The first versions with quantum-resistant algorithms are already available to developers and companies through Windows Insider and SymCrypt-OpenSSL 1.9.0 on Linux.
The advent of quantum computing represents a technological revolution with profound implications across multiple sectors, particularly in cybersecurity. In response to the increasing risks posed by this new era, Microsoft has taken a strong step by integrating post-quantum cryptography (PQC) algorithms into both Windows and Linux.
Starting with version 27852 of the Canary channel of Windows Insider and the recent update of SymCrypt-OpenSSL 1.9.0 for Linux, developers and system administrators can begin experimenting with algorithms designed to withstand attacks from future quantum computers, anticipating the well-known “harvest now, decrypt later” scenario where malicious actors collect encrypted data today hoping to break it tomorrow with more powerful technologies.
Implemented Algorithms: ML-KEM and ML-DSA
Microsoft has incorporated two NIST-approved algorithms: ML-KEM for key exchange and encapsulation, and ML-DSA for digital signatures. Both are part of the CRYSTALS family, widely considered one of the strongest against quantum threats.
Windows users will be able to test these algorithms through the CNG (Cryptography API: Next Generation) libraries, enabling practical trials in functions such as certificate storage and validation, as well as in identity services, authentication, and signing. In Linux, these capabilities are available through a SymCrypt integration layer in OpenSSL, allowing the use of hybrid algorithms for TLS exchanges.
| Algorithm | Public Key Size | Encryption Size | Shared Secret Size | Security Level (NIST) |
|---|---|---|---|---|
| ML-KEM 512 | 800 bytes | 768 bytes | 32 bytes | Level 1 |
| ML-KEM 768 | 1,184 bytes | 1,088 bytes | 32 bytes | Level 3 |
| ML-KEM 1024 | 1,568 bytes | 1,568 bytes | 32 bytes | Level 5 |
| Algorithm | Public Key Size | Private Key Size | Signature Size | Security Level (NIST) |
|---|---|---|---|---|
| ML-DSA-44 | 1,312 bytes | 2,560 bytes | 2,420 bytes | Level 2 |
| ML-DSA-65 | 1,952 bytes | 4,032 bytes | 3,309 bytes | Level 3 |
| ML-DSA-87 | 2,592 bytes | 4,896 bytes | 4,627 bytes | Level 5 |
Microsoft recommends a hybrid approach during this transitional phase: combining these new post-quantum algorithms with traditional ones (such as RSA or ECDSA) to maintain depth of defense and ensure compatibility with existing systems.
Preparing Critical Infrastructure
The company has also confirmed it is working to extend support for these algorithms across the entire Windows and Microsoft 365 ecosystem. This includes Active Directory Certificate Services (ADCS), Microsoft Intune, and the Windows TLS stack (Schannel), facilitating the issuance and management of post-quantum certificates for use in corporate networks and mobile devices.
Additionally, collaboration has begun with organizations like the IETF (Internet Engineering Task Force) to advance the standardization of secure authentication and digital signature mechanisms. Microsoft is part of the LAMPS group, which is developing new X.509 formats for certificates compatible with ML-DSA, ML-KEM, and their composite variants.
Challenges: Performance, Compatibility, and Cryptographic Agility
While the progress is notable, the mass adoption of post-quantum cryptography will not be without obstacles. The new algorithms require greater computational resources and increase the size of keys and encrypted messages, which can affect performance, especially in TLS connections or on resource-constrained devices.
Microsoft acknowledges these challenges and promotes the concept of "cryptographic agility," referring to the ability to quickly adapt to new algorithms and standards as they evolve. Solutions such as certificate compression and TLS key prediction are also being explored to mitigate the impact on latency and network efficiency.
An Inevitable Transition
Organizations such as the NSA and the European Commission have already urged companies and institutions to begin their transition to quantum-resistant environments. By offering tools and libraries prepared for PQC on its most widely used platforms, Microsoft positions itself as a leader in this race.
The rollout of these features for Windows Insider and Linux not only allows developers to start experimenting in real-world environments but also represents a crucial opportunity for the industry to identify bottlenecks and optimize systems before the quantum threat becomes an everyday reality.
Quantum computing promises revolutionary advancements but also poses one of the greatest challenges for modern cybersecurity. Thanks to initiatives like this, the sector is making significant strides toward a more resilient digital infrastructure, ready for the challenges of the future.