



### Challenges in Transitioning from Standard to Post Quantum Cryptography in Embedded Devices

Mircea Pop Manager Security Firmware AAES NXP Semiconductors

### Agenda





- Context and challenge
- About NXP and Automotive NXP
- Post Quantum Crypto The need / Basics
- Definition of the security crypto pillars in automotive (including impact)
- Challenges for adopting PQC on legacy devices
- Strategies to address PQC on legacy devices
  - Libraries space
  - Redesign functionalities
  - Managing hybrid way of working
  - Limiting attack surface (reduce feature set availability)
- Conclusions

### Context



- Since 2020 0.5 Billion cars have been released to market,
- Average of 80 ECUs in a car
- More than 40 Billion of ECU's are on the streets
- Legacy ECUs are not resistant to Post Quantum processors attacks –various security primitives are based on standard Public Key Crypto operations (RSA, ECC)
- New Silicon roadmaps that address PQ processors attacks are expected to go mass production starting 2026 (NXP included) PQC Enabled ECUs
- · Challenge What are we doing to do with the Legacy ECU's?

#### **Corporate Overview**

### A position of strength to better serve our 26,000+ customers

NXP Semiconductors N.V. (NXP) is a public Dutch company with headquarters in Eindhoven, Netherlands, and locations throughout the globe.

NXP has over 33,100 dedicated team members united by a passion to build solutions—not just products-that enhance the capabilities of people, organizations and society at large.

Posted revenue for 2024 - Please refer to the Financial Information page of the Investor Relations section of our website at www.nxp.com/investor for additional information



CLUJ T Sibiu IT O

**EMERGING DISRUPTIVE TECHNOLOGIES:** Balancing Innovation, Risks, and Societal Impact



60+ year

history of experience and expertise

> 9,500 patent families



~33,100 talented team

~11,600 **R&D** members



Present in 30+ countries

> \$12.61B annual revenue



### The automotive industry is being disrupted



**EMERGING DISRUPTIVE TECHNOLOGIES:** Balancing Innovation, Risks, and Societal Impact

...........



Time-to-market 3 - 5 yrs to 1 - 2 yrs

Lines of code ..... 100M to 500M

Data in the car 50 GB to 10 TB

**ECU** power 30 - 60W to 50 - 200W

**ADAS** NXP

**Personalized Electric** 

Shaping the future through innovation leadership

**Application** Leadership

#1 Secure Car Access

#1 In-vehicle Networking #1 Radar

**Technology Leadership** 



**Automotive Expertise** 

#1 Automotive **Apps Processors** 

**#1 Automotive Processors** 

#1 Non-Power Analog

((ץ)) #1 Car Radio/Audio

品

 $\bigotimes$ #1 Cross-Domain **Processor** 

Heritage of quality, functional safety & security

Sources: Strategy Analytics: Automotive Semiconductors Vendor Market Shares (April 2025, April 2024), Strategy Analytics: Infotainment and Telematics Semiconductors Vendor Market Shares (May 2025); Gartner: Semiconductors Market Shares (April 2025); S&P: competitive landscaping tool (April 2024)

Post Quantum computers and the impact upon standard cryptography



**EMERGING DISRUPTIVE TECHNOLOGIES:**Balancing Innovation, Risks, and Societal Impact











Introduction into Post Quantum Cryptography by Joppe Bos (NXP Semiconductors)



### Post Quantum Crypto Algorithms statistics and sizes









| Algorithm                                      | Туре                                                                 | Usage                                                       | Typical Key Sizes                                                                                                                                                                                                                                                                                                                                                                                                  | Typical Library Size                         |
|------------------------------------------------|----------------------------------------------------------------------|-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------|
| ML-KEM<br>(formerly<br>CRYSTALS-<br>Kyber)     | Key Encapsulation Mechanism (KEM) Lattice cryptography - Based       | General<br>encryption<br>and key<br>exchange<br>(e.g., TLS) | Kyber512: Priv Key: <b>1632 B</b> Pub Key: <b>800 B</b> Kyber768: Priv Key: <b>2400 B</b> Pub Key: <b>1184 B</b> Kyber1024: Priv Key: <b>3168 B</b> Pub Key: <b>1568 B</b> Chiper size: <b>768 B-1568 B</b>                                                                                                                                                                                                        | 50-70 KB (ref C), < <b>100 KB</b> (embedded) |
| ML-DSA<br>(formerly<br>CRYSTALS-<br>Dilithium) | Digital Signature<br>Algorithm<br>Lattice<br>cryptography -<br>Based | Authentication and integrity Large Keys                     | ML-DSA-44: Priv Key: <b>2528 B</b> Pub Key: <b>1312 B</b> ML-DSA-65 Priv Key: <b>4000 B</b> Pub Key: <b>1952 B</b> ML-DSA-87: Priv Key: <b>4864 B</b> Pub Key: <b>2592 B</b> Signature Size: <b>2420 B-4595 B</b>                                                                                                                                                                                                  | 60-90 KB (ref C), ~ <b>120 KB</b> (liboqs)   |
| SLH-DSA<br>(formerly<br>SPHINCS+)              | Digital Signature<br>Algorithm<br>Hash-based<br>cryptography         | Long-term digital signatures Very large signatures          | SLH-DSA-SHA2-128s: Priv Key: <b>64 B</b> Pub Key: <b>32 B</b> SLH-DSA-SHA2-128f:Priv Key: <b>64 B</b> Pub Key: <b>32 B</b> SLH-DSA-SHA2-192s:Priv Key: <b>96 B</b> Pub Key: <b>48 B</b> SLH-DSA-SHA2-192f:Priv Key: <b>96 B</b> Pub Key: <b>48 B</b> SLH-DSA-SHA2-256s:Priv Key: <b>128 B</b> Pub Key: <b>64 B</b> SLH-DSA-SHA2-256f:Priv Key: <b>128 B</b> Pub Key: <b>64 B</b> Signature size: <b>8 KB-49 KB</b> | 100–150 KB (ref C), ~ <b>150 KB</b> (liboqs) |

### Security Pillars PQC Impact



handshake

operations

**EMERGING DISRUPTIVE TECHNOLOGIES:**Balancing Innovation, Risks, and Societal Impact

secure boot operations



Vehicle internal

communication



#### SECURITY MEASURES



# Challenges for adopting PQC into embedded devices









| Silicon<br>Characteristics<br>Challenges | Low Power<br>Microcontrollers                                                                                           | Medium Performance<br>Processors                                                                                                                          | High Performance<br>Processors                                                                                                                       |
|------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
| SRAM Memory(programable memory)          | <b>128KB-2304KB*</b> RAM                                                                                                | 8 MB                                                                                                                                                      | 8MB-20MB                                                                                                                                             |
| Cores (NUM/Performance)                  | 1-5 M7 @ 120-320 MHz                                                                                                    | Arm Cortex-A53 @800 MHz<br>2x Arm Cortex-M7 @400 MHz                                                                                                      | 1-4 ARM Cortex A53 @ 1100-1300 MHz<br>3-4 ARM Cortex M7 @ 400 MHz                                                                                    |
| Internal Storage                         | 512KB-12MB P-Flash                                                                                                      | N/A (External Flash)                                                                                                                                      | N/A (External flash)                                                                                                                                 |
| Internal Secure Key Storage              | 14КВ                                                                                                                    | 48KB                                                                                                                                                      | 48KB                                                                                                                                                 |
| PQC Readiness                            | ML-KEM(viable for Verification) MK-DSA(viable for Verification) SLH-DSA(not viable) (only one algo can fit into device) | ML-KEM(viable for Verification) MK-DSA(viable for Verification) SLH-DSA(viable – if signatures are kept in external flash) (one algo can fit into device) | ML-KEM(viable for Verification / Generation) MK-DSA(viable for Verification / Generation) SLH-DSA(viable – if signatures are kept in external flash) |
|                                          | Programable memory<br>available to adopt all PQC<br>algorithms<br>L                                                     |                                                                                                                                                           |                                                                                                                                                      |

## Strategies to address PQC on legacy devices







### Libraries space memory optimization

- Update secure firmware layout libraries (remove algorithms / functionalities)
- Remove crypto services related with the removed algorithms
- Restrict usage of algorithms

### Redesign functionalities

- Add support for PQC Key Catalogs support large keys
- Add support for large signature management (for SLH-DSA)
- Enforce usage of symmetric crypto for secure boot scenarios



## Strategies to address PQC on legacy devices





- Manage hybrid way of working ()
- Reducing the attack surface
  - ECU Firmware updates performed using symmetric cryptography (some OEM Key distribution systems used to create the internal communication channels) (signature verification using C-MAC)
  - Update Secure boot of devices instead of using PKC for signature verification – use C-MAC with device specific key
  - Remove PKC algos + update with PQC tailored algorithms (ML-DSA/ML-KEM) only verification on LP-ECU's



### **Conclusions**





- Post quantum processors generate a huge risk for the conventional cryptography
- Post quantum cryptography mitigates the risks disadvantage large size crypto libs, keys and signatures – requires reconsideration of the current security firmware's architectures
- Addressing potential attack surface can be a system challenge redesigning the overall strategy of firmware update and secure boot might need to reconsider the entire security architecture of the vehicle (using central ECU's to perform authentication of the Images planned to be deployed on LP-ECUs)



Sibiu Innovation Days 06-07 November, Sibiu - RO





Sibiu IT O Cluster

**EMERGING DISRUPTIVE TECHNOLOGIES:** Balancing Innovation, Risks, and Societal Impact





## Questions