Mark Russinovich and Michal Braverman-Blumenstyk present an authoritative overview of Microsoft’s quantum-safe security strategy, covering cryptography advances, standards collaboration, and practical steps for resilience against quantum-era threats.

Quantum-safe Security: Microsoft’s Progress Toward Next-generation Cryptography

By Mark Russinovich and Michal Braverman-Blumenstyk

Quantum computing is rapidly advancing and promises strong computational capabilities, but also threatens today’s public-key cryptography and digital signature schemes. Microsoft is actively preparing for the quantum era, spearheading efforts to upgrade cryptography, contribute to standards, and help organizations safeguard systems against future quantum-capable adversaries.

The Impending Quantum Security Challenge

Quantum computers could break current public-key cryptographic algorithms, undermining authentication, confidentiality, and data integrity. Migrating to post-quantum cryptography (PQC) demands coordinated global action and modernization of legacy systems.

Microsoft’s Multi-pronged Quantum-safe Strategy

  • Collaborations & Standards: Microsoft partners with NIST, IETF, ISO, and others to help define and implement quantum-safe encryption standards.
  • Investment: Microsoft’s work spans quantum hardware (e.g., Majorana 1 processor, error correction codes) and security, including PQC research, algorithm testing, and large-scale cryptographic system experiments like Project Natick.
  • Open Initiatives: Founding member of the Open Quantum Safe project and leader in integrating PQC into industry protocols.

Notable Milestones

  • Participation in NIST PQC algorithm calls and contributing to ISO standards (e.g., FrodoKEM)
  • Prototyping PQC-protected VPN tunnels
  • Announced the Adams Bridge Accelerator and Caliptra 2.0 – open-source cryptographic hardware to accelerate PQC adoption
  • PQC capabilities previewed for Windows Insiders and Linux, including updates to Microsoft’s SymCrypt library

Microsoft Quantum Safe Program (QSP)

Launched to unify and accelerate Microsoft’s transition and help partners become quantum-safe, QSP aligns with global regulatory guidance and includes:

  • Global program governance
  • Multi-phase and modular migration approach
  • Roadmap for default quantum-safe services by 2029, well ahead of government deadlines

Three Key Phases

  1. Foundational security components: Integrating PQC into cryptographic libraries (SymCrypt, CNG) and supporting both classic and hybrid key exchange (e.g., in TLS 1.3 with SymCrypt-OpenSSL).
  2. Core infrastructure services: Prioritizing secure services like Microsoft Entra authentication, key management, and signing.
  3. Ecosystem-wide enablement: Embedding PQC throughout Windows, Azure, Microsoft 365, AI services, and more.

Technical Highlights

  • Support for ML-KEM and ML-DSA algorithms
  • Hybrid and pure PQC-ready key exchanges for HNDL (Harvest Now, Decrypt Later) threat defense
  • Early testbed deployments for Windows Insiders and Linux

Guidance and Call to Action

Organizations should assess cryptographic asset risk, plan phased migrations to PQC, and adopt crypto-agility practices. Microsoft provides practical resources and recommendations for a proactive quantum-safe transition.

Further Reading & Resources

Transitioning to quantum-safe cryptography is a complex but urgent process. Microsoft’s ongoing leadership and extensive technical solutions provide strong guidance and tools for organizations preparing for this new era of security.

This post appeared first on “Microsoft Security Blog”. Read the entire article here