Cryptographic inventory
A complete map of every place ECC, RSA, or DH is used in your stack. Vehicle firmware, ECUs, V2X stack, OTA pipeline, OEM cloud, supplier interfaces. Delivered as a queryable registry, not a PDF that goes stale.
V2X · POST-QUANTUM · PKI MIGRATION
ECDSA P-256, the backbone of SCMS and C-ITS CCMS, is mathematically defeated by Shor's algorithm. Vehicles you certify today will outlive that defeat. We migrate V2X PKI to NIST-standardised post-quantum cryptography without breaking interoperability, blowing past the 1,400-byte V2X frame budget, or stranding fleets in the field.
THE THREAT TIMELINE
A new vehicle's service life, the harvest-now-decrypt-later threat, and the arrival of a cryptographically-relevant quantum computer all overlap in the next decade. That overlap is the engineering problem we exist to solve.
THE SPECIFIC PROBLEM
01 · BANDWIDTH
5G-V2X PC5, DSRC, and ITS-G5 all enforce a hard maximum transmission unit. ECDSA fits comfortably. ML-DSA signatures alone are 2,420 bytes. Naïve PQC substitution fragments every Basic Safety Message and collapses effective transmission range. The fix is not a drop-in replacement. It is a re-engineering of the certificate format, the message format, and the validation pipeline.
02 · INTEROPERABILITY
SCMS and C-ITS CCMS were not designed to negotiate algorithms. A PQC-only vehicle entering a region of legacy ECDSA infrastructure is invisible. A legacy vehicle entering a PQC region is rejected. The migration must preserve forward and backward compatibility through a hybrid certificate phase. IEEE 1609.2 and ETSI TS 103 097 are evolving, but the integration work is real and proprietary.
03 · ENDPOINT CAPABILITY
The Secure Elements deployed across existing fleets were designed around elliptic curves. Lattice-based signature schemes need substantially more compute and memory. Some endpoints will get over-the-air firmware updates. Some will require hardware refresh. Some will be retired early. A migration plan is also a procurement plan and a portfolio strategy.
04 · TIME
State-level adversaries are recording V2X traffic today, knowing they can break it later. Vehicle identity, location traces, and over-the-air session keys are all in scope. Waiting for the first cryptographically-relevant quantum computer is not a strategy. By that point, a decade of harvested signal is already retroactively decryptable. The deployment must precede the threat by years, not match it.
THE MIGRATION PATH
Three stages, each with concrete technical targets. We move you across them without breaking a single vehicle in production.
WHAT WE DELIVER
A complete map of every place ECC, RSA, or DH is used in your stack. Vehicle firmware, ECUs, V2X stack, OTA pipeline, OEM cloud, supplier interfaces. Delivered as a queryable registry, not a PDF that goes stale.
Dual-signed certificates using ECDSA + ML-DSA, compliant with ETSI TR 103 619 migration guidance and emerging IEEE 1609.2 extensions. Backward compatible with deployed fleets. Forward compatible with full PQC.
Implicit certificate chaining where the structure is mature enough to deploy, selective signing across BSM and DENM streams during the legacy ITS-G5 phase, FALCON deployment on 5G-V2X PC5 sidelink, batched verification, fragment-aware MAC handling. A layered bandwidth design, not a single-frame fit.
A per-platform plan: which HSMs can ship PQ-enabled firmware, which need silicon replacement, which can be virtualised, which retire. We bring the vendor relationships and the test harness.
Root CA migration with crypto-agility. Pseudonym pool resizing. CRL distribution tuned for larger PQ certificates. Test infrastructure with conformance to NIST PQC validation suites and OmniAir-style interoperability.
Audit-grade documentation aligned to ISO/SAE 21434, UNECE R155 / R156, EU CRA, NSA CNSA 2.0, and BSI TR-02102-1. The evidence pack that turns a type-approval review from a problem into a checkbox.
FREQUENTLY ASKED, HONESTLY ANSWERED
Deeper technical detail in our technical FAQ.
START WITH A READINESS AUDIT
The free assessment is what you do to yourself: a structured walk through the ten dimensions, scored against ISO/SAE 21434 maturity levels. The paid audit is what Digital North does for you: a hands-on engagement against your real systems, with a prescriptive migration plan as the output. Find the right starting point.
See assessment and audit options