NVIDIA Architect Warns We Might Need to Rip and Replace Hardware for PQC – with TCG

Quantum technical debt is the idea that some devices cannot be upgraded to PQC. In this episode, Thorsten Stremlau, a Systems Principal Architect at NVIDIA and Co-Chair of the Trusted Computing Group (TCG) Marketing Work Group, joins host Konstantinos Karagiannis to discuss the critical role of hardware roots of trust in protecting against the quantum computing threat. Stremlau outlines the challenges of integrating heavier PQC algorithms into resource-constrained chips like the Trusted Platform Module (TPM), highlighting technical hurdles such as increased computational intensity, memory bloat, and heightened vulnerability to side-channel and denial-of-service attacks. To counter these quantum threats while maintaining historical stability, the TCG has released the TPM 2.0 library version 1.85 paired with the platform specification 107. This combination leverages built-in crypto-agility to implement mature algorithms like ML-KEM and ML-DSA, while still supporting hybrid classical-quantum models to ensure a smoother migration path for enterprises. However, Stremlau issues a stark warning regarding the industry's timeline and the reality of quantum technical debt, revealing that achieving full PQC readiness will require a complete hardware replacement rather than simple in-field firmware updates. Government entities are aggressively mandating PQC compliance for procurement by 2027. But the enterprise sector, particularly critical infrastructure and server environments, faces an incredibly long transition cycle due to a traditional preference for operational stability over rapid upgrades. While a PQC-ready TPM is a foundational piece of the puzzle that secures firmware signing, boot processes and platform attestation, it is not a silver bullet. True quantum resilience requires a defense-in-depth strategy where the entire software and data ecosystem, including AI workloads, edge networks and data pipelines, is systematically upgraded alongside the hardware foundation.  For more information on Trusted Computing Group, visit https://trustedcomputinggroup.org/. Visit Protiviti at www.protiviti.com/US-en/technology-consulting/quantum-computing-services to learn more about how Protiviti is helping organizations get post-quantum ready.  Follow host Konstantinos Karagiannis on all socials: @KonstantHacker             Questions and comments are welcome!  Theme song by David Schwartz, copyright 2021.  The views expressed by the participants of this program are their own and do not represent the views of, nor are they endorsed by, Protiviti Inc., The Post-Quantum World, or their respective officers, directors, employees, agents, representatives, shareholders, or subsidiaries.  None of the content should be considered investment advice, as an offer or solicitation of an offer to buy or sell, or as an endorsement of any company, security, fund, or other securities or non-securities offering. Thanks for listening to this podcast. Protiviti Inc. is an equal opportunity employer, including minorities, females, people with disabilities, and veterans.