(7 votes, average: 5.00 out of 5)
Loading...Post-Quantum Cryptography Is Coming to Windows & Linux: What You Need to Know
(7 votes, average: 5.00 out of 5)Loading...
Welcome to the Quantum Era, where even the strongest locks we use to protect our digital lives might soon be breakable. However, don’t panic; Microsoft is already preparing for that future, and it has just rolled out a groundbreaking update for Windows Insiders and Linux users that could change the game for cybersecurity forever.
Why Quantum Computing Is Dangerous?
Quantum computers can do some pretty amazing things, solve complex problems in seconds, simulate molecules for new drug discoveries, and more. But here’s the problem: they can also crack most encryption that protects your emails, bank transactions, and sensitive files.
Also Read: What is Quantum-safe Cryptography? Quantum vs. Post-Quantum Cryptography
This leads to a terrifying idea called “Harvest now, decrypt later.” Hackers can steal your encrypted data today and just wait until quantum tech is strong enough to break it. So, what do we do?
To prepare for this, Microsoft has been working on Post-Quantum Cryptography (PQC), a new kind of encryption that can resist attacks even from quantum computers.
Previously, Microsoft:
- Talked about the risks of quantum computing to current encryption.
- Shared its work in making systems quantum-safe.
- Added PQC algorithms to their core cryptography library, SymCrypt.
Now, Microsoft is taking the next step in its latest update:
- They’ve added PQC support to Windows Insiders (Canary Build 27852+).
- And to Linux through SymCrypt-OpenSSL v1.9.0.
This means companies and developers can now start testing and preparing for a quantum-secure future.
What’s New for Microsoft Windows Users?
Windows is still the world’s most popular OS, and now it’s getting a quantum-resistant makeover.
Microsoft is adding two PQC algorithms:
ML-KEM (Module Lattice-Based Key Encapsulation Mechanism)
It is also known as CRYSTALS-Kyber and is designed for key encapsulation and exchange. ML-KEM is a post-quantum algorithm that helps with secure key exchange basically, it protects the start of a secure connection (like HTTPS). It’s efficient and offers strong security levels.
It allows developers to test quantum-safe key exchanges alongside current methods like RSA or ECDH. It’s designed to prevent a future attack strategy called “harvest now, decrypt later”, where hackers collect encrypted data now to decrypt later using quantum computers.
There are 3 security levels:
| ML-KEM Version | Public Key Size | Ciphertext Size | Shared Secret | NIST Level |
| ML-KEM 512 | 800 bytes | 768 bytes | 32 bytes | Level 1 |
| ML-KEM 768 | 1184 bytes | 1088 bytes | 32 bytes | Level 3 |
| ML-KEM 1024 | 1568 bytes | 1568 bytes | 32 bytes | Level 5 |
ML-DSA (Module Lattice-Based Digital Signature Algorithm)
Microsoft also suggests using ML-DSA in hybrid mode with algorithms like ECDSA or RSA. But be aware ML-DSA uses larger keys and signatures, which may affect speed and storage. It was previously known as CRYSTALS-Dilithium.
It is used for digital signatures, ensuring data integrity and authenticity. ML-DSA is used to digitally sign documents or software, proving they’re authentic and untampered.
Your apps, drivers, and digital certificates can now be signed using PQC, and Windows lets you import, export, and validate them using the built-in Certificate API.
Signature Sizes:
| ML-DSA Version | Public Key | Private Key | Signature | NIST Level |
| ML-DSA-44 | 1312 bytes | 2560 bytes | 2420 bytes | Level 2 |
| ML-DSA-65 | 1952 bytes | 4032 bytes | 3309 bytes | Level 3 |
| ML-DSA-87 | 2592 bytes | 4896 bytes | 4627 bytes | Level 5 |
What’s New in Linux?
For Linux users, Microsoft has updated SymCrypt-OpenSSL (a plugin for OpenSSL 3) in version 1.9.0.
From this update, you can:
- Use TLS hybrid key exchange, which combines current encryption + quantum-safe ML-KEM.
- Test how this affects handshake speed, message size, and performance.
This lets developers test how using PQC affects:
- TLS handshake sizes
- Connection speed
- Overall performance
Note: These are draft specifications, so expect future changes. Microsoft will continue updating its tools to match evolving standards.
What’s Coming Next?
You didn’t think Microsoft was stopping here, did you? This is just the start. Microsoft plans to:
1. More Algorithms
New algorithms like SLH-DSA are being added to Windows and Linux cryptographic libraries.
2. X.509 Certificate Support
Microsoft is working with global partners to standardise post-quantum certificates for software, firmware, and more.
3. Windows TLS (Schannel)
They’re bringing quantum-safe TLS (used in HTTPS) to Windows too, not just Linux.
4. Microsoft Active Directory Certificate Services (ADCS)
You’ll be able to issue and manage PQC certificates from your own CA (Certificate Authority), including:
- CRLs (Certificate Revocation Lists)
- OCSP (Online Certificate Status Protocol)
- NDES, CEP, CES services
- Microsoft Intune Certificate Connector
These updates ensure PQC works across all your devices, from on-prem servers to mobile endpoints.
But Wait… What About Performance?
As we know, Post-quantum algorithms are bigger and slower than what we’re used to.
- Signature sizes and keys are much larger.
- TLS handshakes might take a bit longer.
- Your systems may need optimisation and hardware acceleration to handle the extra load.
- The good news is that Microsoft is working on TLS optimisations like key share prediction and certificate compression (for everything but signatures). These will help speed things up.
Crypto Agility: Stay Flexible or Fall Behind
You can’t bet everything on one algorithm. That’s why Crypto Agility is key. Think of it like building a house with removable walls. If a new algorithm comes out, you can swap it in without rebuilding from scratch.
Hybrid methods (mixing quantum-safe + traditional algorithms) are a smart transitional strategy. As the field matures, you’ll be ready to go all-in on PQC.
Conclusion
Quantum computers aren’t breaking encryption tomorrow, but they will in the next few years. If you wait until then, it’s too late. Microsoft is giving developers, enterprises, and security professionals a head start with early access to PQC tools in Windows and Linux.
By testing these technologies now, you’re preparing your systems for a secure, quantum-resistant future.
Want to try PQC today?
If you’re on Windows Insider (Canary build 27852+), you’re good to go.
If you’re on Linux, install SymCrypt-OpenSSL v1.9.0 and start testing.
