Microsoft has introduced built-in post-quantum cryptography (PQC) capabilities into Windows 11 Insider Preview, targeting threats posed by advanced quantum computing technologies. This move is designed to safeguard everyday users from malicious actors who may eventually wield quantum computing power, referencing advancements like the Majorana 1 processor. The integration provides developers and security professionals with early access to cryptographic algorithms specifically engineered to withstand attacks from future quantum computers.
The new PQC features, available starting with Canary Channel Build 27852, include two key cryptographic schemes: ML-KEM for key exchange and ML-DSA for digital signatures. These algorithms are embedded directly within the Cryptography API: Next Generation (CNG) and also support certificate management functions. Of particular focus is ML-KEM, which counters the ‘harvest now, decrypt later’ threat scenario, where adversaries collect encrypted data today with plans to decrypt it once quantum hardware matures.
Microsoft’s approach allows organizations to tailor protection levels according to their needs through three ML-KEM security tiers. Level 1 generates 800-byte ciphertexts, Level 3 uses 1,184-byte ciphertexts, and Level 5 extends to 1,568-byte ciphertexts, with all tiers maintaining a consistent 32-byte shared secret. These parameter ranges offer a flexible balance between computational performance and data security, enabling organizations to optimize their configurations based on individual threat models and operational requirements.
