Written by 
By Robert Bach, Infineon TechnologiesAs a pioneer in the development of encryption mechanisms that can withstand the computing powerof future quantum computers, Infineon is already preparing for the smooth transition from currently used security protocols to post-quantum cryptography (PQC). In a world of quantum computers, PQC should provide a level of security comparable with what RSA and ECC provide today
in the classical computing world.
Post-quantum cryptography refers to new cryptographicalgorithms (usually public-key algorithms) which are expectedto be efficiently secured against an attack using a quantumcomputer.
However, as appropriate quantum computers are not commercially available yet, real-life experiments with PQC are almost impossible today and can only be partly simulated.Nonetheless, academia and businesses are intensely researching PQC to have efficient encryption technologies in place oncequantum computers would hit the market.
The Quantum Computer
A quantum computer uses “qubits” that can exist in any superposition rather than bits (0 or 1) in a conventional device. Consequently, certain calculations can be performedsimultaneously and far faster than ever before, solving problems that would require unattainable amounts of conventionalcomputing power today. With operations that are thousandsof times faster, quantum computers offer new possibilities, for instance, for searching large databases, for chemical orphysical simulations, and in material design, etc. However, this operating power may also allow the decoding of currently used encryption algorithms that are practically impossible to decode with technologies available today.
Due to their computing power, quantum computers have the disruptive potential to break various currently usedencryption algorithms. Infineon Technologies AG is ready toprovide a smooth transition from today’s security protocolsto next-generation post-quantum cryptography (PQC). The company has already successfully demonstrated the first PQCimplementation on a commercially available contactless securitychip, as used for electronic ID documents. This places Infineonin the pioneering position for encryption that withstandsquantum computing power.
Quantum Computer attacks
Quantum computer attacks on today’s cryptography areexpected to become reality within the next 15 to 20 years. Onceavailable, quantum computers could solve certain calculations much faster than today’s computers, threatening even bestcurrently known security algorithms such as RSA and ECC. Various internet standards like Transport Layer Security (TLS), S/MIME or PGP/ GPG use cryptography based on RSA or ECCto protect data communication with smart cards, computers,servers or industrial control systems. Online banking on “https” sites or “instant messaging” encryption on mobile phones are well-known examples.
The impact on cryptography will be dramatic: most public-key algorithms currently in use are expected to be broken easily by adequate quantum computers including RSA and ECC-based public-key cryptography algorithms. The most vulnerableapplications concerning quantum-computer attacks are thosewhere asymmetric cryptography is used:
• Communication protocols: Authentication protocols verifying the authenticity via digital certificate provided through a PKI infrastructure. Various internet standards (e.g. Transport Layer Security (TLS), S/MIME, PGP, and GPG.)
• Digital signatures: Digital signatures are increasingly replacing traditional, manual signing of contracts. Theyprotect signed contracts by verifying every bit of thedocument against a digital signature. Public key, i.e. asymmetric, algorithms secure sign and/or verify data through digital signature algorithms.
There are applications, for instance, energy infrastructure,space et al., where products’ lifetime of 15-30 years is common.Thus, these applications and corresponding devices / infrastructure will be in use when quantum computers becomea reality. Therefore, system designers must already think about migration from traditional asymmetric cryptography to PQC.This does not imply that PQC algorithms must mandatorily be implemented now, but rather a forward-looking strategy mustbe in place.
Governmental applications are critical, especially due to thefact that identity theft or misuse can have major consequences.Government ID applications include travel documents(ePassport) and ID cards – often equipped with digital signature functionality.
Standardization bodies are expected to agree on one or multiple PQC algorithms within the next few years before governments and industries mandate the migration. Infineon is activelyparticipating in the development and standardization process in order to enable a smooth transition and to address securitychallenges that may arise in the advent of quantum computers.
To better respond to security threats that are yet tocome, Infineon continuously collaborates with the academic community, customers and partners. And pushes for future standards that can be executed efficiently and securely on small and embedded devices.
There is New Hope
New Hope is a post-quantum key-exchange algorithm, developed by Erdem Akim, Léo Ducas, Peter Schwabeand Thomas Pöppelmann, one of Infineon’s security andcryptography experts. The development of New Hope received the very prestigious Facebook Internet Defense Prize 2016.
New Hope offers a 256-bit security level, has performanceadvantages over previous work due to the use of a better suitederror distribution, a new reconciliation mechanism, efficientdefense against backdoors and so-called “all-for-the-price-of-one” attacks. Google has integrated the New Hope algorithm into its Chrome Canary browser during an experiment to test the practicality of post-quantum cryptography. The experiment was deemed successful.
“The phantom of the quantum computer is keeping academiaand the IT industry on high alert,” said Thomas Pöppelmannfrom Infineon’s Chip Card & Security Division, whoco-developed the New Hope algorithm. “At Infineon, we are proud to be the first to transfer PQC onto contactless smart
cards. Our challenges comprised the small chip size and limited memory capacity to store and execute such a complex algorithm as well as the transaction speed.”
Chip memory size and computation time are key
Security experts at Infineon’s Munich headquarters and the Center of Excellence for contactless technologies in Graz, Austria, made a breakthrough in this field. They implemented a post-quantum key exchange scheme on a commerciallyavailable contactless smart card chip, as used for electronicID documents. Key exchange schemes are used to establish an encrypted channel between two parties. The deployed algorithm is a variant of New Hope.
The small chip size and limited storage space for storing andexecuting such a complex algorithm, as well as the transmission speed were challenging, but puts Infineon in a leading position in this field of encryption that withstands quantum computing power.
In 2017 this achievement was awarded with two SESAMESAwards for post-quantum cryptography on a contactlesssecurity chip.
“Demonstrating post-quantum cryptography on a contactlesssecurity chip puts Infineon in a leading position in this field,”said Thomas Rosteck, Division President Chip Card & Security,Infineon Technologies. “Our security solutions rely on trusted and standardized private and public key algorithms. To betterrespond to security threats that are yet to come, we continuously collaborate with the academic community, customers andpartners. And we push for future standards that can be executed efficiently and securely on small and embedded devices.