The Role of FPGAs in Post-Quantum Cryptography and Cyber Resilience

By Mamta Gupta

By Mamta Gupta, Director of Security and Communications Segment Marketing, at Lattice

The rise of both 5G and the Internet of Things (IoT) has created a complex and highly distributed network of devices that are increasingly vulnerable to cyberattacks. In fact, within this new ecosystem, 83% of businesses have experienced firmware attacks, and some don’t even know that they’ve been targeted.

As a result, cybersecurity has become non-negotiable for companies, regardless of the industry.

Couple this with the advent of Quantum Computers, which will break the traditional asymmetric cryptography, and suddenly we feel the urgency to look at mitigations for this double threat. This need for secure systems that can withstand the attacks from Quantum Computers has driven a newfound demand for post-quantum cryptography (PQC) as a way to ensure that systems are cyber resilient to future threats.

However, with PQC being new to the scene, standards are continuing to evolve and, as such, they must be bolstered by tools and solutions that not only provide flexibility but also help maintain security. Fortunately, one solution already exists – Field Programmable Gate Arrays (FPGAs).

The Current State of Post Quantum Cryptography

The role of PQC in cybersecurity is to develop cryptographic systems that are secure against attacks generated from both quantum and classic computers and can work alongside existing communications protocols and networks. In July 2022, the National Institute of Standards and Technology (NIST) announced the first algorithms that will be the basis for PQC standards.

Although these first algorithms and standards are an important milestone to ensure sensitive data is secure amidst the development of new cutting-edge technology, they are just the beginning. There are additional algorithms that are being evaluated and the final selections will be announced in the coming months. However, we are seeing a quick pivot to developing and selling solutions for consumers and businesses alike – the US Government and other regulatory bodies are also releasing strict requirements for PQ resilience.

With these evolving standards and yet-to-come solutions, it’s imperative that the companies utilizing PQC can pivot and adjust as the technology changes. FPGAs are a natural fit to implement cyber resilient systems enabled with PQC algorithms in a flexible and secure way.

How FPGAs and PQC Can Work Together

Overarchingly, FPGAs are generally renowned for their flexibility, making them an excellent tool to implement evolving standards like the PQC algorithms.

Not only do FPGAs provide developers with the ability to create a specifically designed engine or co-processor, but they are also reprogrammable and can be updated after a system has already been deployed. In a space that is constantly evolving, this flexibility is critical to ensure compliance with changing PQC standards to meet new technical demands.

Additionally, FPGAs are secure and can help safeguard sensitive data amidst growing firmware vulnerabilities. FPGAs that operate as Root of Trust (RoT) devices can protect, detect, and recover in real-time. In fact, FPGAs with RoT monitor traffic, look for inaccurate transactions or rogue situations, and can carry out these actions on multiple channels at the same time – ensuring a complete chain of trust from bottom to top.

Further, if developers find something isn’t running according to plan, FPGAs provide the ability to go into recovery mode and make sure everything is working properly, helping to decrease the time that it takes systems to recover when they are attacked.

As threats and standards continue to evolve, FPGAs are a necessary tool to not only ensure that fielded systems are secure and in-line with the latest PQC algorithms but can be altered if standards change.

A PQC-Driven and Cyber Resilient Future

As we continue to embrace the fast evolving technology in our daily lives, we must also recognize and mitigate the risks that come with it. There is pressure for companies to keep their information secure – nearly half of C-suite and other executives expect the number and size of cyber events targeting their organizations’ accounting and financial data to increase in the year ahead – and many are also recognizing the threat that Quantum Computers pose to their systems and are turning to PQC models as a means of protection.

While leveraging PQC is certainly a step in the right direction, evolving standards emphasize the need to utilize existing technology like FPGAs as they allow developers to update at fundamental hardware levels in a way that microcontrollers cannot. In tandem with PQC, FPGAs are the clear answer to keeping systems nimble, flexible, and secure in the face of threats and evolving technology standards.


No posts to display