BOSTON, December 12, 2024 -- zeroRISC, a leading provider of commercial integrity management services for open-source silicon, today announced early achievement of post-quantum secure firmware signing. Through the first commercial implementation of SPHINCS+ (a.k.a. SLH-DSA) secure boot, OpenTitan and zeroRISC’s Integrity Management Platform, including the first open-source chip, are post-quantum ready.

While the timelines for a cryptographically-relevant quantum computer are uncertain, the National Institute of Standards and Technology (NIST) recently released the first set of finalized post-quantum cryptographic (PQC) algorithms and more recently an initial PQC transition timeline – speeding up the clock to begin adopting PQC algorithms as soon as possible. With the successful implementation of SPHINCS+ (SLH-DSA), one of the winners of NIST’s post-quantum cryptography competition, for OpenTitan, zeroRISC’s post-quantum readiness will mitigate the threat of future attackers forging signatures critical to the integrity of the early boot process for the open-source silicon supply chain.

“Post-quantum readiness is critical to zeroRISC’s trust model,” said Dominic Rizzo, founder and CEO, zeroRISC. “Testing and implementing cryptographic algorithms is time-consuming, especially when it comes to hardware. That is why we started preparations back in November 2022. Two years later, we are thrilled to announce the successful implementation of SPHINCS+ for OpenTitan, supported by zeroRISC’s Integrity Management Platform, building the foundation for a post-quantum safe future throughout the entire silicon supply chain.”