Engineers designing connected and embedded systems are increasingly facing a dual challenge. Software stacks continue to grow in complexity, while long-lived products must remain secure well beyond the lifetime of today’s cryptographic assumptions. Together, these pressures are driving a shift in how the industry approaches system security. Rather than relying primarily on software techniques to contain vulnerabilities, more organisations are turning their attention to what the hardware itself can guarantee, particularly as quantum computing begins to influence long term risk planning.
The concern is not that quantum machines will suddenly appear in day to day applications, but that their eventual capability, combined with the way sensitive data is stored and transmitted today, requires action much earlier in the design cycle. In parallel, persistent memory safety flaws in classical systems continue to dominate real world failures and exploits. These two forces – future cryptographic resilience and present day system robustness – are converging to reshape expectations of what secure silicon should provide.
For ASIC design companies such as EnSilica, working across long lifecycle markets including automotive, industrial automation and infrastructure, this shift is increasingly evident. Security architecture is now being discussed at the very start of new chip programmes, rather than being treated as a software defined requirement addressed late in development.
Why architectural change is now on the agenda
Although cryptographic standards are evolving in response to quantum threats, the industry recognises that software alone cannot carry the burden. Long product lifetimes in sectors such as automotive, industrial automation, and critical infrastructure mean that hardware must provide a stable platform capable of supporting post quantum algorithms as they mature. Implementing cryptography in hardware delivers deterministic performance, predictable timing and a reduced attack surface compared with software only approaches.
At the same time, there is growing recognition that many long standing security and reliability issues stem from the underlying processor architecture itself. This has driven interest in capability based models such as CHERI (Capability Hardware Enhanced RISC Instructions). CHERI extends mainstream instruction sets by replacing traditional pointers with capabilities that combine an address with hardware enforced bounds, fine grained permissions and an unforgeable validity tag. Every memory access is checked by the processor, meaning that buffer overruns, out of bounds accesses and pointer corruption are deterministically prevented rather than silently corrupting system state.
For embedded systems, this architectural shift has practical implications. Memory safety violations become immediate, diagnosable exceptions instead of latent faults that are difficult to reproduce and certify. Isolation between software components can be enforced at a much finer granularity than is possible with conventional MPUs, reducing the need for complex privilege partitioning and defensive coding patterns. EnSilica is among the organisations evaluating CHERI and related approaches as part of wider industry momentum toward architectural memory safety.
Architectures that incorporate these principles can materially reduce firmware complexity, improve isolation between mixed criticality workloads, and strengthen a system’s overall safety case. This aligns with what many engineering teams are now seeing across new ASIC programmes: a desire to address root cause vulnerabilities in silicon rather than layering additional software countermeasures on top.
Industry direction: secure by architecture silicon
Several clear trends are emerging across semiconductor roadmaps:
• Integration of post quantum cryptography (PQC)
As the US National Institute of Standards and Technology (NIST) finalises its post quantum standards, hardware acceleration of PQC schemes is becoming more common. New designs increasingly include dedicated engines for lattice-based algorithms such as ML KEM (Kyber) for key establishment and ML DSA (Dilithium) for digital signatures, often deployed in hybrid modes alongside established classical algorithms such as ECDSA. Hardware support avoids the latency, code size and power penalties associated with pure software implementations, particularly in constrained embedded environments.
• Growing interest in memory safe and capability-based architectures
CHERI is the most visible example, but it is part of a broader movement. Tagged memory, fine grained isolation and other architectural mechanisms are appearing across both RISC V and Arm ecosystems, all aimed at eliminating entire classes of memory safety vulnerabilities by design rather than detection.
• Long lifecycle markets driving adoption
Automotive controllers, industrial systems and infrastructure equipment routinely remain in service for a decade or more. For these designs, retrofitting quantum resilient security or architectural mitigations later in the lifecycle is costly and risky, making early investment at the silicon level a more attractive long-term strategy.
• Ecosystem and framework alignment
Security frameworks such as Arm’s Platform Security Architecture (PSA) are helping to formalise security requirements at a system level, defining expectations around isolation, key management, and trusted execution. In parallel, toolchains, verification flows and firmware frameworks are evolving to support both PQC and architectural memory safety concepts, lowering barriers to adoption for custom ASIC developers.
What this means for engineering teams
Designers planning next generation systems now face several strategic considerations:
1. Build security into the hardware budget early
Architectural memory safety and PQC acceleration introduce new dimensions to silicon selection. Evaluating these early avoids downstream redesign or complex mitigation late in development.
2. Expect hybrid cryptography to become normal
For many years, systems will need to operate classical and post quantum algorithms in parallel. Deterministic hardware support ensures this transition does not compromise timing critical or safety critical behaviour.
3. Treat safety and security as linked architectural concerns
Hardware enforced memory safety not only reduces exploitable vulnerabilities but also simplifies functional safety arguments by providing predictable, diagnosable failure modes – an important advantage for ISO 26262 and IEC 61508 programmes.
4. Plan for lifecycle and certification costs
Systems expected to remain secure and compliant into the 2030s benefit from silicon that anticipates future cryptographic and architectural requirements rather than merely satisfying today’s minimum standards.
Navigating an extended transition period
Quantum resilient hardware will not replace existing architectures overnight. Many deployed systems will continue to rely on classical cryptography and software-based protections for years. However, as silicon vendors integrate memory-safe designs and PQC support into their portfolios, new products will increasingly default to secure by architecture foundations.
The direction of travel is clear. Stronger architectural support for both memory safety and long-term cryptographic resilience enables engineers to build systems that remain dependable across evolving threat models. As quantum computing becomes an increasingly realistic consideration in product lifecycle planning, hardware that can absorb these shifts without extensive redesign will offer a tangible and lasting advantage.
About the author:
Ian Lankshear, Chief Executive Officer, EnSilica
Ian co-founded EnSilica in 2001. Under his stewardship, the company has enjoyed sustained growth based on market-led opportunities, innovation and export success. Ian has a strong technical and commercial background covering semiconductors and adjacent markets. Ian’s early career was in radar systems development for Siemens Plessey Systems. He moved into semiconductor development in 1996, working for Hitachi and then for Nokia. Ian holds a First-Class Honours degree in Electrical & Electronics Engineering.
