In 1994, Peter Shor presented quantum algorithms that could solve mathematical problems that were not practical for conventional computers to solve (such as breaking down natural numbers into their prime factors). If these quantum algorithms were to be implemented on a quantum computer with large enough qubits, they would be able to break the public key cryptography that is widely used today. That is because this type of cryptography relies on those mathematical problems being difficult to solve, but quantum computers can solve them efficiently. Quantum computers could be used to publicly disclose the passwords, financial transactions, classified information, emails and other information secured using public key processes.
To prevent this scenario, scientists, businesses and governments all over the world are working on developing, researching and selecting cryptographic processes that can be implemented on conventional hardware and are resistant to attacks from quantum computers. This field of research is known as post-quantum cryptography (PQC).
Standardization bodies such as the National Institute of Standards and Technology (NIST) in the US launched a process for the standardization of quantum-resistant algorithms in 2017. After three selection rounds, this process produced its initial recommendations in mid-2022 (csrc.nist.gov). At present, the body is converting the selected PQC algorithms into standards while also carrying the PQC standardization process forward into a fourth round, although the first PQC candidates have already been selected.
Fraunhofer AISEC is involved in multiple research projects in post-quantum cryptography and is pooling its expertise in the “Competence Center for Post-Quantum Cryptography,” which has existed since May 2022.
As the first in a series on PQC, this article is intended to provide an overview of the PQC-focused research projects that are currently ongoing at the AISEC. The articles, which will be published in the coming months, will shed light on the results of the research projects and stimulate the design of asset encryption to be resistant to quantum computers.
The aim of the Aquorypt (Anwendbarkeit quantencomputerresistenter kryptografischer Verfahren, applicability of quantum-resistant cryptographic processes) research project is to investigate the applicability and practical implementation of cryptographic processes that are resistant to quantum computers. It focuses on resource limitations (code size, use of storage), restrictions on runtime and hardware security using masked implementations and side channel analysis. The research focuses on two areas of use: smartcard-based security applications and industrially embedded systems. The project team is evaluating methods that provide an adequate level of security, and efficiently implementing them in hardware and software. For existing systems, it is identifying opportunities to switch from established processes to ones that are resistant to quantum computers. The results could be used to protect industrial control systems or smartcard-based security applications.
The aim of the KBLS (Kryptobibliothek Botan für langlebige Sicherheit, Botan cryptolibrary for durable security) project is to make cryptographic processes available to software developers through the Botan library. The Botan library meets the security criteria of the German Federal Office for Information Security (BSI) and is already implementing a large number of up-to-date cryptographic algorithms. As well as implementing the algorithms, the project is also creating solutions to issues of cryptoagility and usability. All the interfaces that the library offers for accessing cryptographic algorithms and protocols are implemented in a way that makes it easy to switch to alternative algorithms. This is intended to make the switch to post-quantum algorithms simpler.
In addition, the new quantum-resistant processes are implemented in a simple and easy-to-understand way and are explained in the documentation, allowing cryptographic processes to be used securely without in-depth knowledge. This step plays a major role in the dissemination and acceptance of post-quantum processes, as these are based on mathematical problems that have not yet been used in cryptography and that are more complex and larger than the cryptographic standards currently in use.
The FLOQI (Full-Lifecycle Post-Quantum PKI) project, funded by the German Federal Ministry of Education and Research (BMBF), is aimed at developing a PKI (public key infrastructure) that is resistant to quantum computers. This needs to be compatible with current cryptographic processes. To achieve this, post-quantum processes are implemented on different platforms and tested in three demonstrators for use in the context of industry 4.0 and in the automotive industry. These areas of use require durable and secure processes, because products such as production facilities remain in use for several decades. To make the transition from the existing processes to the new ones as smooth as possible, the project is developing processes to enable the existing processes to be used in parallel with the newly developed, post-quantum ones. The results will be included in international standards.
The QuaSiModO (Quanten-Sichere VPN-Module und -Operationsmodi, quantum-secure VPN modules and operation modes) project, funded by the German Federal Ministry of Education and Research (BMBF), aims to add quantum-resistant algorithms to existing VPNs (virtual private networks). In the course of adding to existing protocols, the project examines possible solutions in detail and produces results that assist the standardization bodies in their decision-making process. Feasibility and security in practice are key. VPNs can be used in different layers of the OSI model. This project focuses on layers two and three. In particular, the MACsec protocol is being examined in layer 2, and the IPsec protocol in layer 3. The main aims are to investigate the use of quantum-secure algorithms in VPN/key-agreement protocols such as IKEv2 for IPsec and MKA/PACE for MACsec, to implement schemes in established VPN software suites and to carry out a security analysis of the protocols and implementations.
PQC Competence Center
The Competence Center for Post-Quantum Cryptography at Fraunhofer AISEC is a neutral, manufacturer-independent center that aims to help businesses and public bodies to migrate to quantum-secure cryptographic processes. It focuses on three main aspects:
- Firstly, it offers individual advice and support to implement the migration to quantum-secure architecture designs. This includes designing and implementing migration strategies, selecting suitable PQC processes and creating crypto and security concepts.
- Secondly, the competence center offers security analyses of PQC implementations. This can include, for example, security investigations of software and hardware components, an analysis of the correct use of PQC cryptolibraries and an assessment of PQC solutions that are available on the market.
- Thirdly, the competence center serves as a portal for information on post-quantum cryptography. Here, the focus is on providing information on quantum-resistant processes and material on common sector-specific aspects, presenting scientific progress, assessing specific attacks on PQC implementation and demonstrating countermeasures.
For more information, you can visit the competence center website and get in touch (https://www.aisec.fraunhofer.de/de/das-institut/kompetenzzentrum-post-quanten-kryptografie.html).
Nicolas Buchmann graduated from Freie Universität Berlin in 2019 with a PhD in the life cycle of electronic travel documents focusing on cryptography, post-quantum cryptography and general IT security, and has been working at Fraunhofer AISEC since 2021. Alongside his PhD at Freie Universität Berlin, he oversaw the BMBF project “MEDIAN,” which focused on contactless fingerprint capturing.
Benjamin Zengin has been working as a research fellow in the secure systems engineering department of Fraunhofer AISEC in Berlin since July 2018. The main focus of his research here is on post-quantum cryptography and supporting businesses in creating and evaluating cryptographic concepts.
Felix Schärtl has been a research fellow at the Weiden office of Fraunhofer AISEC since June 2020. As a mathematician and expert in cryptography in the secure infrastructure department, he conducts his research mainly in the field of applied post-quantum cryptography.
Tudor A. A. Soroceanu
Tudor A. A. Soroceanu is responsible for several projects at Fraunhofer AISEC, including KBLS, which is adding post-quantum libraries to the Botan cryptolibrary. These post-quantum algorithms include CRYSTALS-Kyber and CRYSTALS-Dilithium.