Photonic Acceleration of Post-Quantum Cryptographic Processes

1. The Problem is Performance, Not Algorithms

On August 13, 2024, NIST finalized three post-quantum cryptographic standards: FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA).[1] A fourth standard based on FALCON is expected in 2025. In March 2025, NIST selected HQC as a backup algorithm, providing cryptographic diversity based on error-correcting codes rather than lattices.[2]

The algorithms work. They're mathematically sound against both classical and quantum attack vectors. The challenge is deploying them.

Recent benchmarks across consumer hardware paint a clear picture: lattice-based schemes like ML-KEM slow down by 30-50x on resource-constrained platforms compared to desktop implementations. Hash-based signatures (SLH-DSA) can exceed 100x slowdown for signing operations.[3] That's not a rounding error. For a network encryption gateway processing thousands of TLS handshakes per second, or a tactical radio with strict size, weight, and power constraints, those numbers represent a functional barrier.

CISA, NSA, and NIST have been direct about this. Their joint guidance on quantum readiness acknowledges that migration will take until 2035 and requires organizations to prioritize systems based on both quantum vulnerability and resource constraints.[4] The Office of the National Cyber Director projects the federal government alone will spend $7.1 billion on this transition.[5]

Hardware acceleration isn't optional—it's the path forward.

2. What NIST Actually Standardized

Understanding what we're accelerating matters. Each algorithm has different computational bottlenecks.

Standard	Algorithm	Type	Primary Bottleneck
FIPS 203	ML-KEM (Kyber)	Lattice KEM	NTT, polynomial multiplication
FIPS 204	ML-DSA (Dilithium)	Lattice Signature	NTT, rejection sampling
FIPS 205	SLH-DSA (SPHINCS+)	Hash-based Signature	Hash chain computation
FIPS 206 (draft)	FN-DSA (Falcon)	Lattice Signature	FFT, floating-point sampling

ML-KEM and ML-DSA share a foundation: the Module Learning With Errors (MLWE) problem. Both rely heavily on Number Theoretic Transform (NTT) operations—essentially specialized FFTs over finite fields. These are computationally intensive but highly parallelizable.[6]

SLH-DSA takes a different approach. It's hash-based, meaning its security depends entirely on the underlying hash function (SHA-256 or SHAKE). No lattice math, but massive hash tree traversals. A single signature can require tens of thousands of hash operations.

FN-DSA (Falcon) uses NTRU lattices with FFT-based sampling. It produces compact signatures but requires high-precision floating-point arithmetic—unusual for cryptographic implementations and challenging to secure against side-channel attacks.

3. Current State: Hardware Acceleration Exists, But It's Electronic

The obvious response to PQC's computational demands is hardware acceleration. FPGA implementations already demonstrate 3-9x speedups over optimized software, even software using CPU vector instructions like AVX2.[7]

This isn't new territory. Cryptographic offloading has been standard practice in high-assurance environments for decades. NSA Type 1 devices—the encryption systems certified for classified information—have always used dedicated hardware.[8] The CNSA 2.0 transition timeline, published by NSA in December 2024, mandates quantum-resistant algorithms in national security systems by specific dates: software and firmware signing by 2025, web services by 2025, traditional networking by 2026, and operating systems by 2027.[9]

Current accelerators are electronic. ASICs, FPGAs, specialized coprocessors. They work, but they're hitting fundamental limits:

• Power consumption scales with clock frequency. Push electrons faster, generate more heat. Data centers already consume electricity equivalent to a European country; PQC adds load.
• Interconnect bottlenecks. Moving data between processors and memory creates latency. Metallic interconnects have inherent bandwidth constraints.
• Parallelism limits. Electronic circuits can only do so many operations simultaneously before physical interference becomes a problem.

These constraints aren't showstoppers for current deployments. But as PQC becomes ubiquitous—not just in government systems but in consumer devices, IoT sensors, and edge computing—they'll matter more.

4. Two Technologies We're Researching

HelioLink's R&D focuses on combining two established technologies in a novel configuration: quantum random number generation for entropy, and photonic integrated circuits for computational offloading.

4.1 Quantum Random Number Generation

Every cryptographic system needs randomness. Key generation, nonces, initialization vectors—they all depend on entropy that an adversary cannot predict. Classical random number generators derive entropy from physical noise (thermal fluctuations, timing jitter) or algorithmic processes (PRNGs). Both have known weaknesses.

Quantum random number generators exploit fundamental quantum mechanical processes—photon arrival times, vacuum fluctuations, beam splitter outcomes—to produce randomness that is provably unpredictable. Not computationally hard to predict; impossible to predict, by the laws of physics.

This isn't speculative. In April 2025, Quantinuum's Quantum Origin became the first software QRNG to achieve NIST SP 800-90B validation as an entropy source.[10] Hardware QRNGs from ID Quantique and others have been commercially available for years, achieving min-entropy rates above 7.8 bits/byte—near the theoretical maximum of 8.[11]

For PQC specifically, high-quality entropy matters because the algorithms generate larger keys and more complex cryptographic structures than classical schemes. Weak randomness that might have been "good enough" for RSA becomes a liability when you're generating ML-KEM-1024 key pairs.

4.2 Photonic Integrated Circuits for Logic Operations

Photonic computing uses light instead of electrons to perform calculations. The advantages are straightforward:

• Speed: Optical signals propagate at the speed of light. Switching times measured in picoseconds, not nanoseconds.
• Parallelism: Wavelength division multiplexing (WDM) allows multiple independent data channels on a single optical path without interference.
• Power efficiency: Optical operations consume less energy than equivalent electronic operations at high data rates.
• Reduced thermal load: Less power means less heat, enabling denser integration.

Photonic logic gates aren't theoretical. Mach-Zehnder interferometer (MZI) configurations have demonstrated XOR, AND, OR, NAND, and NOR operations with response times around 1.56 picoseconds.[12] Photonic crystal structures achieve similar results through different mechanisms.[13]

In April 2025, Nature published research on a large-scale photonic accelerator with over 16,000 integrated components on a single chip, demonstrating ultralow latency for matrix operations—the same class of operations that dominate PQC computation.[14]

The gap is application. These photonic systems have been developed primarily for neural network inference and signal processing. Adapting them to cryptographic workloads—with their specific requirements for timing, determinism, and side-channel resistance—is an open research problem.

5. The Integration Challenge

Combining QRNG entropy with photonic computation isn't as simple as connecting two boxes. Several engineering challenges require solutions:

Electro-optical interfaces. Data enters and exits the photonic domain through modulators and detectors. These interfaces must be fast enough not to bottleneck the optical processing and secure enough not to leak information through timing or power signatures.

Control plane architecture. Cryptographic operations require precise sequencing and key material handling. The control logic will likely remain electronic, with photonic acceleration handling the computational heavy lifting. Defining that boundary correctly is critical.

Side-channel resistance. Cryptographic implementations must resist attacks that exploit timing variations, power consumption patterns, or electromagnetic emissions. Photonic systems have different side-channel characteristics than electronic ones—potentially better in some ways, but not automatically secure.

Certification pathway. For government applications, any cryptographic module must undergo FIPS 140-3 validation through NIST's Cryptographic Module Validation Program (CMVP). Photonic components add complexity to that process.

None of these challenges are insurmountable. They're engineering problems, not physics problems. But they require focused R&D effort.

6. Why This Matters for Migration

The federal PQC migration timeline runs through 2035. That's not a deadline for having everything figured out—it's a deadline for having everything deployed. The research, development, testing, and certification cycles need to happen well before that.

NSA's CNSA 2.0 guidance is specific about expectations:[9]

• By 2025: PQC for software/firmware signing
• By 2026: PQC for network equipment
• By 2027: PQC for operating systems
• By 2030: Majority of NSS traffic quantum-resistant
• By 2033: Complete deprecation of classical public-key cryptography in NSS

Organizations following CISA's guidance are already inventorying their cryptographic dependencies and prioritizing systems for migration.[4] The questions they'll face aren't "should we migrate" but "how do we migrate systems that can't handle the computational load."

Hardware acceleration is the answer. Photonic acceleration may be a better answer for specific use cases—high-throughput environments, power-constrained deployments, scenarios where heat dissipation is critical. Developing that option now means it's available when organizations need it.

7. What We're Not Claiming

Clarity matters. Here's what this paper is not saying:

• We haven't built a production photonic PQC accelerator. No one has. This is R&D, not product announcement.
• Photonic acceleration isn't required for PQC migration. Electronic accelerators work. Software implementations work on capable hardware. Photonics is one approach among several.
• We're not claiming to replace existing Type 1 devices. Those systems serve classified applications with specific certification requirements. Our research targets the broader challenge of scalable PQC deployment.
• Quantum computers aren't breaking RSA tomorrow. NIST estimates 10-15 years before cryptographically relevant quantum computers exist. But "harvest now, decrypt later" attacks mean data encrypted today may be vulnerable when those computers arrive.

What we are claiming: the combination of quantum entropy sources and photonic computation represents a viable research direction for addressing PQC's performance challenges, grounded in demonstrated physics and engineering precedent.

8. Conclusion

Post-quantum cryptography is happening. The algorithms are standardized, the migration timelines are set, and federal agencies are already inventorying their systems. The remaining challenge is implementation at scale.

HelioLink's research program addresses that challenge through two parallel tracks: quantum random number generation for cryptographic entropy, and photonic integrated circuits for computational acceleration. Both technologies are established independently; our contribution is investigating their integration for PQC-specific workloads.

We're not promising a finished product. We're pursuing a research direction that could expand the options available to organizations facing the largest cryptographic transition in computing history.

For organizations planning their quantum-readiness roadmap, the message is simple: start now, prioritize based on risk, and keep an eye on hardware acceleration developments. The algorithms are ready. The infrastructure to deploy them efficiently is still being built.

← Back to White Papers