idw – Informationsdienst Wissenschaft
Nachrichten, Termine, Experten
Nachrichten, Termine, Experten
idw - Informationsdienst
Wissenschaft
EU-funded consortium to deliver hybrid post-quantum secure boot with hardware-software co-design and continuous attestation demonstrators
HEIDELBERG, 30/10/2025 - A €4.9 million Horizon Europe project has launched to develop quantum-resistant secure boot mechanisms for critical national infrastructure, combining novel hardware architectures with post-quantum cryptography in operational demonstrators.
The FORTRESS (Post-Quantum/Traditional Hybrid Cryptographic Secure Boot) project brings together six European partners; Eurescom (coordinator), PQShield, CyberHive, Codasip, eShard, and Universität der Bundeswehr München, to address the imminent threat quantum computers pose to RSA/ECC-based secure boot processes that underpin modern cybersecurity.
Unlike existing approaches, FORTRESS will implement the PQ/T (Post-Quantum/Traditional) hybrid cryptographic model mandated by EU agencies including ANSSI(National Cybersecurity Agency of France) and BSI(Federal Office for Information Security (Germany)), which requires combining quantum-resistant algorithms with conventional cryptography during the transition period all built upon a hardware-based root of trust. The 36-month project held its inaugural plenary in Heidelberg this month.
Hybrid Root of Trust with hardware acceleration
The project's technical innovation centres on a Hybrid Root of Trust (RoT) architecture integrating CHERI-enabled RISC-V processors, which provide hardware-enforced memory safety, with PQ/T cryptographic cores optimised for side-channel and fault resistance. This hardware-software co-design approach addresses the performance and security trade-offs that have stalled quantum-safe deployments.
"Secure boot is the first line of defence for any connected device, from edge sensors to cloud infrastructure," said Uwe Herzog, Project Coordinator at Eurescom. "FORTRESS will deliver the tools and methodologies Europe needs to transition critical systems to quantum-resistant architectures without compromising performance or introducing new vulnerabilities."
The consortium will develop reference implementations with performance baselines, compliance checklists, and an evaluation framework for quantum-safe secure boot mechanisms across diverse platforms from embedded systems to Critical National Infrastructure (CNI) deployments.
Continuous attestation demonstrators for real-world validation
CyberHive will build technology demonstrators integrating the project's hybrid RoT with continuous runtime attestation and Zero Trust Network Access (ZTNA). These will validate both endpoint and cloud infrastructure integrity in real time.
"We're extending secure boot beyond the initial power-on moment," said David Blundell, CTO and Founder of CyberHive. "The demonstrators will continuously attest trust status across the endpoint-to-cloud chain, automatically responding to supply chain threats via SBOM integration, blocking data transmission if a CVE appears or policy changes flag a compromised component."
The approach addresses a critical gap: existing secure boot mechanisms validate code at startup but lack ongoing visibility into runtime integrity, particularly for cloud-connected devices where the threat surface extends beyond the local hardware.
Algorithmic diversity and performance optimisation
PQShield will lead development of PQ/T hybrid cryptographic cores, balancing the algorithmic diversity required by regulatory mandates with the latency constraints of embedded systems and CNI applications.
"There's no one-size-fits-all post-quantum algorithm," said Axel Poschmann, VP of Product at PQShield. "FORTRESS will characterise the performance and security trade-offs across multiple PQC candidates, enabling implementers to select optimal configurations for their specific threat models and resource constraints while maintaining the security floor provided by traditional cryptography."
The project aligns with initiatives from European Telecommunications Standards Institute (ETSI), Cybersecurity and Infrastructure Security Agency (CISA), and National Cyber Security Centre (NCSC), ensuring technical outputs meet emerging regulatory requirements for quantum-safe transitions. Open reference implementations and evaluation frameworks will be released to support industry adoption.
About the FORTRESS Consortium:
- Eurescom: Project coordination and stakeholder engagement
- PQShield: Post-quantum cryptographic core development
- CyberHive: ZTNA integration and technology demonstrators
- Codasip: CHERI RISC-V processor design
- eShard: Side-channel analysis and countermeasures
- Universität der Bundeswehr München: Hardware implementation of PQC primitives and benchmarking frameworks
FORTRESS is funded under Horizon Europe's Digital, Industry and Space programme.
Further information: pq-fortress.eu
Project Co-ordinator: Uwe Herzog
herzog@eurescom.eu
https://pq-fortress.eu/
https://www.linkedin.com/company/fortress-project/
FORTRESS
Source: Eurescom
Copyright: FORTRESS consortium
Criteria of this press release:
Journalists, Scientists and scholars, all interested persons
Electrical engineering, Information technology, Teaching / education
transregional, national
Research projects, Scientific Publications
English
You can combine search terms with and, or and/or not, e.g. Philo not logy.
You can use brackets to separate combinations from each other, e.g. (Philo not logy) or (Psycho and logy).
Coherent groups of words will be located as complete phrases if you put them into quotation marks, e.g. “Federal Republic of Germany”.
You can also use the advanced search without entering search terms. It will then follow the criteria you have selected (e.g. country or subject area).
If you have not selected any criteria in a given category, the entire category will be searched (e.g. all subject areas or all countries).
