Microsoft Sets Roadmap for Quantum-Safe Security Across Its Ecosystem
A multi-phase roadmap designed to protect Microsoft’s ecosystem from future quantum computing threats.
Key Takeaways:
- Microsoft launches a multi-phase Quantum Safe Program to counter future quantum threats.
- New cryptographic methods aim to protect data beyond today’s encryption limits.
- Early deployment of quantum-safe capabilities planned to help organizations prepare.
Microsoft has detailed its roadmap to make its products and services quantum-safe by 2033. The company plans to begin rolling out quantum-resistant capabilities for early deployment by 2029, giving organizations ample time to prepare for the quantum era.
Microsoft has launched the Quantum Safe Program (QSP) to prepare its entire ecosystem for the security challenges posed by quantum computing. As quantum computers are expected to eventually break traditional encryption methods such as RSA and ECC, QSP focuses on transitioning to post-quantum cryptographic standards that can resist such threats.
“This approach considers each service’s unique requirements, performance constraints, and risk profile, resulting in either a direct shift to full PQC [post-quantum cryptography] or a hybrid approach combining classical and quantum-resistant algorithms as an interim step,” Microsoft explained.
The three phases of Microsoft’s Quantum roadmap
Microsoft has mentioned three phases of its Quantum Safe Program (QSP). The first phase involves integrating PQC into foundational components like SymCrypt, Microsoft’s core cryptographic library. The second phase focuses on upgrading core infrastructure services such as identity authentication and key management. The third phase involves extending quantum-safe updates to all services and endpoints, including Windows, Azure, Microsoft 365, and Microsoft’s data and AI offerings.
Microsoft has already introduced support for ML‑KEM and ML‑DSA, which is available to Windows Insiders and Linux users through CNG and certificate APIs. Moreover, the company has enabled TLS hybrid key exchange based on the latest IETF Internet draft specification.
Microsoft’s role in setting global standards
Microsoft’s Quantum Safe Program (QSP) is built around three core objectives. These include securing its own systems against future quantum threats, contributing to global research and standards for quantum-safe technologies, and crypto-agility. Cryptographic agility refers to the ability to quickly adapt and switch encryption methods as new vulnerabilities or threats emerge.
Lastly, Microsoft emphasized that the transition to the Quantum Safe Program is a multi-year process that requires strategic planning. The company is urging organizations to take proactive steps in preparing for the future risks posed by quantum computing. This involves identifying and addressing legacy technologies, as well as modernising cryptographic standards.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
