zeroRISC Successfully Implements Post-Quantum Cryptographic Algorithm for Firmware Signing in Chip Provisioning Platform

BOSTON--(BUSINESS WIRE)--zeroRISC, a leading provider of commercial integrity management services for open-source silicon, today announced early achievement of post-quantum secure firmware signing. Through the first commercial implementation of SPHINCS+ (a.k.a. SLH-DSA) secure boot, OpenTitan^® and zeroRISC’s Integrity Management Platform, including the first open-source chip, are post-quantum ready.

While the timelines for a cryptographically-relevant quantum computer are uncertain, the National Institute of Standards and Technology (NIST) recently released the first set of finalized post-quantum cryptographic (PQC) algorithms and more recently an initial PQC transition timeline – speeding up the clock to begin adopting PQC algorithms as soon as possible. With the successful implementation of SPHINCS+ (SLH-DSA), one of the winners of NIST’s post-quantum cryptography competition, for OpenTitan, zeroRISC’s post-quantum readiness will mitigate the threat of future attackers forging signatures critical to the integrity of the early boot process for the open-source silicon supply chain.

“Post-quantum readiness is critical to zeroRISC’s trust model,” said Dominic Rizzo, founder and CEO, zeroRISC. “Testing and implementing cryptographic algorithms is time-consuming, especially when it comes to hardware. That is why we started preparations back in November 2022. Two years later, we are thrilled to announce the successful implementation of SPHINCS+ for OpenTitan, supported by zeroRISC’s Integrity Management Platform, building the foundation for a post-quantum safe future throughout the entire silicon supply chain.”

Reaching this key milestone is the result of dedicated work by a number of contributors at zeroRISC and OpenTitan.

For a deeper look into zeroRISC’s post-quantum journey, check out: https://www.zerorisc.com/blog/landing-sphincs-on-opentitan

About zeroRISC

zeroRISC is redefining security by empowering device owners and operators in crucial sectors like silicon production, IoT, and critical infrastructure with full device ownership, control, and visibility. With transparent and trustworthy OpenTitan-enabled designs, zeroRISC’s Integrity Management Platform affords customers the power to separate device security from its supply chain transit by forging an immutable connection between hardware and software. Headquartered in Boston, MA, zeroRISC was founded by Dominic Rizzo, the OpenTitan project founder. The company is a leading project contributor, driving the commercialization of OpenTitan-based designs. For more information, visit https://zerorisc.com.