The company has introduced post-quantum cryptography (PQC) capabilities to Windows Insiders and Linux users, marking a major milestone in preparing for the post-quantum era. Microsoft is integrating PQC algorithms into its core systems, allowing organizations to experiment with and implement quantum-resistant solutions. This will protect sensitive data from situations such as “collect now, decrypt later” threat, that refers to attackers collecting encrypted data today with the hopes of decrypting it once quantum computers become powerful enough.
Advertisеment
In today's announcement, Microsoft said PQC capabilities are now available to Windows Insiders on Canary Channel Build 27852 and above, and to Linux via SymCrypt-OpenSSL version 1.9.0. These updates provide early access to advanced algorithms, allowing developers and security teams to evaluate compatibility, performance, and integration in their environments. By taking a proactive approach, organizations can identify potential issues, optimize implementation strategies, and ensure a smoother transition as global standards evolve.
What's New for Windows
As one of the most widely used operating systems in the world, Windows plays a critical role in the digital ecosystem. With this update, Microsoft is introducing two key PQC algorithms — ML-KEM and ML-DSA — to Windows Insiders through updates to the Cryptography API: Next Generation (CNG) libraries and the Certificate and Cryptographic Messaging features.
ML-KEM
ML-KEM: Designed for public key encapsulation or key exchange scenarios, ML-KEM helps mitigate the threat of “collect now, decrypt later.” The algorithm supports multiple parameter sets, offering different levels of security based on NIST standards. For example, ML-KEM-768 provides Layer 3 security, making it suitable for high-assurance applications. Microsoft recommends using ML-KEM along with existing algorithms like ECDH or RSA during the transition period to maintain defense in depth.
ML-DSA
ML-DSA: This algorithm allows developers to experiment with PQC for scenarios that require digital signatures, such as verifying identity, integrity, or authenticity. Like ML-KEM, ML-DSA can be used in hybrid mode with traditional algorithms such as ECDSA or RSA. However, organizations should be aware of its impact on performance and signature sizes, as preliminary analysis indicates tradeoffs in these areas.
In addition, the Windows Certificate API surface now supports installing, importing, exporting, and verifying ML-DSA certificates. This feature allows customers to experiment with PQ certificate chains and trust status, ensuring that their systems are ready for future quantum-resistant security requirements.
Improvements for Linux users
For Linux users, Microsoft has updated the SymCrypt provider for OpenSSL 3 to include support for hybrid TLS key exchange in line with the latest IETF Web of Conferences draft. This update allows Linux programmers to integrate PQC algorithms into their applications, providing the ability to prepare in advance for emerging quantum threats.
The addition of hybrid key exchange enables customers to analyze how PQC impacts handshake message sizes, TLS latency, and overall connection efficiency. These insights are critical to understanding operational tradeoffs and making informed decisions as organizations move toward quantum-resistant security. Specifically, these changes are based on draft specifications, and Microsoft plans to iterate on them as standards evolve to ensure interoperability and compliance.
A Collaborative Approach to Standardization
Microsoft’s efforts extend beyond product updates. The company is actively collaborating with industry partners and standards bodies, including the IETF LAMPS working group, to advance X.509 standardization for PQC algorithms such as ML-KEM, ML-DSA, SLH-DSA, and LMS/XMSS. These initiatives address a variety of use cases, from firmware signing to secure communications.
In addition, Microsoft is working to enable PQC in its own services.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
