Quantum computers will be a game changer in many areas where complex calculations are required. However, they also entail a risk that should not be underestimated: current cryptography algorithms, such as those used in electronic ID documents and smart cards, might be compromised in future with quantum computers. Post-quantum cryptography is intended to mitigate this risk. But there is not much time left for the preparations.
By Robert Bach, Infineon Technologies
In contrast to classical computers, quantum computers have the potential to perform complex calculations at unprecedented speeds. They use so-called qubits, which, unlike conventional bits, are not either 0 or 1, but can be in both states simultaneously. This allows quantum computers to perform several calculations parallelly, much faster, and thus solve problems that cannot be mastered with the computing power of today’s systems. As a result, they enable significant advances in many fields of application, for example in searching through large databases, simulation of chemical and physical reactions, and in material design. On the other hand, they also enable the fast prime factorisation of long integers – and by that they have the disruptive potential to break various encryption algorithms currently used. It is commonly assumed that quantum computer attacks on today’s cryptography will become reality within the next 10 to 20 years.
This will certainly have a game-changing effect on the cryptographic security of identity documents like eID cards, especially as they often have a regular lifetime of 10 years and more. The established and widely used encryption algorithms such as RSA (Rivest Shamir Adelman) and ECC (Elliptic Curve Cryptography) deployed in those electronic ID documents and smart cards will be heavily affected by future universal quantum computers. Equally, quantum computers have the potential to disruptively threaten algorithms like ECDSA (Elliptic Curve Digital Signature Algorithm) and protocols like ECDH (Elliptic Curve Diffie-Hellman).
Post-quantum cryptography (PQC) aims to repel the cryptanalysis performed on both quantum and classical computers. PQC schemes are executed on conventional computers and security controllers and do not need a quantum computer to work. From the user’s perspective, they behave similarly to currently available ciphers (e.g., RSA or ECC). PQC schemes rely on new and fundamentally different mathematical foundations. This leads to new challenges when implementing PQC on small chips with limited storage space.
Standardization and adoption are needed
In 2017, the US National Institute of Standards and Technology (NIST) started its post-quantum crypto project and asked for submissions of post-quantum key exchange, public-key encryption, and signature schemes to a competition-like standardisation effort. NIST plans to finalise the first standards for PQC algorithms in summer 2024.
Infineon experts have been working at the forefront of PQC algorithms for years. For example, Infineon contributed to two submissions to the NIST PQC standardisation process, the stateless hash-based signature scheme SPHINCS+ and the NewHope key-exchange protocol.
Besides standardisation, the adoption of infrastructure is required. Communication protocols need to be adapted and standardized. Documents and infrastructure, including the background systems, need to be upgraded.
The transition from today’s conventional algorithms to PQC will be gradual. The speed of migration depends not only on the availability of quantum computers, but also on the extent to which security is critical for the applications in question, the lifetime of devices in the field, and many other factors. How can device vendors navigate all these uncertainties?
One promising path to success lies in crypto agility: devices should be able to evolve to support different crypto algorithms. Adaptability in this dynamic space hinges on the ability to add and exchange crypto algorithms and the corresponding protocols.
Infineon is involved in publicly funded projects and actively advises customers on secure migration to quantum-safe cryptography. In 2022, together with the German Federal Printing Office (Bundesdruckerei GmbH) and the Fraunhofer Institute for Applied and Integrated Security, Infineon demonstrated a quantum computer-resistant version of the Extended Access Control (EAC) protocol for an ePassport with the objective to showcase the feasibility of a quantum-secured ePassport. At the core of the demonstrator is a security controller from Infineon, which protects the data against both conventional and quantum computer attacks.
Early preparation is key
Although the first standardised algorithms are expected in 2024, the rapid development of quantum computing signals the importance of early preparation. Knowledge and expertise will be essential to put appropriate and commercially feasible solutions in place in a timely manner. A good way to familiarise yourself with PQC is working on demonstrators and preparing a timely start with first – although limited – field trials. First pilot projects for national eID cards are expected to start shortly after 2025. First wide-scale rollouts of quantum-safe documents are expected to start before the end of this decade.
Governments and other ID document-issuing organisations should prepare so that they do not risk exposure to the threat of quantum computing. This starts with learning about PQC and developing strategic plans and migration strategies. They need to think about infrastructure, document upgrades, the impact of PQC on their software and hardware (key sizes, required memory…) and so on. And all of this should be done as early as possible to overcome all challenges in good time, because moving to PQC affects the whole lifecycle of a document from industrialisation, personalisation and issuance to operational usage and field updates.
