Microsoft’s quantum-resistant cryptography is here

How We’re Preparing for the Future of Crypto

Cryptography is the science of protecting information from unauthorized access or modification. It is essential to protecting the privacy and integrity of data in the digital world. However, cryptography is not static. It evolves with advances in mathematics, computer science, and technology. One of the biggest challenges cryptography faces today is the future threat of much more powerful quantum computers.

Quantum computing They exploit properties of quantum physics such as superposition and entanglement, which are operations that are impossible or impractical for classical computers. Quantum computers have the potential to help solve some of the most complex problems in science, engineering, and medicine, but they also have the potential to overturn the public key algorithms that form the basis of encryption and security for most existing information and communications technology products today.

Previously Blog Posts We explore how quantum computing could disrupt the most commonly used asymmetric algorithms, such as Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC), and why symmetric cryptography is largely resistant to quantum threats. While quantum computers powerful enough to break public-key cryptography are still in the future, threat actors are preparing today. There is growing concern about attackers recording data now that they can decrypt later, once quantum computers are mature enough, in so-called “harvest-now, decrypt-later” attacks.

To address these challenges, researchers have been developing post-quantum cryptography (PQC) algorithms that are robust to quantum attacks. PQC is based on mathematical problems that are difficult for both classical and quantum computers. While PQC algorithms offer promising solutions for the future of cryptography, they also have some tradeoffs. For example, these algorithms typically require larger key sizes, longer computation times, and more bandwidth than classical algorithms. Therefore, implementing PQC in real-world applications requires careful optimization and integration with existing systems and standards.

Microsoft is a key participant and contributor to the National Institute of Standards and Technology (NIST) post-quantum cryptography standardization process. announce The first set of PQC algorithms available for use in the public and private sectors. Microsoft Research’s Working on PQC We have worked with academic and industry partners to include several proposals for PQC algorithms and have provided feedback and analysis on other submissions. Microsoft is also a key member and contributor. Quantum Safe Open (OQS) and National Cybersecurity Center of Excellence (NCCoE). We are also actively participating. Internet Engineering Task Force (IETF) defines a standard interoperable method for using PQC algorithms to secure communications. This step is important before we see mainstream PQC adoption in software products and services across the industry.

Microsoft has developed a comprehensive strategy to support quantum resistance and recognizes the significant impact that quantum computing could have on existing public key cryptography methods. To address this, we Microsoft Quantum Safe Program (QSP) integrates and accelerates all quantum security initiatives across the company from a technology and business perspective. QSP’s goal is to achieve quantum readiness by integrating PQC algorithms and other security measures into Microsoft products, services, and infrastructure. QSP is also committed to supporting and empowering customers, partners, and the ecosystem as they work toward their own quantum security transition.

Introducing the PQC Algorithm in SymCrypt

At Microsoft, we are committed to providing our customers with the best security solutions for their data and communications. That’s why we’re proud to announce that Microsoft’s open source core cryptography library, SymCrypt, has begun rolling out support for post-quantum algorithms. Last week, we Simcrypt The update, which includes the ML-KEM and XMSS algorithms, will be accompanied by additional algorithms detailed below over the coming months. This is an important milestone in our journey to prepare for the quantum era and protect our customers from future quantum threats.

SymCrypt is Microsoft’s primary cryptographic library used in products and services such as Azure, Microsoft 365, Windows 11, Windows 10, Windows Server 2025, Windows Server 2022, Azure Stack HCI, and Azure Linux. These products and services use SymCrypt to provide cryptographic security for scenarios such as email security, cloud storage, web browsing, remote access, and device management. SymCrypt provides a consistent interface for encryption, decryption, signing, verification, hashing, and key exchange using both symmetric and asymmetric algorithms. It is built to be fast, secure, and portable across multiple platforms and architectures. On Windows operating systems, the SymCrypt cryptographic library is built into several FIPS 140-validated Cryptographic Primitives Libraries (bcryptprimitives.dll and cng.sys). SymCrypt is also FIPS 140-validated as a cryptographic module for Linux-based operating systems. Microsoft maintains an active effort to meet the requirements of the FIPS 140 standard. As standards evolve to support PQC algorithms, we will continue to update and advance the evaluation of products and services.

As NIST announces the initial group of finalized post-quantum cryptography standards, we are excited to bring them to SymCrypt, starting with ML-KEM.FIPS 203Formerly known as Kyber, it is a lattice-based key encapsulation mechanism (KEM). In the coming months, ML-DSA (FIPS 204formerly known as Dilithium), a lattice-based digital signature scheme and SLH-DSA (FIPS 205Formerly known as SPHINCS+, it is a stateless hash-based signature scheme.

In addition to the PQC FIPS standards above, NIST published the following in 2020: SP 800-208 Recommendations for a stateful hash-based signature scheme that is resistant to quantum computers. NIST itself CalledThese algorithms are not suitable for general use because their security depends on careful state management, but they can be useful in certain situations, such as firmware signing. Following the NIST recommendations above, we have added: eXtended Merkle Signature Scheme (XMSS) to SymCrypt, Leighton-Micali signature scheme (LMS) will be added soon along with other algorithms mentioned above.

The PQC algorithm has been carefully selected by NIST to provide high security, performance, and compatibility. The algorithm has been fine-tuned for efficiency in terms of speed and size, and has been rigorously tested for security and robustness. Efforts are underway by several industry standards bodies to adopt and make these algorithms compatible with existing standards and protocols such as Transport Layer Security (TLS), Secure Socket Shell (SSH), and Internet Protocol Security (IPSec), and to allow them to operate in a hybrid mode with existing algorithms such as RSA, Elliptic Curve Diffie–Hellman (ECDH), and Elliptic Curve Digital Signature Algorithm (ECDSA). As the PQC standard evolves, we intend to integrate additional algorithms into SymCrypt to maintain compliance, security, and compatibility.

The recommended path for leveraging SymCrypt is: Cryptography API: Next Generation (CNG) On Windows, on Linux, there are several options. Use directly SymCrypt APIthat SymCrypt Engine for OpenSSL (SCOSSL)or SymCrypt Rust Wrapper. Over the coming months, these layers will add support for PQC algorithms, giving customers the ability to experiment in their own environments and applications.

The use of PQC algorithms to secure TLS communications is an area that is experiencing rapid development. The completion of the NIST algorithm represents an important milestone in this development, but two important standards are needed for widespread adoption: quantum-safe key exchange and quantum-safe signature authentication. We are working closely with the IETF to develop and standardize quantum-safe key exchange and authentication for TLS and other IETF protocols. As these standards are finalized, we will provide them through: Windows TLS Stack (Schannel) and SymCrypt Engine for OpenSSL On Linux.

PQC algorithms are relatively new, and it is wise to view the early generations of PQC algorithms as an evolving field rather than a definitive solution. This highlights the importance of “cryptographic agility” in designing solutions that can use a variety of algorithms or be upgraded to use future algorithms as the PQ standard evolves. Recognizing this, Microsoft strongly supports building cryptographically agile solutions and deploying PQC solutions that use a hybrid PQ mode of operation. Over time, as PQ algorithms and standards mature, we expect to transition to pure PQ deployments.

Adding support for post-quantum algorithms to our basic crypto engine is the first step towards a quantum-safe world. As we enable support for PQC in additional system components and applications, we will see services that enable end-to-end scenarios protected by PQC, while also providing customers with the option to experiment and adopt in their own environments and applications.

Start your PQC transformation journey

The transition to PQC is a complex, multi-year process that requires careful planning and careful attention. One of the first steps we recommend organizations take is to create an inventory of the crypto assets they are using. This will allow organizations to better understand the scope of the effort and develop a risk-based plan for transitioning to PQC.

Additionally, it is recommended that you familiarize yourself with the PQC algorithm and implementation methods in your organization.

Microsoft is here to help customers, partners, and the ecosystem navigate the quantum safety transition and optimize safety in the quantum era. Write this article. Questionnaire Start Microsoft.

conclusion

SymCrypt’s support for the PQC algorithm is a significant step forward in our efforts to prepare for the quantum era and protect our customers from future quantum threats. We are excited to share this update with you and hear your feedback and suggestions. We also look forward to working with the research community, industry, and standards bodies to advance the state of the art in post-quantum cryptography and to make it more widely available and adopted. By working together, we can maintain encryption as a robust way to protect information in the digital age.