PQC_Abwehr_ma

Post-quantum cryptography in practice

The threat posed by quantum computers to the asymmetric cryptography in use today has been well known in the scientific community for more than 25 years, since Peter Shor published a polynomial algorithm for prime factorization to solve the discrete logarithm on a quantum computer. In recent years, crypto experts have increasingly been warning of the progress that is being made in quantum computing and its relevance for cryptography. Research on post-quantum cryptography (PQC) at the Fraunhofer Institute for Applied and Integrated Security AISEC aims to enable businesses, government bodies and citizens to continue to have access to usable cryptography that will remain secure in the long term so they can keep their data secure. This blog article provides a brief overview of four ongoing projects.

In 1994, Peter Shor presented quantum algorithms that could solve mathematical problems that were not practical for conventional computers to solve (such as breaking down natural numbers into their prime factors). If these quantum algorithms were to be implemented on a quantum computer with large enough qubits, they would be able to break the public key cryptography that is widely used today. That is because this type of cryptography relies on those mathematical problems being difficult to solve, but quantum computers can solve them efficiently. Quantum computers could be used to publicly disclose the passwords, financial transactions, classified information, emails and other information secured using public key processes.

To prevent this scenario, scientists, businesses and governments all over the world are working on developing, researching and selecting cryptographic processes that can be implemented on conventional hardware and are resistant to attacks from quantum computers. This field of research is known as post-quantum cryptography (PQC).

Standardization bodies such as the National Institute of Standards and Technology (NIST) in the US launched a process for the standardization of quantum-resistant algorithms in 2017. After three selection rounds, this process produced its initial recommendations in mid-2022 (csrc.nist.gov). At present, the body is converting the selected PQC algorithms into standards while also carrying the PQC standardization process forward into a fourth round, although the first PQC candidates have already been selected.

Fraunhofer AISEC is involved in multiple research projects in post-quantum cryptography and is pooling its expertise in the “Competence Center for Post-Quantum Cryptography,” which has existed since May 2022.

As the first in a series on PQC, this article is intended to provide an overview of the PQC-focused research projects that are currently ongoing at the AISEC. The articles, which will be published in the coming months, will shed light on the results of the research projects and stimulate the design of asset encryption to be resistant to quantum computers. 

Aquorypt

The aim of the Aquorypt (Anwendbarkeit quantencomputerresistenter kryptografischer Verfahren, applicability of quantum-resistant cryptographic processes) research project is to investigate the applicability and practical implementation of cryptographic processes that are resistant to quantum computers. It focuses on resource limitations (code size, use of storage), restrictions on runtime and hardware security using masked implementations and side channel analysis. The research focuses on two areas of use: smartcard-based security applications and industrially embedded systems. The project team is evaluating methods that provide an adequate level of security, and efficiently implementing them in hardware and software. For existing systems, it is identifying opportunities to switch from established processes to ones that are resistant to quantum computers. The results could be used to protect industrial control systems or smartcard-based security applications.

KBLS

The aim of the KBLS (Kryptobibliothek Botan für langlebige Sicherheit, Botan cryptolibrary for durable security) project is to make cryptographic processes available to software developers through the Botan library. The Botan library meets the security criteria of the German Federal Office for Information Security (BSI) and is already implementing a large number of up-to-date cryptographic algorithms. As well as implementing the algorithms, the project is also creating solutions to issues of cryptoagility and usability. All the interfaces that the library offers for accessing cryptographic algorithms and protocols are implemented in a way that makes it easy to switch to alternative algorithms. This is intended to make the switch to post-quantum algorithms simpler.

In addition, the new quantum-resistant processes are implemented in a simple and easy-to-understand way and are explained in the documentation, allowing cryptographic processes to be used securely without in-depth knowledge. This step plays a major role in the dissemination and acceptance of post-quantum processes, as these are based on mathematical problems that have not yet been used in cryptography and that are more complex and larger than the cryptographic standards currently in use.

FLOQI

The FLOQI (Full-Lifecycle Post-Quantum PKI) project, funded by the German Federal Ministry of Education and Research (BMBF), is aimed at developing a PKI (public key infrastructure) that is resistant to quantum computers. This needs to be compatible with current cryptographic processes. To achieve this, post-quantum processes are implemented on different platforms and tested in three demonstrators for use in the context of industry 4.0 and in the automotive industry. These areas of use require durable and secure processes, because products such as production facilities remain in use for several decades. To make the transition from the existing processes to the new ones as smooth as possible, the project is developing processes to enable the existing processes to be used in parallel with the newly developed, post-quantum ones. The results will be included in international standards.

QuaSiModO

The QuaSiModO (Quanten-Sichere VPN-Module und -Operationsmodi, quantum-secure VPN modules and operation modes) project, funded by the German Federal Ministry of Education and Research (BMBF), aims to add quantum-resistant algorithms to existing VPNs (virtual private networks). In the course of adding to existing protocols, the project examines possible solutions in detail and produces results that assist the standardization bodies in their decision-making process. Feasibility and security in practice are key. VPNs can be used in different layers of the OSI model. This project focuses on layers two and three. In particular, the MACsec protocol is being examined in layer 2, and the IPsec protocol in layer 3. The main aims are to investigate the use of quantum-secure algorithms in VPN/key-agreement protocols such as IKEv2 for IPsec and MKA/PACE for MACsec, to implement schemes in established VPN software suites and to carry out a security analysis of the protocols and implementations.

PQC Competence Center

The Competence Center for Post-Quantum Cryptography at Fraunhofer AISEC is a neutral, manufacturer-independent center that aims to help businesses and public bodies to migrate to quantum-secure cryptographic processes. It focuses on three main aspects:

  • Firstly, it offers individual advice and support to implement the migration to quantum-secure architecture designs. This includes designing and implementing migration strategies, selecting suitable PQC processes and creating crypto and security concepts.
  • Secondly, the competence center offers security analyses of PQC implementations. This can include, for example, security investigations of software and hardware components, an analysis of the correct use of PQC cryptolibraries and an assessment of PQC solutions that are available on the market.
  • Thirdly, the competence center serves as a portal for information on post-quantum cryptography. Here, the focus is on providing information on quantum-resistant processes and material on common sector-specific aspects, presenting scientific progress, assessing specific attacks on PQC implementation and demonstrating countermeasures.

For more information, you can visit the competence center website and get in touch (https://www.aisec.fraunhofer.de/de/das-institut/kompetenzzentrum-post-quanten-kryptografie.html).

Authors
Grau_Logo_Blog_Author
Nicolas Buchmann

Nicolas Buchmann graduated from Freie Universität Berlin in 2019 with a PhD in the life cycle of electronic travel documents focusing on cryptography, post-quantum cryptography and general IT security, and has been working at Fraunhofer AISEC since 2021. Alongside his PhD at Freie Universität Berlin, he oversaw the BMBF project “MEDIAN,” which focused on contactless fingerprint capturing.

Contact: nicolas.buchmann(at)aisec.fraunhofer.de 

Grau_Logo_Blog_Author
Benjamin Zengin

Benjamin Zengin has been working as a research fellow in the secure systems engineering department of Fraunhofer AISEC in Berlin since July 2018. The main focus of his research here is on post-quantum cryptography and supporting businesses in creating and evaluating cryptographic concepts.

Contact: benjamin.zengin(at)aisec.fraunhofer.de

Grau_Logo_Blog_Author
Felix Schärtl

Felix Schärtl has been a research fellow at the Weiden office of Fraunhofer AISEC since June 2020. As a mathematician and expert in cryptography in the secure infrastructure department, he conducts his research mainly in the field of applied post-quantum cryptography.  

Contact: felix.schaertl(at)aisec.fraunhofer.de

Grau_Logo_Blog_Author
Tudor A. A. Soroceanu

Tudor A. A. Soroceanu is responsible for several projects at Fraunhofer AISEC, including KBLS, which is adding post-quantum libraries to the Botan cryptolibrary. These post-quantum algorithms include CRYSTALS-Kyber and CRYSTALS-Dilithium.

Contact: tudor.soroceanu(at)aisec.fraunhofer.de

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

Other Articles

Fraunhofer AISEC commissioned by the German Federal Office for Information Security (BSI): New study on the synthesis of cryptographic hardware implementations

The study by Fraunhofer AISEC on the security of cryptographic hardware implementations focuses on physical attacks on hardware, such as side-channel attacks and fault attacks, as well as measures to defend against them. These protective mechanisms can potentially be compromised by optimizations in the chip design process. The study shows that protective measures should be integrated into complex design processes and taken into account in hardware design synthesis in order to be resilient to hardware attacks. The findings will help hardware designers to develop robust and secure chips.

Read More »

Faster detection and rectification of security vulnerabilities in software with CSAF

The Common Security Advisory Framework (CSAF) is a machine-readable format for security notices and plays a crucial role in implementing the security requirements of the Cyber Resilience Act (CRA): Security vulnerabilities can be detected and rectified faster by automatically creating and sharing security information. Fraunhofer AISEC has now published the software library »kotlin-csaf«, which implements the CSAF standard in the Kotlin programming language.

Read More »

Privacy By Design: Integrating Privacy into the Software Development Life Cycle

As data breaches and privacy violations continue to make headlines, it is evident that mere reactive measures are not enough to protect personal data. Therefore, behind every privacy-aware organization lies an established software engineering process that systematically includes privacy engineering activities. Such activities include the selection of privacy-enhancing technologies, the analysis of potential privacy threats, as well as the continuous re-evaluation of privacy risks at runtime.
In this blog post, we give an overview of some of these activities which help your organization to build and operate privacy-friendly software by design. In doing so, we focus on risk-based privacy engineering as the driver for »Privacy by Design«.

Read More »
Headerbild zum Blogartikel "Neue Studie zu Laser-basiertem Fehlerangriff auf XMSS" im Cybersecurityblog des Fraunhofer AISEC

Fraunhofer AISEC commissioned by the German Federal Office for Information Security (BSI): new study of laser-based fault attacks on XMSS

To ensure the security of embedded systems, the integrity and authenticity of the software must be verified, for example through signatures. However, targeted hardware attacks enable malware to be used to take over the system. What risks are modern cryptographic implementations exposed to? What countermeasures need to be taken? To answer these questions, Fraunhofer AISEC was commissioned by the German Federal Office for Information Security (BSI) to carry out a study of laser-based fault attacks on XMSS. The focus is on a hash-based, quantum-secure scheme for creating and verifying signatures based on the Winternitz One-Time-Signature (WOTS) scheme.

Read More »