Imagine a future where quantum computers have the power to crack the encryption that keeps our digital world safe. That may sound like science fiction, but experts warn it could become a reality within the next decade. Such machines would be capable of forging digital signatures or unlocking sensitive data at speeds impossible for today’s classical computers. This looming threat has triggered a worldwide push for new cryptography, known as post-quantum cryptography (PQC), which is designed to stand up to both today’s and tomorrow’s quantum attacks.
In this article, we’ll dive into why PQC-based code signing is essential for secure software delivery in an era shaped by the new standards of CNSA 2.0, and what steps organizations should take right now to stay protected.
The Growing Threat of Quantum Computing
Current cryptographic algorithms like RSA and elliptic-curve cryptography rely on solving complex math problems, like factoring large numbers, that are practically impossible for regular computers. But quantum computers could solve these problems in a flash, using algorithms like Shor’s, making these once-safe encryption methods vulnerable.
While a fully-functional, “cryptographically relevant” quantum computer doesn’t exist yet, many experts believe it could be built within the coming years. If that happens, anyone with malicious intent could forge digital signatures, effectively impersonating trusted software vendors, and distribute malware that appears legitimate. Confidential data, once thought safe, could suddenly be decrypted. Governments and security agencies have issued urgent warnings: once quantum exceeds a certain power threshold, today’s encryption will no longer hold.
This is why the race is on to deploy quantum-resistant cryptography now, before “Q-day” arrives. Even now, adversaries could be quietly recording encrypted data, software packages, communications, or sensitive information with the hope of decrypting them later when quantum computers become powerful enough.
It’s important to note that quantum cryptography, which uses principles from quantum physics to secure communication, is different. What we’re talking about here is post-quantum cryptography (PQC): classical algorithms built to resist quantum attacks. You don’t need a quantum network to benefit from PQC; these algorithms run on conventional hardware and can protect your data and software today.
What Is Post-Quantum Cryptography?
Post-quantum cryptography encompasses new encryption algorithms and signatures that are believed to be safe even against quantum computers. Unlike RSA or ECC, which base their security on problems that are difficult for conventional computers to solve, PQC relies on different, more complex math, such as lattice problems, error-correcting codes, or hash functions, that quantum computers can’t crack efficiently.
Back in 2016, the U.S. National Institute of Standards and Technology (NIST) launched a global effort to identify, evaluate, and standardize these new algorithms. After multiple rounds of assessment, NIST announced a set of standards in 2022, and these became official in August 2024. Notable among them are:
- ML-KEM (CRYSTALS-Kyber): A secure way for two parties to establish shared keys, ideal for encrypting data during communication.
- ML-DSA (CRYSTALS-Dilithium): A fast, secure digital signature method meant to replace older signature schemes like RSA/ECDSA.
CNSA 2.0, a Clear Roadmap for a Quantum-Resistant Future
The U.S. NSA has been at the forefront of planning for this new security landscape. In 2022, they announced the Commercial National Security Algorithm Suite 2.0 (CNSA 2.0), a set of guidelines and standards for U.S. government networks and beyond. The goal: begin switching to post-quantum algorithms now, with full adoption targeted around 2035.
One of the most significant updates in CNSA 2.0 is the explicit approval of quantum-safe methods for software and firmware signing. This means digital signatures that rely on hash-based schemes like LMS and XMSS are now recognized as trustworthy options for verifying that code or firmware hasn’t been tampered with, even in a quantum era. These algorithms are already standardized and can be deployed today to safeguard long-term updates.
CNSA 2.0 also highlights the importance of NIST’s newer algorithms, ML-KEM for key exchange and ML-DSA for signatures, once they’re fully standardized and supported in hardware and software. The message is clear: organizations should start using these approved quantum-safe algorithms as soon as they’re available, especially for core functions like code signing.
The timeline for adoption is aggressive. NSA recommends beginning to support PQC algorithms immediately, with a goal of having them as the default for software and firmware signing by 2025. Full transition away from legacy schemes like RSA and ECC is expected by 2030, and the entire move to a quantum-resistant infrastructure should be completed by 2035.
Why Code Signing Matters in a Post-Quantum World
At the heart of software security is code signing, digital signatures that verify the publisher and integrity of software, firmware, and updates. This process is essential for maintaining trust in the software supply chain, especially in an era of rising cyber threats.
If the signature schemes protecting these software assets are compromised by quantum computers, attackers could impersonate trusted vendors and push out malicious updates or software. That’s why switching to quantum-resistant signatures is critical: it ensures that the software coming from trusted sources remains verifiable, no matter what future quantum capabilities bring.
The primary candidates for post-quantum code signing include:
- Hash-based signatures like LMS and XMSS: Already standardized and ready for use, these algorithms are considered highly secure, although they require careful key management because each key can only sign a limited number of times.
- Lattice-based signatures like ML-DSA: Expected to become the new standard when fully supported; they’re more flexible since they can sign unlimited times and are faster to verify.
Practical Steps to Transition
Preparing for a quantum-safe future requires planning and strategic implementation:
- Identify Vulnerable Systems: Make an inventory of where cryptography is used across your infrastructure, software, firmware, communication channels, and internal systems. Focus first on high-value assets like firmware updates and critical applications.
- Build in Flexibility: Adopt crypto-agility, design your systems so that cryptographic algorithms can be swapped or upgraded easily. Use standards and protocols that support multiple algorithms or hybrid signatures.
- Start Testing Now: Pilot PQC algorithms with non-production code. Sign and verify firmware or software using LMS, XMSS, or ML-DSA. This early testing will uncover compatibility issues and performance impacts, giving you time to address them.
- Partner with Vendors: Collaborate with providers of your security tools, HSMs, and PKI infrastructure. Many are already developing or supporting PQC options. Ensure your supply chain is aligned with your transition timeline.
- Manage Keys Carefully: Use hardware security modules (HSMs) or Trusted Platform Modules (TPMs) to safeguard private keys, especially since post-quantum algorithms like LMS/XMSS require strict management due to their stateful nature.
- Plan for Hybrid Signatures: During transition, consider signing with both traditional and quantum-safe algorithms. This dual signing provides backward compatibility and reduces risk, with eventual full migration to PQC signatures fully phased in by your target deadlines.
- Stay Informed and Compliant: Follow evolving standards, regulatory requirements, and best practices. Demonstrate proactive effort in PQC integration as part of your security posture.
Embracing the Future of Secure Software Delivery
Transitioning to post-quantum cryptography (PQC) is a significant milestone—but it’s just one piece of a much larger security puzzle. Achieving a truly secure software supply chain also requires compliance with the NSA’s CNSA 2.0 guidelines, alignment with CA/Browser Forum rules, and the implementation of crypto-agile development practices. Together, these initiatives form the foundation of a modern, quantum-resilient security posture.
With deadlines looming and quantum threats on the horizon, now is the time to act. The earlier your organization begins testing and implementing PQC digital signatures, the smoother the transition will be—and the more resilient your infrastructure becomes. This is your opportunity not just to comply, but to lead—by embedding crypto-agility into your SDLC, strengthening customer trust, and safeguarding long-term digital resilience.
If you’re ready to start—or accelerate—your transition, Garantir can help. With deep expertise in quantum-safe cryptography and enterprise-grade key protection, our GaraSign platform enables secure, high-performance code signing that meets CNSA 2.0 and CA/B Forum requirements without disrupting your workflows.
Download our e-book on PQC and CNSA 2.0 Compliant Code Signing.
Or contact our team at info@garantir.io to learn how we can support your secure software delivery strategy.
