Quantum Threats Meet the Connected Car
Back in November 2024, I wrote a blog which discussed the implications of cybersecurity in automotive. In that blog, I outlined some of the efforts and frameworks that have been established to address this evolving field as it applied to automotive while highlighting the ISO 21434 cybersecurity framework.
With the advent of quantum computing, which promises to bring to deliver far greater computing performance than previously imagined, existing cybersecurity solutions are expected to be at risk once Cryptographically Relevant Quantum Computer (CRQC) become available. While a CRQC is not widely expected before 2029, the importance of recognizing and addressing this new form of cybersecurity attack today cannot be overstated. As an update to my previous blog, it seemed appropriate to explore the potential impact of Post Quantum Cryptography (PQC) on next-generation vehicles and the approaches and considerations that must be taken to address this looming threat.
From Connected Cars to Cryptographic Risk
While automotive OEMs race to deploy Software Defined Vehicles (SDV) with sophisticated connectivity, artificial intelligence (AI), and Over-the-Air (OTA) update capabilities, quantum computing, once confined to research laboratories, is rapidly approaching commercial viability, and with it comes the harsh reality of cryptographic obsolescence. Post Quantum Cryptography (PQC) represents the industry's attempt to address this looming threat, yet its implementation presents challenges as complex as the vehicles it aims to protect. For an industry already grappling with ISO 21434 compliance and the expanding attack surface of connected cars, the transition to quantum resistant security cannot be an afterthought.
PQC refers to a new generation of cryptographic algorithms that were designed to withstand attacks from both classical and quantum computers. Public key systems currently in use such as RSA and ECC (Elliptic Curve Cryptography), which have been effective to date, are based upon the premise that the available computing resources were insufficient to crack these codes. With the arrival of CRQC, today’s public key systems are expected to be readily cracked, fully compromising today’s security infrastructure.
Unlike current public key systems such as RSA and ECC which rely on mathematical problems that quantum computers can solve exponentially faster, PQC algorithms are built upon hard mathematical problems that are believed to remain difficult to solve even for quantum systems. These include lattice-based cryptography, hash-based signatures, and multivariate polynomial equations. The National Institute of Standards and Technology (NIST) has begun standardizing these algorithms, with CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures emerging as primary candidates. As a quick explanation, the key exchange mechanism can be considered a “secret encoder and decoder ring” that is used to encrypt and decrypt the message, whereas digital signature ensures that the encrypted messages are coming from a trusted, known source. For automotive systems, the transition to PQC isn't merely an upgrade, it's a fundamental architectural transformation.
Harvest Now, Decrypt Later: Why Timing Matters
The urgency to address this looming problem stems from a phenomenon security professionals call “harvest now, decrypt later.” Adversaries with access to quantum capabilities in the future could capture encrypted vehicle communications today and store them for decryption once quantum supremacy arrives. Given that vehicles remain operational for 15 to 20 years, data transmitted through V2X communications, OTA update channels, and telematics systems in 2024 could be vulnerable to retrospective decryption in 2035. The automotive supply chain compounds this risk; cryptographic vulnerabilities in Tier 2 or Tier 3 components may not manifest until years after deployment, creating liability exposure that extends across decades and multiple ownership transfers.
The attack surface for quantum-enabled threats mirrors and magnifies existing automotive vulnerabilities. Consider the Common Exposure Library identified in current threat modeling: WiFi, cellular connections, Bluetooth, TPMS (tire pressure monitoring systems), OBD-II (on board diagnostic) ports, USB interfaces, EV charging infrastructure, and V2X communications. Each of these vectors currently relies on cryptographic protocols that quantum computers will eventually compromise. V2X communications, particularly, present an acute concern; these systems depend on low-latency cryptographic handshakes between vehicles and infrastructure to prevent collisions and coordinate traffic flow. The computational overhead of PQC algorithms, often requiring larger key sizes and more processing cycles, threatens to introduce latency that could degrade safety-critical response times.
OTA Updates and Signature Trust
Over-the-Air updates, already identified as high-risk vectors for malware injection, face compound quantum threats. The digital signatures that authenticate OTA packages historically have employed traditional ECDSA or RSA schemes which will be vulnerable to quantum attacks. A malicious actor with future quantum capabilities could forge signatures for malicious firmware updates, effectively weaponizing the vehicle’s own maintenance infrastructure. The Software-Defined Vehicle architecture, with its billion lines of code and continuous update cycles, requires cryptographic agility—the ability to rotate algorithms without hardware replacement. Yet current automotive ECUs were designed with static cryptographic implementations, often burned into hardware security modules with decade-long lifecycles.
The intersection of Functional Safety (ISO 26262) and cybersecurity (ISO 21434) will become particularly challenging in the PQC transition. Safety-critical systems such as steering control, braking, and ADAS depend on predictable, high-speed timing and deterministic behavior. Many PQC candidates, while mathematically robust, exhibit variable, and extended execution times or impose system level requirements that could violate existing safety elements. Lattice-based algorithms, for instance, because of their inherent extended computational needs, can require memory allocations that may trigger watchdog timers or interfere with real-time operating systems. Additionally, the extended computational time associated with these calculations may lead to exceeding the FTTI (Fault Tolerant Time Interval) of the vehicle, which is effectively the deadline that the system must beat once a fault is detected to prevent an accident. Furthermore, the threat agent risk assessment (TARA) processes mandated by ISO 21434 must now incorporate quantum-capable adversaries—nation-state actors with access to cryptanalytic quantum resources or organized criminal groups leasing quantum computing time through cloud services. In short, a lot of complexity now must be added to address critical threats.
The Hardware Reality Inside the Vehicle
Hardware constraints in general present formidable barriers to PQC deployment. Automotive microcontrollers, selected for cost efficiency and environmental resilience rather than computational headroom, often lack the memory and processing capabilities to execute post-quantum algorithms efficiently. A typical vehicle contains dozens of ECUs ranging from 32-bit microcontrollers with kilobytes of RAM to sophisticated infotainment processors and highly complex ADAS SoCs. Retrofitting PQC across this heterogeneous landscape requires either hardware replacement, which is prohibitively expensive (not viable) for vehicles already in service, or careful algorithm selection that balances security margins against resource constraints. Hybrid approaches, combining classical and post-quantum algorithms during transition periods, effectively double the cryptographic overhead.
Supply chain complexity amplifies these challenges. Automotive components source semiconductors from global foundries, incorporate software from hundreds of vendors, and integrate cryptographic modules from specialized providers. Coordinating a PQC transition requires synchronization across this ecosystem; OEMs must specify quantum-resistant requirements, chip vendors must implement hardware acceleration for lattice operations, and software suppliers must refactor cryptographic libraries. The “should strongly consider” language of ISO 21434, while providing flexibility, may prove insufficient to drive the coordinated industry response that PQC demands. Unlike the Jeep Cherokee vulnerability, which prompted immediate patches, the quantum threat offers no dramatic demonstration—only mathematical certainty of future compromise.
Data Privacy: The Archive Problem
The data privacy implications extend beyond vehicle control into the personal information ecosystem now embedded in modern automobiles. Biometric authentication data, payment credentials for EV charging, location histories, and occupant behavior patterns encrypted with current standards may persist in vehicle storage, cloud backups, and third-party databases for decades. Quantum-enabled decryption of this archive would expose not just current owners but entire household networks connected through vehicle telematics. A Nov. 2024 podcast that I participated in provided some real insights into the EV charging infrastructure security that are also very relevant and perhaps overlooked. Charging network operators must simultaneously protect real-time transaction integrity and ensure that historical charging patterns remain confidential against future quantum analysis.
Designing for Crypto-Agility Now
Addressing these challenges requires immediate architectural decisions with long-term consequences. Automotive cybersecurity teams must begin crypto-agility engineering; designing systems where cryptographic algorithms can be updated without hardware replacement, where certificate chains support algorithm diversity, and where secure boot processes can accommodate evolving signature schemes.
Algorithm diversity, in my opinion, is an admission to the fact that there is a real concern that the lattice-based algorithms may be cracked down the road, so alternative algorithms based on different math, Hamming and Hashing, are available. That said, an algorithm that was proposed by NIST for digital signage, which was deemed uncrackable after many years of review, was cracked within weeks of introduction using a relatively low-end microprocessor. In short, because CRQC are currently not available, there is no guarantee that PQC algorithms cannot be cracked leading to architectures that would require extreme amounts of agility and flexibility.
In summary, the transition to PQC cannot follow the automotive industry’s traditional model of generational updates; it must occur as a continuous capability evolution. As vehicles become software-defined platforms with connectivity lifespans exceeding their mechanical longevity, post-quantum readiness becomes not merely a security feature but a fundamental requirement for market viability.
Back in November 2024, I wrote a blog which discussed the implications of cybersecurity in automotive. In that blog, I outlined some of the efforts and frameworks that have been established to address this evolving field as it applied to automotive while highlighting the ISO 21434 cybersecurity framework.
With the advent of quantum computing, which promises to bring to deliver far greater computing performance than previously imagined, existing cybersecurity solutions are expected to be at risk once Cryptographically Relevant Quantum Computer (CRQC) become available. While a CRQC is not widely expected before 2029, the importance of recognizing and addressing this new form of cybersecurity attack today cannot be overstated. As an update to my previous blog, it seemed appropriate to explore the potential impact of Post Quantum Cryptography (PQC) on next-generation vehicles and the approaches and considerations that must be taken to address this looming threat.
From Connected Cars to Cryptographic Risk
While automotive OEMs race to deploy Software Defined Vehicles (SDV) with sophisticated connectivity, artificial intelligence (AI), and Over-the-Air (OTA) update capabilities, quantum computing, once confined to research laboratories, is rapidly approaching commercial viability, and with it comes the harsh reality of cryptographic obsolescence. Post Quantum Cryptography (PQC) represents the industry's attempt to address this looming threat, yet its implementation presents challenges as complex as the vehicles it aims to protect. For an industry already grappling with ISO 21434 compliance and the expanding attack surface of connected cars, the transition to quantum resistant security cannot be an afterthought.
PQC refers to a new generation of cryptographic algorithms that were designed to withstand attacks from both classical and quantum computers. Public key systems currently in use such as RSA and ECC (Elliptic Curve Cryptography), which have been effective to date, are based upon the premise that the available computing resources were insufficient to crack these codes. With the arrival of CRQC, today’s public key systems are expected to be readily cracked, fully compromising today’s security infrastructure.
Unlike current public key systems such as RSA and ECC which rely on mathematical problems that quantum computers can solve exponentially faster, PQC algorithms are built upon hard mathematical problems that are believed to remain difficult to solve even for quantum systems. These include lattice-based cryptography, hash-based signatures, and multivariate polynomial equations. The National Institute of Standards and Technology (NIST) has begun standardizing these algorithms, with CRYSTALS-Kyber for key encapsulation and CRYSTALS-Dilithium for digital signatures emerging as primary candidates. As a quick explanation, the key exchange mechanism can be considered a “secret encoder and decoder ring” that is used to encrypt and decrypt the message, whereas digital signature ensures that the encrypted messages are coming from a trusted, known source. For automotive systems, the transition to PQC isn't merely an upgrade, it's a fundamental architectural transformation.
Harvest Now, Decrypt Later: Why Timing Matters
The urgency to address this looming problem stems from a phenomenon security professionals call “harvest now, decrypt later.” Adversaries with access to quantum capabilities in the future could capture encrypted vehicle communications today and store them for decryption once quantum supremacy arrives. Given that vehicles remain operational for 15 to 20 years, data transmitted through V2X communications, OTA update channels, and telematics systems in 2024 could be vulnerable to retrospective decryption in 2035. The automotive supply chain compounds this risk; cryptographic vulnerabilities in Tier 2 or Tier 3 components may not manifest until years after deployment, creating liability exposure that extends across decades and multiple ownership transfers.
The attack surface for quantum-enabled threats mirrors and magnifies existing automotive vulnerabilities. Consider the Common Exposure Library identified in current threat modeling: WiFi, cellular connections, Bluetooth, TPMS (tire pressure monitoring systems), OBD-II (on board diagnostic) ports, USB interfaces, EV charging infrastructure, and V2X communications. Each of these vectors currently relies on cryptographic protocols that quantum computers will eventually compromise. V2X communications, particularly, present an acute concern; these systems depend on low-latency cryptographic handshakes between vehicles and infrastructure to prevent collisions and coordinate traffic flow. The computational overhead of PQC algorithms, often requiring larger key sizes and more processing cycles, threatens to introduce latency that could degrade safety-critical response times.
OTA Updates and Signature Trust
Over-the-Air updates, already identified as high-risk vectors for malware injection, face compound quantum threats. The digital signatures that authenticate OTA packages historically have employed traditional ECDSA or RSA schemes which will be vulnerable to quantum attacks. A malicious actor with future quantum capabilities could forge signatures for malicious firmware updates, effectively weaponizing the vehicle’s own maintenance infrastructure. The Software-Defined Vehicle architecture, with its billion lines of code and continuous update cycles, requires cryptographic agility—the ability to rotate algorithms without hardware replacement. Yet current automotive ECUs were designed with static cryptographic implementations, often burned into hardware security modules with decade-long lifecycles.
The intersection of Functional Safety (ISO 26262) and cybersecurity (ISO 21434) will become particularly challenging in the PQC transition. Safety-critical systems such as steering control, braking, and ADAS depend on predictable, high-speed timing and deterministic behavior. Many PQC candidates, while mathematically robust, exhibit variable, and extended execution times or impose system level requirements that could violate existing safety elements. Lattice-based algorithms, for instance, because of their inherent extended computational needs, can require memory allocations that may trigger watchdog timers or interfere with real-time operating systems. Additionally, the extended computational time associated with these calculations may lead to exceeding the FTTI (Fault Tolerant Time Interval) of the vehicle, which is effectively the deadline that the system must beat once a fault is detected to prevent an accident. Furthermore, the threat agent risk assessment (TARA) processes mandated by ISO 21434 must now incorporate quantum-capable adversaries—nation-state actors with access to cryptanalytic quantum resources or organized criminal groups leasing quantum computing time through cloud services. In short, a lot of complexity now must be added to address critical threats.
The Hardware Reality Inside the Vehicle
Hardware constraints in general present formidable barriers to PQC deployment. Automotive microcontrollers, selected for cost efficiency and environmental resilience rather than computational headroom, often lack the memory and processing capabilities to execute post-quantum algorithms efficiently. A typical vehicle contains dozens of ECUs ranging from 32-bit microcontrollers with kilobytes of RAM to sophisticated infotainment processors and highly complex ADAS SoCs. Retrofitting PQC across this heterogeneous landscape requires either hardware replacement, which is prohibitively expensive (not viable) for vehicles already in service, or careful algorithm selection that balances security margins against resource constraints. Hybrid approaches, combining classical and post-quantum algorithms during transition periods, effectively double the cryptographic overhead.
Supply chain complexity amplifies these challenges. Automotive components source semiconductors from global foundries, incorporate software from hundreds of vendors, and integrate cryptographic modules from specialized providers. Coordinating a PQC transition requires synchronization across this ecosystem; OEMs must specify quantum-resistant requirements, chip vendors must implement hardware acceleration for lattice operations, and software suppliers must refactor cryptographic libraries. The “should strongly consider” language of ISO 21434, while providing flexibility, may prove insufficient to drive the coordinated industry response that PQC demands. Unlike the Jeep Cherokee vulnerability, which prompted immediate patches, the quantum threat offers no dramatic demonstration—only mathematical certainty of future compromise.
Data Privacy: The Archive Problem
The data privacy implications extend beyond vehicle control into the personal information ecosystem now embedded in modern automobiles. Biometric authentication data, payment credentials for EV charging, location histories, and occupant behavior patterns encrypted with current standards may persist in vehicle storage, cloud backups, and third-party databases for decades. Quantum-enabled decryption of this archive would expose not just current owners but entire household networks connected through vehicle telematics. A Nov. 2024 podcast that I participated in provided some real insights into the EV charging infrastructure security that are also very relevant and perhaps overlooked. Charging network operators must simultaneously protect real-time transaction integrity and ensure that historical charging patterns remain confidential against future quantum analysis.
Designing for Crypto-Agility Now
Addressing these challenges requires immediate architectural decisions with long-term consequences. Automotive cybersecurity teams must begin crypto-agility engineering; designing systems where cryptographic algorithms can be updated without hardware replacement, where certificate chains support algorithm diversity, and where secure boot processes can accommodate evolving signature schemes.
Algorithm diversity, in my opinion, is an admission to the fact that there is a real concern that the lattice-based algorithms may be cracked down the road, so alternative algorithms based on different math, Hamming and Hashing, are available. That said, an algorithm that was proposed by NIST for digital signage, which was deemed uncrackable after many years of review, was cracked within weeks of introduction using a relatively low-end microprocessor. In short, because CRQC are currently not available, there is no guarantee that PQC algorithms cannot be cracked leading to architectures that would require extreme amounts of agility and flexibility.
In summary, the transition to PQC cannot follow the automotive industry’s traditional model of generational updates; it must occur as a continuous capability evolution. As vehicles become software-defined platforms with connectivity lifespans exceeding their mechanical longevity, post-quantum readiness becomes not merely a security feature but a fundamental requirement for market viability.
.png)
