News

Forget Evil AI, .NET 10 Tackles Quantum Threats

• By David Ramel
• 06/11/2025

Microsoft's new .NET 10 Preview 5 quietly introduces support for post-quantum cryptography based on newly finalized industry standards, marking an early move to help developers defend applications against future quantum-powered attacks.

While this might not seem to be a major feature to focus on in a .NET 10 release, there's not much else in Preview 5 that stands out. The update is largely a collection of incremental fixes and under-the-hood improvements. The post-quantum cryptography (PQC) support is one new capability that looks firmly toward the future -- and one that aligns with broader industry efforts to get ready for the quantum era before it arrives. The move also reflects Microsoft's broader push to bring quantum-safe cryptography to its entire stack, from Windows and Azure to its developer tools.

What's PQC?
PQC refers to new kinds of encryption algorithms that are designed to resist attacks from future quantum computers. Today's widely used algorithms, such as RSA and ECC, rely on mathematical problems that would be relatively easy for large quantum computers to solve. Post-quantum algorithms are built around different types of problems that should remain difficult even for quantum machines.

Industry experts don't expect quantum computers capable of breaking current encryption to appear for several years, but there's strong consensus that the time to begin transitioning to quantum-safe cryptography is now.

One reason is the risk of so-called "harvest now, decrypt later" attacks, where adversaries collect encrypted data today in the hope of unlocking it when quantum capabilities arrive. Another is that shifting global software systems to new cryptographic standards is a multi-year effort, one that requires standards bodies, vendors, cloud platforms, and developers to act well in advance.

In .NET 10 Preview 5, Microsoft added support for three post-quantum cryptographic algorithms to the core libraries. These new algorithms can be used through the System.Security.Cryptography namespace, giving developers access to quantum-resistant tools for tasks such as secure key exchange and digital signatures.

The APIs take a slightly different approach than older asymmetric algorithms in .NET, emphasizing static methods for key generation and import. For now, the new functionality is marked as experimental and is only available on systems using OpenSSL 3.5 or newer, with broader platform support expected later.

Microsoft's PQC Efforts
The .NET 10 work is part of a larger Microsoft initiative to prepare its platforms for a post-quantum future. The company has also brought PQC capabilities to Windows 11, Windows Server 2025, Azure, and Microsoft 365 services. Recent Windows Insider and Linux builds offer early-access PQC tooling, and Microsoft is contributing to industry efforts led by NIST to promote hybrid cryptography approaches that combine classical and post-quantum techniques during this transition period.

Microsoft is preparing for PQC in many ways, having already introduced the Quantum-Safe OpenSSH virtual machine image in the Azure Marketplace that "Adds experimental post-quantum cryptography to OpenSSH using the liboqs library."

Although PQC concerns are still years away -- maybe a decade or more according to some industry pundits -- Microsoft and others are preparing early.

"We are investing deeply in post-quantum cryptography now so that our platforms and our customers are protected against future quantum advances. This is a marathon, not a sprint," said Microsoft's Aabha Thipsay in a September 2024 blog post titled "Microsoft's quantum-resistant cryptography is here."

Thipsay appears to be Microsoft's point person on this, as she addressed it yet again just a few weeks ago.

"Preparing for the quantum future is a complex and multi-year journey. By bringing post-quantum cryptography to our platforms and services today, we enable developers and organizations to begin that journey with us," she said in a May 2025 blog post titled "Post-Quantum Cryptography Comes to Windows Insiders and Linux."

She was referring to Microsoft's efforts across multiple platforms, including Windows and Linux builds now testing PQC tools, mentioned above.

Industry Efforts
As noted, Microsoft's push is part of a wider, industry-wide effort to standardize and deploy post-quantum algorithms. In August 2024, NIST finalized its first set of post-quantum cryptography standards, paving the way for vendors and platforms to adopt them.

"The algorithms announced today are specified in the first completed standards from NIST's PQC standardization project, and are ready for immediate use," said an August 2024 news release titled "NIST Releases First 3 Finalized Post-Quantum Encryption Standards."

Other tech giants are also moving quickly to adopt PQC in widely used consumer services.

"We rebuilt the iMessage cryptographic protocol from the ground up," said Apple in a February 2024 blog post titled "iMessage with PQ3: The new state of the art in quantum-secure messaging."

"Defeating PQ3 security requires defeating both the existing, classical ECC cryptography and the new post-quantum primitives," Apple added in the post about iMessage PQ3.

Meanwhile, Cloudflare, specializing in internet infrastructure and security, has implemented post-quantum cryptography measures to protect against "harvest now, decrypt later" attacks, explained in its own PQC page. Their approach includes using TLS 1.3 with post-quantum key agreements like ML-KEM, ensuring that websites and APIs served through Cloudflare are automatically protected without requiring configuration changes. A solution brief linked from the site frames the issue:

As these industry moves illustrate, PQC is quickly moving from theory to implementation across major platforms and ecosystems. With its Preview 5 update, .NET now joins that broader effort -- one that developers will likely see evolving across Microsoft's tooling and services in the months and years ahead.

Other Stuff in .NET 10 Preview 5
As for what else comes with .NET 10 Preview 5, the release includes a variety of bug fixes and performance improvements, as well as updates to the .NET SDK and runtime. It also continues to refine the new features introduced in earlier previews, such as enhanced support for cloud-native development and improved diagnostics tools. Here's a quick summary of other notable updates in .NET 10 Preview 5:

• Runtime Enhancements: Improved JIT inlining, method devirtualization (including array interface methods), array enumeration de-abstraction, improved code layout, and AVX10.2 instruction support (added but disabled pending hardware). Learn more
• ASP.NET Core Updates: Blazor QuickGrid RowClass parameter, Blazor script served as static web asset, NavigateTo behavior change, OpenAPI route template highlighting. Learn more
• F# Enhancements: Updates to the F# language including scoped #nowarn/#warnon directives, FSharp.Core standard library updates, and FSharp.Compiler.Service improvements. Learn more
• Entity Framework Core 10: LINQ enhancements, performance optimizations, and improved support for Azure Cosmos DB. Learn more
• Windows Forms Updates: Clipboard API redesign (breaking change), UITypeEditors improvements, and multiple bug fixes. Learn more
• WPF Enhancements: New Fluent style additions, Clipboard API changes, and performance optimizations. Learn more