[Blog] The Post-Quantum Trust Stack: Preparing for Cryptographic Disruption

Our digital world is undergoing a profound transformation. Cloud computing, artificial intelligence (AI) and machine learning (ML) workloads, as well as the emergence of quantum computing capabilities, are reshaping how networks must be protected and secured. What’s more, these changes come amid evolving risks & regulations – from the prevalence of “harvest now; decrypt later” attacks, to updated standards like the Commercial National Security Algorithm Suite (CNSA) 2.0, Zero Trust architectures, and the Security Protocol and Data Model (SPDM).

Traditional hardware security models can’t keep pace with this changing landscape. New challenges require an adaptable, interoperable, and resilient security foundation that can evolve alongside the shifting threat and regulatory landscapes – not get stuck in the past.

In our latest Security Seminar, experts from Lattice, AMI, Quside, and SecEdge discussed “The New Trust Stack,” a model rooted in secure Field Programmable Gate Arrays (FPGAs) and supportive of features like post-quantum cryptography (PQC), verifiable quantum randomness, and embedded trusted platform modules (TPMs). Below are key takeaways from the discussion.

The Role of FPGAs as Root of Trust (RoT)
FPGAs are changing what it means to be a root of trust in hardware builds. These chips provide engineers and developers with dynamic and reconfigurable capabilities that more traditional, static silicon solutions do not possess. Unlike these static counterparts, FPGAs provide:

• Agility. They are programmable ahead of deployment and reprogrammable post-deployment to support evolving standards and algorithms without requiring hardware updates.
• Built-in Security. FPGAs are built to include multiple security functions, including secure boot, attestation, and key storage.
• Longevity. Their adaptable nature makes FPGAs ideal for long-lifecycle systems that are likely to evolve over time, such as datacenters, telecommunications, AI infrastructure, and more. Changing threats and new solutions like PQC also require adaptability for security protections to remain up to date.

Lattice FPGAs, like the new MachXO5-NX™ TDQ family, can act as system RoTs that combine advanced security capabilities, like PQC, with flexibility and processing power. This balance of hardware adaptability and built-in security can anchor a system as it transitions from classical security methods to post-quantum readiness.

Enabling the New Trust Stack with FPGAs
Rooted in FPGAs, the “New Trust Stack” integrates complementary technologies to deliver layered protection from firmware all the way through the cloud. Each layer helps to reinforce the next, delivering a holistic, verifiable, and adaptable security model. Components of this stack include:

• PQC-Ready Platform Firmware Resiliency (PFR). Firmware is the foundation of platform security, initializing hardware and establishing the entire system chain of trust. Attacks on firmware are especially dangerous because they operate below the operating system (OS) of the build, making them more difficult to detect and prevent.
  
  To protect against these kinds of attacks, AMI’s Tektagon PFR framework leverages an FPGA-based RoT to:
  • Implement the National Institute of Standards and Technology (NIST) SP 800-193 standard for firmware detection, protection, and recovery.
  • Integrate PQC-enabled secure flows using algorithms like ML-DSA/LMS and ML-KEM to secure firmware integrity.
  • Support hybrid signature validation and dual-boot workflows for both classical and post-quantum protections.
  • Integrate SPDM standards to support verifiable attestation and enable the real-time exchange of integrity evidence between subsystems.
  
  With an FPGA base, this PFR solution offers a robust yet upgradable foundation that can support evolving PQC algorithms without costly redesigns.

• Quantum Random Number Generators (QRNGs). As the baseline for every key, signature, and credential, entropy lies at the root of all cryptography efforts. Because traditional pseudo-random number generators (PRNGs) and True Random Number generators (TRNGs) rely on deterministic algorithms or could have biases creep in, they cannot guarantee true and testable unpredictability. QRNGs, on the other hand, harness quantum phenomena to generate true, measurable randomness and verifiable entropy. Pure and verifiable entropy becomes important in PQC solutions because these algorithms have large keys and many signature rounds. In PQC, entropy is the attack surface and QRNG drastically reduces that surface.
  
  Quside’s QRNG modules can be integrated directly into FPGA RoTs at boot and runtime, ensuring secure key generation and provisioning. This, in turn, guarantees the generation of observable and verifiable randomness for meeting Zero Trust standards and post-quantum ecosystem requirements.

• Firmware Trusted Platform Module. TPMs are a cornerstone of platform trust, supporting functions like secure boot, attestation, key storage, and encryption. Traditional TPMs consume board space, increase costs, introduce new attack vectors, and complicate the update and supply chain logistics for hardware builds.
  
  Firmware TPMs (fTPMs) like SecEdge’s SEC-TPM, however, can be integrated directly into FPGA RoTs to eliminate the need for discrete chips, free up board space, and reduce the attack surface by containing key management to one chip. This helps support dynamic updates and policy enforcement while still maintaining compliance with existing TPM and security standards.

Anchoring the Trust Stack of the Future The emergence of quantum computing, evolution of AI and ML solutions, and prevalence of more advanced security frameworks requires engineers to rethink how trust is established and maintained in their hardware builds. By combining real-time adaptability, resilience, and holistic security, the FPGA-rooted “New Trust Stack” delivers an adaptable, measurable, and future-ready foundation for platform security – both now and in the future.

To explore the layers of trust in more detail, watch the full Security Seminar. Explore how Lattice FPGA security solutions can be the foundation of system trust and security, and contact our team today to start building a more secure future.