Q1. How is wolfSSL supporting IoT and embedded systems developers in preparing for a quantum-resistant future? What are the biggest hurdles in maintaining performance on resource-limited devices?
wolfSSL is leading the quantum-resistance transition through our comprehensive post-quantum cryptography (PQC) implementation that specifically addresses the unique constraints of IoT and embedded systems. Our approach centers on practical, performance-optimized solutions that don't compromise the resource efficiency that embedded developers demand.
We've integrated NIST-standardized algorithms including ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) and ML-DSA (Module-Lattice-Based Digital Signature Algorithm), alongside hash-based signatures like LMS and XMSS, directly into our wolfCrypt library. What sets us apart is our hybrid cryptography approach, allowing developers to run traditional and post-quantum algorithms simultaneously. This ensures backward compatibility while enabling gradual migration paths—critical for embedded systems with extended lifecycles in automotive and industrial IoT applications.
Our solutions are highly configurable and optimized for resource-constrained environments, offering minimal memory footprint and bare-metal support. We've achieved CAVP certification for our PQC implementations and maintain our signature compact footprint—up to 20 times smaller than OpenSSL. The wolfSSL library seamlessly integrates PQC into TLS 1.3 and DTLS 1.3, enabling secure communication without requiring application-level changes.
The primary performance hurdles we address include managing the larger key sizes and computational overhead inherent in post-quantum algorithms. Our engineering team has focused on algorithm optimization for ARM and x86_64 architectures, leveraging hardware acceleration where available. We've also developed wolfHSM for portable hardware security module abstraction, enabling secure key management with minimal resource consumption. The challenge lies in balancing quantum resistance with the power and memory constraints of microcontrollers, which we address through careful algorithm selection and implementation efficiency.
Q2. How do you see the standardization efforts from entities like NIST and ETSI shaping the timeline for adoption of quantum-safe cryptography in commercial embedded system? How is wolfSSL aligning its roadmap with these efforts?
The standardization landscape is accelerating rapidly, creating both opportunities and challenges for commercial embedded system adoption. NIST's release of FIPS 203, 204, and 205 in August 2024, followed by the recent selection of HQC as a backup algorithm in March 2025, establishes a clear foundation for industry migration. The transition deadline set by the White House is driving urgency, but NIST's latest guidance recognizes that migration timelines must be flexible based on system complexity and risk profiles.
ETSI's parallel efforts, particularly their Technical Specification 103 744 on quantum-safe hybrid key exchanges and the new authenticated quantum-safe hybrid key establishment (AQSHKE) European Standard, are creating additional momentum in global markets. These standards are particularly relevant for embedded systems operating in international markets or critical infrastructure applications.
wolfSSL's roadmap directly aligns with these standardization efforts. We were among the first to achieve CNSA 2.0 compliance and have maintained close collaboration with NIST throughout the standardization process. Our implementation includes support for the newly selected HQC algorithm, which will be crucial as a mathematical diversity backup to ML-KEM when the draft standard is released in 2026.
We're positioning ourselves ahead of the compliance curve by implementing hybrid solutions that meet both current and emerging standards. Our support for compliance frameworks including FIPS 140-3, FIPS 203/204, DO-178C for aviation, and ISO 26262 for automotive ensures that embedded developers can meet sector-specific requirements. As standards evolve, our modular architecture allows for seamless algorithm updates without system-wide overhauls—essential for embedded devices with 10-20 year operational lifespans.
The timeline pressure means that developers need to start migration planning now, as the complexity of embedded system transitions often extends deployment timelines significantly beyond traditional IT systems.
Q3. What technology or innovation does wolfSSL plan on showcasing at Black Hat USA 2025? What do you want attendees to take away from your company's participation at the event?
At Black Hat USA 2025, wolfSSL will demonstrate our latest quantum-resistance technologies and showcase real-world implementations that solve today's embedded security challenges while future-proofing against quantum threats. Our primary focus will be on live demonstrations of our post-quantum TLS 1.3 implementations running on actual embedded hardware, showing attendees how PQC performs in resource-constrained environments.
We'll feature our wolfBoot secure bootloader with integrated post-quantum signatures, demonstrating how firmware authentication can be quantum-resistant from the ground up. Our wolfHSM portable hardware security abstraction will be showcased through automotive use cases, highlighting seamless integration with platforms like the Infineon Aurix Tricore TC3XX. We're particularly excited to demonstrate our hybrid cryptography implementations, showing how organizations can maintain operational continuity while transitioning to quantum-safe algorithms.
Interactive demonstrations will include our multi-protocol support across MQTT, SSH, and web services, all running with post-quantum cryptography. We'll show how our solutions scale from tiny microcontrollers to high-performance embedded processors, maintaining our signature efficiency and performance characteristics.
Our key message to Black Hat attendees is that quantum-resistance doesn't require choosing between security and performance. We want security professionals to understand that the transition to post-quantum cryptography can begin immediately with practical, production-ready solutions. Whether you're securing automotive systems, industrial IoT networks, or critical infrastructure, wolfSSL provides the certified, optimized, and proven cryptographic foundation needed for both current security requirements and future quantum threats.
A major focus of our Black Hat presence will be demonstrating how to achieve FIPS 140-3 compliance for Linux distributions, including kernel-level integration. As the world's first SP800-140Br1 FIPS 140-3 validated cryptographic module, wolfCrypt enables organizations targeting government and regulated industries to bring Linux-based systems into compliance. We'll showcase real implementation paths for integrating wolfCrypt into common crypto backends including OpenSSL, NSS, Libgcrypt, gnuTLS, and the Linux kernel itself. Our case studies demonstrate how organizations can cut through compliance complexity and establish concrete paths forward for FIPS 140-3 validation in their Linux environments.
