Quantum computers have the potential to break cryptographic schemes like RSA and ECC* which are currently used for encrypting personal and sensitive data. Ultimately, the confidentiality of digital communication and data exchange in mobile communications, in the Internet of Things or in the public domain could be at threat.
To tackle this massive challenge, leading industry players and security experts like Infineon Technologies AG as well as academia have started working on two new research projects. The aim of these projects is to develop chip based quantum-safe security mechanisms. Both projects are publicly funded by the Federal Ministry of Research and Education in Germany. They focus on the following topics:
Future-proof security for industrial control systems and smart cards
The project Aquorypt will investigate the applicability and practical implementation of quantum-safe cryptographic methods for embedded systems. The project team evaluates procedures that have an adequate security level and implements them efficiently in hardware and software. The results could be used for protecting industrial control systems or smart card based security applications. While the security requirements are comparable, these embedded systems differ in terms of technical limitations. Industrial control systems operate within narrow time limits and are characterized by a long lifetime. Smart card based security applications such as debit and credit cards, on the other hand, have to manage with little memory space and low computing power.
Long-term security of embedded systems in medical technology
The project PQC4MED focusses on embedded systems in medical products and follows a systemic approach: both the hardware and the associated software must allow for the exchange of cryptographic procedures in order to counter threats such as those posed by quantum computers. Currently discussed quantum-safe signature and encryption methods are being evaluated and implemented exemplarily. The solution will be tested in a use case from the field of medical technology.
Shaping the security market with continuous research and innovation
The latest Data Threat Report from Thales reveals that 72 percent of surveyed organisations believe quantum computing power will affect their data security operations within the next five years – 27 percent see it as a threat within the next year, highlighting the need for organizations to improve their post-quantum encryption strength. Robust and future-proof security solutions are needed almost everywhere: for the connected car, for industrial robots, for mobile communication and for many other applications.
German semiconductor manufacturer Infineon has been at the forefront of post-quantum cryptography development since 2017. Infineon is contributing to the development and standardization of the quantum-safe cryptographic schemes New Hope and SPHINCS+. Both are part of the international standardization process initiated by the National Institute for Standards and Technologies (NIST) which currently includes 26 out of initially 69 suggestions. NIST’s third round is starting in June 2020, draft standards for PQC are expected earliest by 2022.
New Hope is a key-exchange protocol based on the Ring-Learning-with-Errors (Ring-LWE) problem. It achieves the highest NIST Security Strength Category of 5 and among others an efficient defense against backdoors and so-called “all-for-the-price-of-one” attacks. SPHINCS+ is a stateless hash-based signature scheme based on conservative security assumptions.
Infineon has always been committed to developing and applying open industry standards from international groups which include besides NIST in the USA, the International Organization for Standardization (ISO), or the European Telecommunications Standards Institute (ETSI).
*RSA – Rivest Shamir Adleman Cryptography; ECC – Elliptic Curve Cryptography