Welcome to the Quantum Era, where even the strongest locks we use to protect our digital lives might soon be breakable. However, don't panic; Microsoft is already preparing for that future, and it has just rolled out a groundbreaking update for Windows Insiders and Linux users that could change the game for cybersecurity forever.

Why Quantum Computing Is Dangerous?

Quantum computers can do some pretty amazing things, solve complex problems in seconds, simulate molecules for new drug discoveries, and more. But here's the problem: they can also crack most encryption that protects your emails, bank transactions, and sensitive files.

This leads to a terrifying idea called "Harvest now, decrypt later." Hackers can steal your encrypted data today and just wait until quantum tech is strong enough to break it. So, what do we do?

To prepare for this, Microsoft has been working on Post-Quantum Cryptography (PQC), a new kind of encryption that can resist attacks even from quantum computers.

Previously, Microsoft:

• Talked about the risks of quantum computing to current encryption.
• Shared its work in making systems quantum-safe.
• Added PQC algorithms to their core cryptography library, SymCrypt.

Now, Microsoft is taking the next step in its latest update:

• They've added PQC support to Windows Insiders (Canary Build 27852+).
• And to Linux through SymCrypt-OpenSSL v1.9.0.

This means companies and developers can now start testing and preparing for a quantum-secure future.

What's New for Microsoft Windows Users?

Windows is still the world's most popular OS, and now it's getting a quantum-resistant makeover.

Microsoft is adding two PQC algorithms:

ML-KEM (Module Lattice-Based Key Encapsulation Mechanism)

It is also known as CRYSTALS-Kyber and is designed for key encapsulation and exchange. ML-KEM is a post-quantum algorithm that helps with secure key exchange basically, it protects the start of a secure connection (like HTTPS). It's efficient and offers strong security levels.

It allows developers to test quantum-safe key exchanges alongside current methods like RSA or ECDH. It's designed to prevent a future attack strategy called "harvest now, decrypt later", where hackers collect encrypted data now to decrypt later using quantum computers.

ML-DSA (Module Lattice-Based Digital Signature Algorithm)

Microsoft also suggests using ML-DSA in hybrid mode with algorithms like ECDSA or RSA. But be aware ML-DSA uses larger keys and signatures, which may affect speed and storage. It was previously known as CRYSTALS-Dilithium.

It is used for digital signatures, ensuring data integrity and authenticity. ML-DSA is used to digitally sign documents or software, proving they're authentic and untampered.

Your apps, drivers, and digital certificates can now be signed using PQC, and Windows lets you import, export, and validate them using the built-in Certificate API.

What's New in Linux?

For Linux users, Microsoft has updated SymCrypt-OpenSSL (a plugin for OpenSSL 3) in version 1.9.0.

From this update, you can:

• Use TLS hybrid key exchange, which combines current encryption + quantum-safe ML-KEM.
• Test how this affects handshake speed, message size, and performance.

This lets developers test how using PQC affects:

• TLS handshake sizes
• Connection speed
• Overall performance

Note: These are draft specifications, so expect future changes. Microsoft will continue updating its tools to match evolving standards.

What's Coming Next?

You didn't think Microsoft was stopping here, did you? This is just the start. Microsoft plans to:

1. More Algorithms

New algorithms like SLH-DSA are being added to Windows and Linux cryptographic libraries.

2. X.509 Certificate Support

Microsoft is working with global partners to standardise post-quantum certificates for software, firmware, and more.

3. Windows TLS (Schannel)

They're bringing quantum-safe TLS (used in HTTPS) to Windows too, not just Linux.

4. Microsoft Active Directory Certificate Services (ADCS)

You'll be able to issue and manage PQC certificates from your own CA (Certificate Authority), including:

• CRLs (Certificate Revocation Lists)
• OCSP (Online Certificate Status Protocol)
• NDES, CEP, CES services
• Microsoft Intune Certificate Connector

These updates ensure PQC works across all your devices, from on-prem servers to mobile endpoints.

But Wait… What About Performance?

As we know, Post-quantum algorithms are bigger and slower than what we're used to.

• Signature sizes and keys are much larger.

• TLS handshakes might take a bit longer.

• Your systems may need optimisation and hardware acceleration to handle the extra load.

• The good news is that Microsoft is working on TLS optimisations like key share prediction and certificate compression (for everything but signatures). These will help speed things up.

Crypto Agility: Stay Flexible or Fall Behind

You can't bet everything on one algorithm. That's why Crypto Agility is key. Think of it like building a house with removable walls. If a new algorithm comes out, you can swap it in without rebuilding from scratch.

Hybrid methods (mixing quantum-safe + traditional algorithms) are a smart transitional strategy. As the field matures, you'll be ready to go all-in on PQC.

Source