Windows 11’s most important new feature is post-quantum cryptography. Here’s why.

For the first time, new quantum-safe algorithms can be invoked using standard Windows APIs.

Microsoft is updating Windows 11 with a set of new encryption algorithms that can withstand future attacks from quantum computers in a move aimed at jump-starting what’s likely to be the most formidable and important technology transition in modern history.

Computers that are based on the physics of quantum mechanics don’t yet exist outside of sophisticated labs, but it’s well-established science that they eventually will. Instead of processing data in the binary state of zeros and ones, quantum computers run on qubits, which encompass myriad states all at once. This new capability promises to bring about new discoveries of unprecedented scale in a host of fields, including metallurgy, chemistry, drug discovery, and financial modeling.

Averting the cryptopocalypse

One of the most disruptive changes quantum computing will bring is the breaking of some of the most common forms of encryption, specifically, the RSA cryptosystem and those based on elliptic curves. These systems are the workhorses that banks, governments, and online services around the world have relied on for more than four decades to keep their most sensitive data confidential. RSA and elliptic curve encryption keys securing web connections would require millions of years to be cracked using today’s computers. A quantum computer could crack the same keys in a matter of hours or minutes.

At Microsoft’s BUILD 2025 conference on Monday, the company announced the availability of quantum-resistant algorithms to SymCrypt, the core cryptographic code library in Windows. The updated library is available in Build 27852 and higher versions of Windows 11. Additionally, Microsoft has updated SymCrypt-OpenSSL, its open source project that allows the widely used OpenSSL library to use SymCrypt for cryptographic operations.

Monday’s update bundles new post-quantum computing algorithms selected by the US Department of Commerce's National Institute of Standards and Technology (NIST) in its yearslong drive to find replacements for RSA and elliptic-curve cryptosystems. The new algorithms are the latest to be added to the list of FIPS, a NIST-endorsed list of standards for ensuring guaranteed levels of security and interoperability. Inclusion in Windows allows developers to invoke the new PQC algorithms using a set of programming interfaces Microsoft calls Cryptography API: Next Generation (CNG).

“Making the new FIPS-standard PQC algorithms available to developers in Insider builds via the standard CNG APIs is a good first step by Windows and exactly what third-party developers writing Windows apps need in order to start migrating and testing their own code to PQC,” Brian LaMacchia, a cryptography engineer who oversaw Microsoft's post-quantum transition from 2015 to 2022 and now works at Farcaster Consulting Group, wrote in an email. He added that Microsoft had revealed previously that it had begun work integrating the algorithms into SymCrypt, “but this is the first announcement about that work showing up in a beta ('Insider') build of Windows.”

The new algorithms are known as ML-KEM and ML-DSA, short for "Module-Lattice-Based Key-Encapsulation Mechanism” and "Module-Lattice-Based Digital Signature Algorithm,” respectively. ML-KEM provides a means for securely transmitting encryption key material, and ML-DSA allows for the creation of digital signatures. These algorithms were previously known as CRYSTALS-Kyber and CRYSTALS-Dilithium but took on their new names once they progressed far enough through NIST’s PQC program.

Beware of misallocated key sizes

The strength of RSA and elliptic curve cryptography is based on mathematical problems that are simple to solve in one direction and nearly impossible to solve in the other. RSA, for example, relies on the difficulty of factoring extremely large numbers, while elliptic curve cryptography rests on the difficulty of solving the discrete logarithm problem. For decades now, cryptographers have known that the same problems are trivial to solve with a sufficiently large quantum computer.

The mathematical problems underpinning PQC algorithms are different and, so far, have not been shown to be easily broken using either classical or quantum computing. LaMacchia warns, however, that the same math that makes ML-KEM and ML-DSA quantum resistant also causes the encryption keys they derive to be three or more times bigger than their RSA and elliptic curve counterparts. On top of that, these larger keys must also be accompanied by RSA and the elliptic-curve keys they are meant to replace, since for the foreseeable future NIST is advising a hybrid approach that uses both the newer and older cryptosystems as a hedge in case the newer ones have vulnerabilities that have yet to be discovered.

Estimates for the fall of RSA and Elliptic Curve cryptography vary wildly, with some experts saying it's still two or more decades away. Other experts warn it will happen as soon as by 2035. In either case, the scale, cost, and difficulty of transitioning away from these now-ubiquitous algorithms will be unprecedented. Among the challenges: the significantly larger key sizes have the potential to introduce all sorts of errors into software, which could have catastrophic consequences if not discovered early in the revision process.

“One of the things I warned folks inside Microsoft very early on was you better start testing to make sure that if I triple the size of the keys that you're currently using that that actually flows through the software stack and that a developer hasn’t put a fixed allocation somewhere that’s going to block you,” he said in an interview. “You always find stuff like that.”

Source

Hope you enjoyed this news post.

Thank you for appreciating my time and effort posting news every day for many years.

News posts... 2023: 5,800+ | 2024: 5,700+ | 2025 (till end of April): 1,811

RIP Matrix | Farewell my friend