediate security and future resilience.
Example:
• ECC + ML-KEM
This approach remains secure unless both algorithms are broken and is already used by major cloud and network providers.
Secure bootloaders and firmware authentication are ideal first targets:
• Limited execution frequency
• High security impact
• Easier integration of larger cryptographic operations
Next-generation automotive MCUs increasingly support:
• SHA-3 / SHAKE accelerators
• Larger memory footprints
• PQC-friendly cryptographic primitives
These features make PQC adoption more practical over time.
Protocols such as UDS, J1939, and proprietary diagnostic stacks can gradually incorporate quantum-safe authentication and key exchange without breaking backward compatibility.
Quantum computers capable of breaking today’s cryptography are not science fiction they are an engineering timeline problem. Systems designed today will still be in service when quantum attacks become practical.
Organizations that delay planning will face costly retrofits, certification challenges, or security exposure. Those that plan now gain long-term resilience and competitive advantage.
Post-quantum cryptography is no longer theoretical it is becoming a practical requirement for long-lifecycle embedded systems.
While RSA and elliptic-curve cryptography have served the industry well, they are not future-proof. Transitioning toward post-quantum–resistant designs starting with hybrid approaches and evolving toward full PQC adoption ensures long-term security and regulatory readiness.
For automotive and industrial systems, the time to prepare is now.