Western Digital has announced post-quantum cryptography (PQC) support for its latest Ultrastar UltraSMR hard disk drives, marking one of the first deployments of NIST-approved quantum-resistant algorithms in production storage hardware. The new drives are currently undergoing qualification with multiple hyperscale customers as cloud and AI infrastructure operators begin evaluating long-term cryptographic resilience at the storage layer.
The company positions the move as a response to the changing nature of AI infrastructure, where data persistence is becoming as important as compute performance. Large AI data lakes supporting training, inference, and analytics workloads are expected to remain in service for years, creating new security concerns around future quantum-based attacks.
Western Digital said the new implementation focuses on protecting the device root of trust, firmware integrity, and cryptographic key management rather than encrypting data at rest. The goal is to harden storage infrastructure against future threats such as “harvest now, decrypt later” (HNDL) attacks, where encrypted data collected today could eventually be decrypted once sufficiently capable quantum systems emerge.
Long-Lifecycle Infrastructure Creates Quantum Risk
Enterprise HDD infrastructure often remains in place for five years or more, potentially overlapping with the emergence of cryptographically relevant quantum computing systems. That long service window creates exposure for storage platforms relying solely on traditional public-key cryptography schemes such as RSA and ECC.
Western Digital noted that firmware-level attacks represent a growing concern in modern storage environments. A sufficiently advanced quantum adversary could theoretically forge firmware signatures or compromise trust chains, allowing malicious firmware updates to appear legitimate. As infrastructure operators increasingly automate fleet management and remote servicing, maintaining trusted firmware validation becomes critical.
PQC Implementation Details
The company’s PQC rollout debuts on the Ultrastar DC HC6100 UltraSMR platform. Western Digital said the implementation is designed to secure device trust chains throughout manufacturing, deployment, and field servicing workflows.
The implementation uses ML-DSA-87, the NIST FIPS 204 standardized algorithm derived from CRYSTALS-Dilithium, for high-assurance code signing. Western Digital is also using a dual-signing model combining ML-DSA-87 with RSA-3072 to maintain compatibility with existing infrastructure while introducing quantum-resistant protections.
The company also deployed PQC-capable public key infrastructure (PKI) and hardware security module (HSM) workflows to support key issuance, lifecycle management, and rotation. Operational safeguards include rollback protections and dual-signing support intended to simplify deployment across mixed hardware fleets without disrupting current enterprise workflows.
Western Digital CTO and SVP Dr. Xiaodong “Carl” Che said the rapid pace of quantum computing development is driving the need for updated infrastructure security models, particularly for AI-driven environments that manage long-lived and increasingly valuable data sets. He added that the company’s implementation aligns with emerging standards efforts, including NIST guidance and CNSA 2.0 recommendations.
Western Digital expects to expand PQC support across additional enterprise HDD product families over time as quantum-safe infrastructure requirements become more common in hyperscale and enterprise environments.
Amazon