Announced today, the new MCUs future-proof industrial and data center systems in anticipation for the post-quantum world.
Today, Infineon Technologies announced a new family of microcontrollers that offers post-quantum cryptography (PQC) capabilities and PSA Certified Level 3 compliance. Dubbed the “PSOC Control C3 Performance Line”, these MCUs offer a control-focused architecture meant for industrial, data center, and power-conversion applications.
All About Circuits interviewed Erik Wood, Senior Director of Security Technical Marketing for Infineon's IoT, Compute and Secure Group, to learn more about the new MCUs firsthand.
Preparing for Quantum Threats
The consensus of many is that the defining security challenge of the next 30 years is the inevitable emergence of quantum computing. While large-scale quantum machines are still under development, the acceleration in quantum research has made PQC readiness a true imperative for embedded systems with long deployment cycles. “PQC is coming hard and strong,” says Wood. “We, as chip makers, have to get way ahead of it because we’re three years prior to production for our customers.”
Quantum computing can break encryption exponentially faster than classical computing.
Infineon’s PSOC Control MCUs offer an answer to this challenge by supporting both legacy and PQC-ready algorithms in a hybrid configuration. The architecture includes embedded support for Leighton-Micali Signature (LMS) schemes to verify firmware updates, as well as hardware acceleration for SHA-2 and, in future iterations, SHA-3 to support more advanced PQC algorithms like ML-DSA and ML-KEM.
Importantly, the Control C3 Performance Line integrates crypto-agile APIs that abstract the underlying cryptographic operation. Developers invoke secure services using key identifiers rather than algorithm calls, such that firmware is reusable even as PQC standards evolve.
The design accommodates LMS today but anticipates migration to ML-DSA and ML-KEM as these algorithms mature and become commercially viable. According to Infineon, this crypto-agile design allows customers to maintain software continuity while transparently transitioning to stronger cryptographic primitives.
CNSA 2.0 Compliance
To guide the industry through the transition to quantum-resilient security, the U.S. National Security Agency (NSA) introduced the Commercial National Security Algorithm (CNSA) Suite 2.0. This framework establishes a staged timeline for replacing vulnerable cryptographic primitives like RSA and elliptic-curve algorithms with post-quantum alternatives.
One of the earliest milestones takes effect in 2025. “CNSA 2.0 dictates that starting in 2025, design-in minds need to be able to do hardware verification using a post-quantum cryptography option,” says Wood.
The CNSA 2.0 timeline
Infineon’s PSOC Control C3 Performance Line meets these mandates by integrating LMS (Leighton-Micali Signatures) directly into its secure bootloader. The implementation is preconfigured within Infineon’s ModusToolbox development environment so that developers can adopt PQC-compliant boot authentication without rewriting or porting firmware components.
And, support for future CNSA 2.0 stages is also embedded into Infineon’s roadmap. For example, the Control C3 family will expand to include ML-DSA for on-device key generation and signing, as well as ML-KEM for secure key encapsulation in TLS-based communications.
Hardware Security
Behind the scenes, these enhancements are being enabled by a new cryptographic hardware engine, the Low-Cost Crypto Subsystem (LCSS), which will replace Infineon’s legacy MXCRYPTO and CRYPTOLITE blocks. The subsystem is specifically designed to accelerate lattice-based algorithms while maintaining tight constraints on power consumption and silicon area.
Further bolstering the hardware side of things, the PSOC Control C3 family meets PSA Certified Level 3, which requires resistance to side-channel and fault injection attacks and mandates a secure, independently evaluated root of trust.
Although current PQC algorithms are not yet fully hardened against side-channel analysis, Infineon has designed the remainder of the security stack (for instance, boot logic, key storage, isolation zones, and fault detection) with Level 3 compliance in mind.
Long-Term Outlook
With firmware lifespans exceeding a decade and potential quantum decryption threats within that same timeframe, embedded devices must be equipped today to resist attacks that may only materialize years later.
“We believe the state of the art right now is truly five years from now. That means we have a responsibility to react,” says Wood.
Samples of the PSOC Control C3 Performance Line will be available by the end of 2025, with full production scheduled for 2026.
All images used courtesy of Infineon.
