NXP Advances Post-Quantum Security Across Product Portfolio

Why PQC Matters for Your Business
Quantum computers will soon be able to break traditional cryptography like Rivest-Shamir-Adleman (RSA) and Elliptic Curve Cryptography (ECC). This means that long-life products must be protected with future-proof cryptography. NXP integrates PQC directly into its hardware and software to ensure that your products are secure from day one to end of life.

Migrating to PQC promises to be one of the most complex challenges facing the security industry in the coming years. Over the last nine-plus years, NXP has been at the forefront of post-quantum cryptographic innovation by designing the new National Institute of Standards and Technology (NIST) standards and preparing them for real-world embedded use cases. Today, we are addressing the challenge head-on by integrating PQC into our product portfolio where it matters most—hardware roots of trust, which help guarantee PQC platform security from the moment a system powers on until the end of its lifetime, and secure cryptographic libraries to design PQC into any security critical application.

We will introduce support for PQC into nearly all new product releases, starting with the i.MX 94 and i.MX 95 industrial application processor families, the S32N vehicle super-integration processors and S32K5 automotive microcontrollers, as well as higher-end microcontrollers out of the MCX family. Next-generation secure elements, serving the mobile, Industrial IoT and secure identity markets, will also feature dedicated PQC hardware support and can be included as a ready-to-use solution for any Integrated Circuit (IC). For existing updatable systems capable of running post-quantum cryptographic algorithms, software updates will be available to extend their run-time cryptographic services with PQC.

Global Timelines and Compliance
Governments and agencies worldwide are setting deadlines for PQC adoption, aiming for the majority of the migration to be complete no later than 2035. For example, the National Security Agency (NSA) requires systems handling national security information to adopt NIST-approved post-quantum algorithms by 2027, and the EU PQC roadmap includes a 2030 deadline for high-risk use cases. NXP’s upcoming products and roadmaps are already aligned with these standards, helping you meet regulatory requirements with ease.

The development of Cryptographically Relevant Quantum Computers continues to pose a threat to traditional cryptography. This risk has led to the development of PQC algorithms, most notably through the publication of Federal Information Processing Standards (FIPS) 203-206 by the NIST in the United States. The timely transition towards PQC is a complex process, but globally, it is strongly recommended by security experts and government and security agencies. For example, in the National Security Memorandum (NSM) 10 , the U.S. cites 2035 as the goal year for mitigating the quantum risk as much as possible. As a result, the NSA released guidelines in the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0) requiring all new acquisitions of National Security Systems to be compliant with NIST PQC algorithms by 2027. The tentative roadmap of the European Commission proposes enabling quantum-safe software and firmware upgrade by the end of 2030. Meanwhile, the Institute of Commercial Cryptography Standards in China launched its own global program in 2025 to develop next-generation algorithms that are secure against quantum computers.

PQC Made Practical with NXP
NXP embeds PQC at the hardware root of trust, enabling secure boot, software or firmware updates and secure communications for new products designed to resist quantum threats. For existing systems, firmware upgrades can enhance resilience against quantum attacks. This balanced approach allows original equipment manufacturers (OEMs) to extend the life and security of existing platforms while preparing for a future with PQC-ready hardware.

The concrete migration timelines outlined by the United States and the European Union have a direct impact on the development of today’s systems. Already-deployed hardware and software will remain in operation for many years, particularly in automotive and industrial domains, in which devices may stay active for 20+ years. This implies the need for cryptographic agility, where systems can be updated and upgraded (e.g., via a firmware or software update) to improve security functionality as the need arises.

While there are many ways to architect a system, ranging from simple to very complex depending on the application space, ultimately the security traces back to a hardware Root of Trust. For post-quantum security to be achievable, it is necessary that the hardware root of trust is PQC secure, as the security and agility of all higher-level (software) components depend on it.

With the hardware root of trust covered, systems can establish the authenticity and integrity of hardware and software upon reset. This trustworthy starting point provides the foundation for data encryption and run-time applications, such as Transport Layer Security (TLS) 1.3 for establishing secure channels to incorporate support for PQC algorithms as well.

Organizations such as the Internet Engineering Task Force (IETF), GlobalPlatform, Global Systems for Mobile Communications Association (GSMA), International Civil Aviation Organization (ICAO) and many others are actively developing protocol stacks for many applications to define (hybrid) post-quantum alternatives. The support for such a wide variety of protocols will require secure and efficient run-time PQC libraries to be provided for developers.

NXP’s Portfolio: PQC-ready products
We have designed our security strategy to help ensure long-term security for our products, and PQC plays an important role to this end. PQC is not an add-on at NXP, it is integrated into our security strategy across our full portfolio, including industrial, edge, automotive, mobile and secure identity domains. With a unified vision and forward-looking approach towards adopting PQC, we are simplifying the transition in an already complex migration, and providing crypto agility where necessary and possible. This ambitious strategy has been years in the making and is already part of the design of a large portion of systems launching this year and next. With NXP products, the challenging PQC-adoption timelines—laid out by CNSA 2.0 and the European Union’s PQC Implementation Roadmap—become a reality.

Hybrid Hardware Roots of Trust for High-Risk, Long-Lifecycle Products
For products whose lifetimes will extend into the era of cryptographically relevant quantum computers, and for which the risk profile of their application domain is sufficiently high, we will aim to integrate hybrid post-quantum hardware roots of trust. These combine traditional and quantum-resistant mechanisms, including the use of 256-bit Advanced Encryption Standard (AES) key lengths and at least 384-bit hash function digest lengths for all critical assets. We will also offer pre-provisioned public key material compatible with the FIPS 204 standard Module-Lattice-Based Digital Signature Algorithm (ML-DSA), as well as customer programmable bits for custom PQC key material (supported by EdgeLock 2GO). Combined with ML-DSA implementations in immutable memory, these approaches provide post-quantum security for platform and protocol security features such as secure boot, update and debug. Meanwhile, the hardware root of trust offers post-quantum security protection from reset all the way to the first instruction that an application executes, and at run-time by authenticating any attempt to update or to open debug interfaces.

Compliance with the CNSA 2.0 algorithm suite is assured for relevant application domains, including the option to use Leighton-Micali Signatures (LMS) as defined in the Special Publication 800-208 for secure software or firmware verification.

Runtime PQC Services for New and Existing Products
For both new and existing products, run-time cryptographic services will be available, making use of the strong key isolation and physical protection of the Edgelock^® Secure Enclave (ELE), Secure Element or Hardware Security Engine (HSE / HSE2) if available. These services enable secure operations like encryption, authentication and protocol support during device operation. Firmware upgrades can extend these services to include quantum-resistant algorithms, enhancing resilience against threats like harvest-now, decrypt-later attacks.

The presence of a Secure Hash Algorithm-3 (SHA-3) hardware accelerator, included on many of the NXP devices, will be used to significantly improve performance. For very high-security products such as secure elements, additional dedicated PQC hardware will be included to meet the performance and physical security requirements needed for security profiles such as Common Criteria Evaluation Assurance Level 6 (EAL6).

www.nxp.com