From 2035 to 2029: Why Automotive PQC Strategy Needs to Accelerate Now
Key Points from the March 2026 Automotive Security Summit in Detroit, where I was featured in a fireside chat titled:
“Post-Quantum Cryptography: Future-Proof Vehicles Without Compromising Performance or Efficiency”
While NIST often references 2035 for PQC readiness, mandates from bodies like the NSA (CNSA) are much more aggressive—software signing starting as early as 2025, browsers and VPNs 2026–27, OS and PKI transitions before 2030. The timeline is not uniform—and not as far out as many assume.
PKI lifetimes in automotive are uniquely long: 30-year certificates, 5 years in production, and ~12+ years on the road. That pushes trust infrastructure requirements toward multi-decade durability (~40–50 years).
It’s not just “store now, decrypt later”—it’s also “authenticate now, forge later.” With OTA cadences ranging from days (mobility fleets) to months (OEM releases), attackers may have a meaningful window to exploit signature weaknesses.
We’ve seen this play out in other industries—hyperscalers introduced PQC accelerators and effectively set direction for all data center hardware vendors. Automotive could face a similar moment where adoption is externally driven rather than internally paced.
Crypto agility without hardware support is largely a myth. PQC operations like ML-DSA verification can be an order of magnitude slower without accelerators, making performance a real constraint.
Visibility is a major gap. Scanning networks and PKI reveals crypto-in-transit, but crypto in firmware, secure boot, and storage requires design-level analysis and case-by-case decisions.
Not every ECU—or supplier—should be treated the same. Impact-driven prioritization matters: a tire pressure sensor is not a telematics unit handling OTA, diagnostics, and external connectivity.
With a large portion of modern attacks targeting API-driven systems running over TLS, securing TLS becomes central to PQC strategy.
Organizations should push suppliers for clear migration strategies, policies, and Crypto-BOMs (CBOMs) to gain visibility into cryptographic dependencies.
Hybrid approaches are necessary but operationally complex—even something as simple as dual-signing firmware can require separate HSM infrastructures.
AI doesn’t break PQC directly, but it accelerates cryptanalysis and side-channel attacks, lowering the barrier for exploitation.
More importantly, agentic AI changes the security model itself. With autonomy, self-modification, and non-determinism (as highlighted in AIVSS), assets, trust boundaries, and even CBOMs become dynamic—requiring a rethink of traditional TARA approaches.
A couple of notable updates since the summit:
Google has now publicly targeted 2029 to complete its migration to PQC—well ahead of the commonly cited 2035 horizon. Around the same time (World Quantum Day), Nvidia announced ISING, an open-source 31B parameter vision-language model aimed at quantum system calibration and error correction—reducing what used to take hours of expert tuning to seconds. Alongside that, Nvidia is extending its AI stack into quantum workflows with CUDA-Q, NVLink-Q, and NIM, signaling that AI + quantum + accelerated infrastructure are converging faster than expected.
If you’re working through PQC strategy, crypto inventory (CBOM), or prioritizing migration across ECUs, suppliers, and PKI, these are not theoretical problems—they are architecture and execution challenges. We’ve been working through these tradeoffs in real systems (automotive, cloud, and edge) and are helping teams move from awareness to actionable migration plans. Happy to compare notes or engage on specific programs.