These secure flash devices are the first in the market implementing Leighton–Micali Signature (LMS) algorithm for PQC (Post Quantum Cryptography), a critical enhancement for securing connected IoT edge devices used in commercial, industrial and server segments.
PQC (Post Quantum Cryptography) is considered crucial as it replaces classical cryptographic algorithms that are no longer considered to be safe in lieu of Quantum Computers.
Governments and security analysts portray 2030 as the year traditional cryptography will become obsolete. In response, NSA in the US and the UK’s NCSC have adopted LMS as the preferred PQC algorithms for digitally signing and authenticating firmware and software updates.
Compliance with the new CNSA 2.0 guidelines for software and firmware signing is expected by 2025, with a complete transition mandated by 2030.
The newly released TrustME W77Q series in densities of 256Mb, 512Mb, 1Gb support asymmetric key cryptography algorithm and enabling devices to facilitate both Secure OTA with asymmetric PQC signatures and Secure Supply chain via LMS-OTS (NIST 800-208).
Winbond is actually the first memory vendor to integrate PQC, meeting the emerging regulations requirements and setting a new standard in the industry. These devices are optimally designed for applications in Industrial IoT, networking, servers, and critical infrastructure applications.
These new W77Q devices support high-performance Quad-SPI at 166MHz, extended Replay Protected Monotonic Counters (RPMC) with 8 counters for PC based implementation. The 512Mb and 1Gb devices enable simultaneous read and write option enhancing operational efficiency for software OTA operation.
Winbond’s W77Q Secure Flash is backward compatible with the popular W25Q family and comes equipped with an arsenal of features designed to ensure platform security:
- Code and Data Protection: robust protection for both code and data, making it exceedingly difficult for hackers to tamper. RoT implementation follows the TCG DICE attestation mechanism.
- Authentication: Winbond Secure Flash devices employ stringent authentication protocols, ensuring that only authorized actors and software layers gain access.
- Secure Software Updates with Rollback Protection: the devices facilitate remote secure software updates while safeguarding against rollback attacks, ensuring that only legitimate updates are executed. To maintain the highest level of security and integrity during software updates, W77Q employs Leighton-Micali Signature (LMS) algorithms, as recommended by NIST Special Publication 800-208. This method guarantees the authenticity and integrity of the updating software, thereby providing an additional layer of security.
- Platform Resiliency: follows NIST 800-193 recommendations, unauthorised code changes are automatically detected, enabling the system to recover to a secure state and disturbing potential cyber threats.
- Secure Supply Chain: the origin and integrity of flash content is guaranteed by Secure Flash at every stage of the supply chain. W77Q implements remote attestation based on LMS-OTS (NIST 800-208). This advanced approach effectively prevents content tampering and misconfiguration during platform assembly, transportation, and configuration, safeguarding against cyber adversaries.
Moreover, these security features are designed to meet the stringent certification requirements of Common Criteria, SESIP, and FIPS 140-3, underscoring the company’s commitment to providing secure and reliable memory solutions.
W77Q 256Mb, 512Mb and 1Gb samples are available now.
