Following my series on quantum computing (QC), it is timely to look again at what is still the most prominent real-world concern around this technology: its ability to hack classical security methods for encryption and related tasks. Given what I have written on the topic, an understandable counter would be that QC is still in development with long time-horizons (2030-2040) before production, so who cares? One challenge is that dates for Q-day (the popular term for when quantum hacking will become real) are projections; we don’t really know how secret programs and innovations might accelerate the arrival of Q-day, either for brute-force hacks or through new quantum algorithms accessible at lower qubit counts. It is however clear that day will come.
Another challenge is that long-lifetime applications (cars, planes, finance, utilities, defense, …) built today without quantum defenses may still be in use past Q-day. For this reason, NSA supported by NIST and European and Chinese regulatory bodies are putting in place requirements that systems vulnerable to QC attack must be phased out around 2030. At that point it really doesn’t matter how far out we think Q-day might be. Non-compliant products will be shut out of major markets.
Post-quantum security
There are immediate concerns even before Q-day, which suggest we should pay urgent attention to post-quantum security. Hacker initiatives such as ‘Harvest Now, Decrypt Later’ are an immediate threat. A related threat, “Trust Now, Forge Later”, applies to trusted signature mechanisms for over-the-air updates. Bad actors are already collecting and storing encrypted data and signatures for later decryption. We can’t depend on a public announcement of Q-day. We’ll realize it has arrived only when multiple keys and signatures have already been compromised. A determined-enough adversary with deep enough pockets (maybe a nation-state) might pull this off even sooner than regulatory timelines.
Classical security techniques used in encryption, key exchange, and authorization depend on the difficulty of math problems such as factorization for an integer formed as the product of two very large prime numbers. We already know such techniques can be cracked easily on a quantum computer using Shor’s algorithm or related techniques. Post-quantum offers a variety of options for quantum-resistant security. One I have looked at a bit more closely is lattice-based cryptography, based on a very cool bit of math on lattices. More importantly, these algorithms are generally more complex than their classical counterparts, requiring hardware assistance in performance-sensitive applications. (By the way, algorithms are labeled quantum-resistant rather that invulnerable since no-one knows what future quantum algos might be invented.)
Post quantum security support must provide secure boot, secure device authentication, and secure channels. The reference standard now in the US is the NSA’s Commercial National Security Algorithm (CNSA) 2.0. This defines a variety of algorithms proposed by NIST to address different use cases. (NIST doesn’t develop the algorithms itself. It stages bake-offs between algorithms proposed by commercial and other providers. PQShield is one of the contributors to these contests.)
Sebastien Riou (Fellow, Product Security Architecture at PQShield) has hosted a webinar getting into options to secure each aspect: from different options for secure boot and fault injection, device authentication and side-channel protection, and secure channel (also considering side-channel protection). Lots of good information here when considering application-specific tradeoffs.
Partnerships with MicroChip and Collins Aerospace
PQShield has partnered with MicroChip on their PolarFire SoC FPGAs. The webinar highlights a range of products applicable in this context. PQShield’s MicroLib Core library is a bare metal (software-only) PQC library with an option to support side-channel protection. A second level provides platform security with hardware IP, including an AES accelerator, side-channel protection and configurable HW-based PQC acceleration. The third level offers maximum hardware -accelerated performance with AES, lattice-based PQC, all configurable as a high throughput peripheral to serve high bandwidth and/or multi-tasking objectives.
Another partner, Collins Aerospace, is also collaborating with PQShield on a proof-of-concept integration of post-quantum cryptography solutions. As evidence of PQShield’s credibility in this space, their hybrid cryptographic library is undergoing validation for FIPS 140-3, the mandatory standard for the protection of sensitive data within the U.S. and Canadian federal systems. The hybrid library supports classical cryptography alongside PQC, beneficial for OEMs who want to manage a smooth transition between classical methods and PQC.
What stands out for me is that semiconductor and system enterprises working in defense, space, automotive and avionics are already preparing for post-quantum-readiness. As are credit card companies (who face enormous liabilities if they are hacked), see an earlier post of mine. It’s looking like wait-and-see on post-quantum will be a difficult position to defend in markets and in boardrooms.
Very informative webinar. You can register to watch HERE.
Also Read:
Think Quantum Computing is Hype? Mastercard Begs to Disagree
Podcast EP304: PQC Standards One Year On: The Semiconductor Industry’s Next Move
Share this post via:
Comments
There are no comments yet.
You must register or log in to view/post comments.