Hardware-based security for high-level protection.

Post-quantum cryptography

"Systems designed today should have the ability to support PQC in the future."

Post-quantum cryptography.

Quantum computing – an opportunity and a threat

Quantum computing is revolutionising the way we look at computing and security, by taking advantage of quantum pheonomena such as superposition, interference, and entanglement. Quantum computers will be able to solve certain types of computational problems (e.g. integer factorization and discrete logarithms) orders of magnitude faster than current traditional computing architectures, leading to potential breakthroughs in fields such as weather forecasting, drug development, and other optimisation problems. This also poses a considerable threat to data and communications security based on cryptographical algorithms, which were still recently considered to be secure into the distant future.

Shor’s algorithm, as introduced by Peter Shor in 1994, will be able to eventually break the RSA algorithm and Elliptic Curve Cryptography (ECC), when cryptographically relevant quantum computers are available. Practically all of today’s Internet security is based on RSA and ECC. Most symmetric ciphers and hash algorithms are, however, considered to be relatively secure against quantum computing, as doubling the key length is still an effective defense for these.

Even though quantum computers are not yet able to break secure systems and algorithms with longer key lengths, they have taken big leaps during the past decades and continue doing so. Although there should be plenty of time left before the first cryptographically relevant quantum computers become available, it is entirely possible that nation state actors are currently capturing and storing targeted network traffic, to be decrypted in the near future, when enabled by advances in quantum computing capacity. We must therefore prepare for the future already today, through adaptability and upgradeability of products and industrial infrastructures.

Introducing post-quantum cryptography

Advances in quantum computing are also driving the development and standardisation of advanced cryptographic algorithms that withstand attacks by quantum computing platforms. These Post-Quantum Cryptographic (PQC) algorithms are implemented on classical, non-quantum computing platforms for higher security level against quantum computer threats. Currently proposed PQC algorithms are based on six different approaches: lattice-based, multivariate, hash-based, code-based, supersingular elliptic curve isogeny, and symmetric key quantum resistance. A common characteristic of many of these is longer key lengths compared to traditional public key algorithms, which can lead to tradeoffs in performance or ciphertext or signature size. More information on alternate approaches to PQC can be found here.

NIST PQC standardisation process

NIST schedule.

The US National Institute of Standards and Technologies (NIST) announced a competition-like process of PQC standardisation to foster the development of PQC algorithms in 2016. The aim is to standardise PQC algorithms in two categories: Key-Encapsulation Mechanisms (KEMs) and digital signature algorithms. A significant milestone was achieved on the 5th of July 2022, when NIST announced the third-round winners of the PQC standardization process. These four winners are CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon, and SPHINCS+, of which CRYSTALS-Kyber is an algorithm for KEM and the rest fall under the digital signature category. The first PQC standard from NIST will be based on these algorithms.

The standardisation process is now moving to the fourth phase, where the four winner algorithms of the third round will be properly standardised. A further four candidates for Key-Encapsulation Mechanism have also been introduced for the fourth round: BIKE, Classic McEliece, HQC, and SIKE. It is expected that either BIKE or HQC will be selected for standardization, due to the large key size required by Classic McEliece, and SIKE having been broken soon after the fourth round candidate announcement.

Xiphera's upcoming PQC product family

Xiphera follows actively the change that quantum computing and PQC bring to the field of information security. We update and develop our product portfolio with every development in the industry, to be able to offer our customers state-of-the-art security and fast-to-market introduction of the latest security standards.

Xiphera’s PQC product family will be based on the NIST PQC standardisation process winner algorithms. The first announcement in our PQC product line is scheduled for 2022. Xiphera’s upcoming PQC IP cores, complemented with our existing solutions for traditional public-key cryptography, enable our customers to build future-proof hardware security solutions.

Future-proof security with hybrid cryptography

Current public-key cryptography still continues to play a role in future security solutions, despite the weaknesses described earlier. Post-quantum cryptography is a relatively new field, and the algorithms still under scrutiny do not have the same mileage as the current standards, as demonstrated by the weaknesses discovered in NIST finalist Rainbow and third-round candidate SIKE. This has led to several entities to recommend a hybrid cryptography approach. The National Cybersecurity Agency of France, ANSSI, has recommended to use a combination of pre-quantum and post-quantum algorithms at least until 2030, in case a relatively new post-quantum algorithm is found to be compromised. Read our blog post about hybrid models here.

Crypto-agility, the ability to rapidly adapt new cryptographic algorithms without disruptive changes to system infrastructure, can be achieved in hardware-based security solutions by utilizing FPGA circuits. The ability to upgrade the contents, and cryptographic implementations, on FPGA circuits enables a longer lifetime for security hardware deployed in the field – while retaining the performance, security, and power-consumption benefits of hardware-based systems.

We encourage you to be in touch with us at Xiphera info email address to discuss how PQC is relevant to your business, and how our dedicated team of hardware cryptography specialists can help you to future-proof the security of your products and solutions.

Related materials