PQShield shrinks post-quantum crypto for tiny devices

PQShield has released an updated version of its embedded cryptography library that can run standardised post-quantum cryptography in under 5KB of RAM, a target aimed at microcontroller-based devices with tight memory budgets.

The product, PQMicroLib-Core, is part of the company's UltraPQ Suite. PQShield is pitching the update as a way for device makers to adopt post-quantum cryptography without redesigning hardware in sectors such as payments, medical wearables, industrial control systems, and networking equipment.

Post-quantum cryptography refers to encryption algorithms designed to resist future attacks from large-scale quantum computers. New standards are moving toward larger keys and more complex operations than many widely deployed public-key systems, putting pressure on constrained devices that already run close to memory limits.

Some post-quantum implementations require 30KB to 40KB of RAM. That can work on servers, laptops, and larger embedded systems, but it can exceed the available headroom in microcontrollers that measure total RAM in tens of kilobytes.

Constrained devices

PQShield highlighted secure boot as one of the most difficult environments for post-quantum cryptography. Secure boot routines run early in the start-up sequence and often have minimal RAM available, which PQShield put at 8KB to 10KB for smaller devices.

The update targets what the industry often calls brownfield deployments-devices already in the field that typically receive security improvements through firmware and software updates rather than hardware changes. PQShield cited an installed base of 20 billion such devices.

PQShield argues that a small footprint matters because device makers often must choose between removing features, compromising performance, or reworking hardware designs to add memory. In industrial fleets, the cost and logistics of recalls can also shape the business case for a security migration.

The latest PQMicroLib-Core configuration is described as the "leanest professional-grade PQC solution" for embedded devices and, according to PQShield, has a footprint up to eight times smaller than other off-the-shelf and open source alternatives.

TLS changes

The update also extends to transport security. PQShield has added a post-quantum approach for TLS, the protocol widely used to protect connections between devices and cloud services.

In embedded systems, TLS deployments often rely on common interfaces and middleware, including the Platform Security Architecture approach to cryptographic APIs, often referred to as PSA. PQShield said PSA was not designed with post-quantum algorithms in mind.

PQShield has integrated PQMicroLib-Core with the PSA Certified Crypto API. It also says it offers a drop-in post-quantum TLS upgrade path using the PSA API and Mbed TLS, positioning the result as a "full-stack" option for embedded TLS in post-quantum settings.

According to PQShield, the integration uses standard, portable APIs, can be deployed through software updates, and fits within embedded memory limits. The company added that the upgrades can also be built into silicon for new devices.

Physical attacks

The move to larger keys can shift the threat model for devices with physical exposure. Attackers with hands-on access can attempt side-channel attacks such as differential power analysis, which infers secret values from a device's power-consumption patterns. Fault injection attacks aim to manipulate computations by inducing errors through voltage, clock, or other perturbations.

PQShield said larger post-quantum keys can make devices more vulnerable to these techniques, with risks more acute in high-value infrastructure that is physically accessible, including telecoms and payment systems.

Not every device class uses dedicated hardware countermeasures, especially where bill-of-materials constraints are tight or where devices are already deployed. PQShield said the updated PQMicroLib-Core includes software-level DPA countermeasures.

Those protections can be delivered to deployed products through software updates and can also be integrated into chip designs currently in production.

Industry links

PQShield says it is working with chipmakers and embedded-systems manufacturers on post-quantum adoption. It cited a collaboration with STMicroelectronics and referenced existing collaborations and projects with Microchip Technology, Lattice Semiconductor, and IAR Systems.

PQMicroLib-Core is available now.

PQShield Chief Executive Officer and Founder Dr Ali El Kaafarani framed the release as part of a wider shift in security engineering.

"Post-quantum cryptography is the biggest cybersecurity transition in a generation. It needs to be thorough but also practical, and can't come at the expense of operational efficiency or good performance. We've worked hard to develop implementations for the embedded sector that give manufacturers the security they need with the convenience they want - through software upgrades rather than hardware recalls, and by developing the most lightweight post-quantum cryptography on the market," said Dr Ali El Kaafarani, Chief Executive Officer and Founder, PQShield.

PQShield said it plans to continue working with device and chip partners as post-quantum standards move into wider procurement and compliance requirements across embedded markets.