Post-quantum cryptography in practice

The threat posed by quantum computers to the asymmetric cryptography in use today has been well known in the scientific community for more than 25 years, since Peter Shor published a polynomial algorithm for prime factorization to solve the discrete logarithm on a quantum computer. In recent years, crypto experts have increasingly been warning of the progress that is being made in quantum computing and its relevance for cryptography. Research on post-quantum cryptography (PQC) at the Fraunhofer Institute for Applied and Integrated Security AISEC aims to enable businesses, government bodies and citizens to continue to have access to usable cryptography that will remain secure in the long term so they can keep their data secure. This blog article provides a brief overview of four ongoing projects.

In 1994, Peter Shor presented quantum algorithms that could solve mathematical problems that were not practical for conventional computers to solve (such as breaking down natural numbers into their prime factors). If these quantum algorithms were to be implemented on a quantum computer with large enough qubits, they would be able to break the public key cryptography that is widely used today. That is because this type of cryptography relies on those mathematical problems being difficult to solve, but quantum computers can solve them efficiently. Quantum computers could be used to publicly disclose the passwords, financial transactions, classified information, emails and other information secured using public key processes.

To prevent this scenario, scientists, businesses and governments all over the world are working on developing, researching and selecting cryptographic processes that can be implemented on conventional hardware and are resistant to attacks from quantum computers. This field of research is known as post-quantum cryptography (PQC).

Standardization bodies such as the National Institute of Standards and Technology (NIST) in the US launched a process for the standardization of quantum-resistant algorithms in 2017. After three selection rounds, this process produced its initial recommendations in mid-2022 (csrc.nist.gov). At present, the body is converting the selected PQC algorithms into standards while also carrying the PQC standardization process forward into a fourth round, although the first PQC candidates have already been selected.

Fraunhofer AISEC is involved in multiple research projects in post-quantum cryptography and is pooling its expertise in the “Competence Center for Post-Quantum Cryptography,” which has existed since May 2022.

As the first in a series on PQC, this article is intended to provide an overview of the PQC-focused research projects that are currently ongoing at the AISEC. The articles, which will be published in the coming months, will shed light on the results of the research projects and stimulate the design of asset encryption to be resistant to quantum computers. 

Aquorypt

The aim of the Aquorypt (Anwendbarkeit quantencomputerresistenter kryptografischer Verfahren, applicability of quantum-resistant cryptographic processes) research project is to investigate the applicability and practical implementation of cryptographic processes that are resistant to quantum computers. It focuses on resource limitations (code size, use of storage), restrictions on runtime and hardware security using masked implementations and side channel analysis. The research focuses on two areas of use: smartcard-based security applications and industrially embedded systems. The project team is evaluating methods that provide an adequate level of security, and efficiently implementing them in hardware and software. For existing systems, it is identifying opportunities to switch from established processes to ones that are resistant to quantum computers. The results could be used to protect industrial control systems or smartcard-based security applications.

KBLS

The aim of the KBLS (Kryptobibliothek Botan für langlebige Sicherheit, Botan cryptolibrary for durable security) project is to make cryptographic processes available to software developers through the Botan library. The Botan library meets the security criteria of the German Federal Office for Information Security (BSI) and is already implementing a large number of up-to-date cryptographic algorithms. As well as implementing the algorithms, the project is also creating solutions to issues of cryptoagility and usability. All the interfaces that the library offers for accessing cryptographic algorithms and protocols are implemented in a way that makes it easy to switch to alternative algorithms. This is intended to make the switch to post-quantum algorithms simpler.

In addition, the new quantum-resistant processes are implemented in a simple and easy-to-understand way and are explained in the documentation, allowing cryptographic processes to be used securely without in-depth knowledge. This step plays a major role in the dissemination and acceptance of post-quantum processes, as these are based on mathematical problems that have not yet been used in cryptography and that are more complex and larger than the cryptographic standards currently in use.

FLOQI

The FLOQI (Full-Lifecycle Post-Quantum PKI) project, funded by the German Federal Ministry of Education and Research (BMBF), is aimed at developing a PKI (public key infrastructure) that is resistant to quantum computers. This needs to be compatible with current cryptographic processes. To achieve this, post-quantum processes are implemented on different platforms and tested in three demonstrators for use in the context of industry 4.0 and in the automotive industry. These areas of use require durable and secure processes, because products such as production facilities remain in use for several decades. To make the transition from the existing processes to the new ones as smooth as possible, the project is developing processes to enable the existing processes to be used in parallel with the newly developed, post-quantum ones. The results will be included in international standards.

QuaSiModO

The QuaSiModO (Quanten-Sichere VPN-Module und -Operationsmodi, quantum-secure VPN modules and operation modes) project, funded by the German Federal Ministry of Education and Research (BMBF), aims to add quantum-resistant algorithms to existing VPNs (virtual private networks). In the course of adding to existing protocols, the project examines possible solutions in detail and produces results that assist the standardization bodies in their decision-making process. Feasibility and security in practice are key. VPNs can be used in different layers of the OSI model. This project focuses on layers two and three. In particular, the MACsec protocol is being examined in layer 2, and the IPsec protocol in layer 3. The main aims are to investigate the use of quantum-secure algorithms in VPN/key-agreement protocols such as IKEv2 for IPsec and MKA/PACE for MACsec, to implement schemes in established VPN software suites and to carry out a security analysis of the protocols and implementations.

PQC Competence Center

The Competence Center for Post-Quantum Cryptography at Fraunhofer AISEC is a neutral, manufacturer-independent center that aims to help businesses and public bodies to migrate to quantum-secure cryptographic processes. It focuses on three main aspects:

  • Firstly, it offers individual advice and support to implement the migration to quantum-secure architecture designs. This includes designing and implementing migration strategies, selecting suitable PQC processes and creating crypto and security concepts.
  • Secondly, the competence center offers security analyses of PQC implementations. This can include, for example, security investigations of software and hardware components, an analysis of the correct use of PQC cryptolibraries and an assessment of PQC solutions that are available on the market.
  • Thirdly, the competence center serves as a portal for information on post-quantum cryptography. Here, the focus is on providing information on quantum-resistant processes and material on common sector-specific aspects, presenting scientific progress, assessing specific attacks on PQC implementation and demonstrating countermeasures.

For more information, you can visit the competence center website and get in touch (https://www.aisec.fraunhofer.de/de/das-institut/kompetenzzentrum-post-quanten-kryptografie.html).

Authors
Grau_Logo_Blog_Author
Nicolas Buchmann

Nicolas Buchmann graduated from Freie Universität Berlin in 2019 with a PhD in the life cycle of electronic travel documents focusing on cryptography, post-quantum cryptography and general IT security, and has been working at Fraunhofer AISEC since 2021. Alongside his PhD at Freie Universität Berlin, he oversaw the BMBF project “MEDIAN,” which focused on contactless fingerprint capturing.

Kontakt: nicolas.buchmann@aisec.fraunhofer.de 

Grau_Logo_Blog_Author
Benjamin Zengin

Benjamin Zengin has been working as a research fellow in the secure systems engineering department of Fraunhofer AISEC in Berlin since July 2018. The main focus of his research here is on post-quantum cryptography and supporting businesses in creating and evaluating cryptographic concepts.

Kontakt: benjamin.zengin@aisec.fraunhofer.de

Grau_Logo_Blog_Author
Felix Schärtl

Felix Schärtl has been a research fellow at the Weiden office of Fraunhofer AISEC since June 2020. As a mathematician and expert in cryptography in the secure infrastructure department, he conducts his research mainly in the field of applied post-quantum cryptography.  

Kontakt: felix.schaertl@aisec.fraunhofer.de

Grau_Logo_Blog_Author
Tudor A. A. Soroceanu

Tudor A. A. Soroceanu is responsible for several projects at Fraunhofer AISEC, including KBLS, which is adding post-quantum libraries to the Botan cryptolibrary. These post-quantum algorithms include CRYSTALS-Kyber and CRYSTALS-Dilithium.

Kontakt: tudor.soroceanu@aisec.fraunhofer.de

Most Popular

Never want to miss a post?

Please submit your e-mail address to be notified about new blog posts.
 
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.
Bitte füllen Sie das Pflichtfeld aus.

* Mandatory

* Mandatory

By filling out the form you accept our privacy policy.

Leave a Reply

You have to agree to the comment policy.

Other Articles

Digital twins and their potential for OT security

A digital twin is a virtual representation of a real system or device. It accompanies its physical counterpart during its entire life cycle. Tests, optimization procedures and bug hunting can be carried out on the twin first without involving the real device (that may not even exist at that moment). In this article, I want to give you some recommendations on how to harness that potential for improving upon the state of OT security (Operational Technology Security), e.g., within manufacturing or building automation.

Read More »

Post-quantum cryptography in practice

The threat posed by quantum computers to the asymmetric cryptography in use today has been well known in the scientific community for more than 25 years, since Peter Shor published a polynomial algorithm for prime factorization to solve the discrete logarithm on a quantum computer. In recent years, crypto experts have increasingly been warning of the progress that is being made in quantum computing and its relevance for cryptography.

Research on post-quantum cryptography (PQC) at the Fraunhofer Institute for Applied and Integrated Security AISEC aims to enable businesses, government bodies and citizens to continue to have access to usable cryptography that will remain secure in the long term so they can keep their data secure. This blog article provides a brief overview of four ongoing projects.

Read More »

Digital identities — a statement by our expert Marian Margraf for the German Federal Parliament’s Committee on Digital Affairs

On July 4, 2022, the Committee on Digital Affairs held a public hearing on “Digital identities” at the German Federal Parliament (Bundestag). Our expert Marian Margraf, Head of Secure Systems Engineering at Fraunhofer AISEC and Professor at Freie Universität Berlin, was invited to the event. He addressed in particular the use of the self-sovereign identity (SSI) principle in current solutions, for example in mobile end devices. In addition to the challenges presented by the widespread use of digital identities, he also outlined possible solutions for electronic trust services that are both secure and socially accepted. This blog article is an abridged transcript of his statement.

Read More »

Innovating with security: Fraunhofer AISEC launches its cybersecurity blog

The cybersecurity blog goes live: Fraunhofer AISEC’s new blog is presenting exciting topics from the IT security research world in a new format: Expect fascinating content from the areas of trusted AI, trusted electronics, quantum computing and much more. The mega-trend of digitalization is becoming increasingly important to both the economy and society. Networked infrastructures and sensitive data need to be protected, while attacks by cybercriminals must be detected and prevented. More than 100 experts at the Fraunhofer Institute for Applied and Integrated Security AISEC are developing cybersecurity concepts and solutions that are necessary to achieve this. This blog will

Read More »