Microsoft Updates Its Core Crypto Library To Thwart Quantum Security Threats

Microsoft is making some changes to SymCrypt, which is the core cryptographic function library currently used by Windows. These changes are based on the guidance provided by the National Institute of Standards and Technology (NIST). This is to prepare for a future where quantum computers, which are vastly more powerful than traditional computers used in the present, can be used to crack encryption protocols currently deployed.

One of the biggest reasons for this change it that threat actors are likely stealing encrypted data and holding on to it for a later date when a quantum computer can be used to decrypt it. Therefore, it’s important to begin to incorporate what’s known as “post-quantum cryptography (PQC) algorithms.” This will hopefully be able to protect data generated and stored today from attacks in the future.


The first step in this process was started with the latest update to SymCrypt, which gained support for the NIST approved ML-KEM and XMSS algorithms. Additionally, Microsoft will work towards incorporating ML-DSA, SLH-DSA, and LMS over the coming months in an effort to continue hardening SymCrypt.

Microsoft notes that this is just the beginning of a complex process that will likely take place over the course of several years. However, the company states that it’s committed to working with its partners and stakeholders to ensure a transition that is as smooth as possible.

It’s heartening to see Microsoft begin to undergo this important process, as SymCrypt is employed in a wide range of environments that make use of the company’s operating system and cloud services. Hopefully these changes are able to deliver the security needed to keep data safe well into the future.