Microsoft is preparing users for the future of PC security by adding Post-Quantum Cryptography capabilities to Windows 11 and Linux. Understandably overlooked by the excitement of Computex, Microsoft’s announcement from last week slid under the radar of many. Microsoft has stated that it has made PQC available via Windows Insider Canary Channel Build 27852 and higher and for Linux users through SymCrypt-OpenSSL version 1.9.0. These algorithms will enable users to begin exploring the next stage of system security as quantum computing becomes more readily available. It has long been theorized that the arrival of more advanced quantum computers will usher in new threats to traditional security measures using public-key cryptography.
PCs, servers, smartphones, and generally most electronic devices that feature either a password/code/pin have typically relied on RSA or other asymmetric algorithms for encryption. Despite using increased bit levels, which could take a powerful computer weeks, or much longer, to crack, scaled quantum computing could crack even the toughest encryption within minutes using what is called Shor’s algorithm. It’s previously been thought that a quantum computer with over a million stable qubits would be required to achieve this task. While Microsoft’s addition of PQC is just the beginning, it does represent a major step forward in preparing the world for the next phase of security.
Users can now try their hand at exploring ML-KEM and ML-DSA encryption. Microsoft has advised users to employ a hybrid approach in using either ML-KEM or ML-DSA alongside RSA or ECDH, as using both is fairly resource-intensive due to their use of Keccak, which is the basis of SHA-3 and SHAKE. It is to be expected that PQC solutions will grow and evolve to reduce demands on the system, but for now, this is merely an introduction allowing customers to begin getting acquainted with upcoming security techniques.
| Public (encapsulation) key size | Ciphertext size | Shared secret size | NIST security level | |
| ML-KEM 512 | 800 bytes | 768 bytes | 32 bytes | Level 1 |
| ML-KEM 768 | 1184 bytes | 1088 bytes | 32 bytes | Level 3 |
| ML-KEM 1024 | 1568 bytes | 1568 bytes | 32 bytes | Level 5 |
| Public key size | Private key size | Signature size | NIST security level | |
| ML-DSA-44 | 1312bytes | 2560 bytes | 2420bytes | Level 2 |
| ML-DSA-65 | 1952 bytes | 4032 bytes | 3309 bytes | Level 3 |
| ML-DSA-87 | 2592 bytes | 4896 bytes | 4627 bytes | Level 5 |
“The integration of PQC capabilities into Windows Insiders and Linux marks a significant step forward in preparing for the quantum era. Quantum computing has significant potential to help solve some of humanity’s greatest challenges, and by proactively addressing the security concerns with current cryptographic standards, Microsoft is helping pave the way for a digital future that both realizes the benefits of quantum and mitigates the security risks.”
– AabhaThipsay, Microsoft
More information about Post-Quantum Cryptography and scaled quantum computing can be found here and here.