March 2026: PQC Transition Challenges for Automotive Embedded Systems in the Software-Defined Vehicle Era

When
Wednesday, March 04, 2026 11:00 AM EST

Who
Guillaume Fumaroli, Product Cybersecurity Expertise Domain Manager, Valeo

What
"PQC Transition Challenges for Automotive Embedded Systems in the Software-Defined Vehicle Era.”

Description
The rapid progress of quantum computing threatens classical asymmetrical cryptographic schemes (notably RSA and ECC) that are currently used within vehicles and related offboard services. While a cryptographically-relevant quantum computer (CRQC) capable of breaking real-world cryptographic instances is still years away, the automotive industry already faces a unique challenge: how to transition to quantum-resistant, or post-quantum cryptography (PQC), within long product lifecycles, complex supply chains, increasingly valuable digital content, and heterogeneous embedded platforms from high-end to low-resource ECUs.

This paper will explore practical migration strategies to PQC in automotive embedded systems in the Software-Defined Vehicle (SDV) Era:

Our strategy prioritizes the immediate transition to or (at least readiness) for PQC for all asymmetric schemes underpinning network-exposed use cases, recognizing their direct vulnerability to remote quantum adversaries. However, we also emphasize that the SDV paradigm fundamentally redefines the cybersecurity threat landscape. Unlike previous generations, where the extraction of device-specific secret keys via extensive physical access might have been deemed a less critical concern, current cryptographic implementations must now also resist physical attacks such as side-channel analysis and fault injection. Indeed, with SDV, the cybersecurity focus now has to cover more than the usual functional safety, to include high-value digital content and optional features protection, payment solutions, data privacy, and mutually authenticating vehicle-backend services.

As a tangible contribution, we introduce:

• a critical re-evaluation of the secure boot and secure update mechanisms, advocating for their integration into an interdependent hybrid symmetric/asymmetric authentication scheme. This approach is engineered to ensure quantum resistance while preserving acceptable boot times throughout the vehicle's operational lifetime.

• a novel, lightweight countermeasure specifically designed to enhance the physical security of ML-KEM implementations against recent side-channel attacks.

• This work is informed through internal research and external collaborations with industry and academia; Valeo is part of a recently started EU-funded research project focused on PQC transition across diverse industries, including automotive, aerospace, and IoT.