Leading in post-quantum security

Infineon is a pioneer in the development and implementation of cryptographic mechanisms that can withstand the processing powers of quantum computers. By preparing for a smooth transition from currently used security protocols to post-quantum cryptography (PQC), Infineon enables robust and future-proof security solutions.

To tackle the massive quantum computing challenge, Infineon is working with customers, partners and the academic community on all facets of PQC. As a leading provider of security solutions, Infineon actively researches the efficient implementation of PQC algorithms and pushes for future standards that can be executed efficiently and securely on small and embedded devices.

As early as 2017, security experts at Infineon’s Munich headquarters and its Center of Excellence for Contactless Technologies in Graz, Austria, implemented a post-quantum key exchange scheme on a commercially available contactless smart card chip commonly used for electronic IDs. This achievement won two SESAMES Awards for post-quantum cryptography on a contactless security chip. Infineon researchers went on to demonstrate side-channel protection measures for lattice-based PQC along with various methods to accelerate PQC with existing cryptographic co-processors.

These groundbreaking developments put Infineon in a pioneering position for quantum-resistant encryption and authentication capabilities executed on security ICs.

Complementing its in-house testing and research activities Infineon is currently working with academic and startup partners to make quantum computers a reality through joint research on trapped ion quantum computing.

Read the press release here

Infineon and the BSI pave the way for a quantum-resilient future: World's first Common Criteria Certification for post-quantum cryptography algorithm on a security controller

Quantum computers – tomorrow’s reality

Due to their computing power, quantum computers have the disruptive potential to break various encryption algorithms currently used. Quantum computer attacks on today’s cryptography are expected to become reality within the next 10 to 20 years.

Once available, quantum computers can solve certain calculations much faster than today’s computers, threatening even today’s common security algorithms such as RSA and ECC. Various Internet standards like Transport Layer Security (TLS), S/MIME and PGP/ GPG use cryptography based on RSA and ECC to protect data communications between smart cards, computers, servers, and industrial control systems. Online banking on “https” sites and “instant messaging” encryption on mobile phones are well-known examples.

Learn more about tomorrow's reality

PQC standardization

In 2017, the US National Institute of Standards and Technology (NIST) started its post-quantum cryptography project and asked for submissions of post-quantum key exchange, public-key encryption, and signature schemes to a competition-like standardization effort. In 2022, the first algorithms chosen for standardization were announced, with finalized written standards expected to be published in 2024.

Infineon is actively participating in the development and standardization process in order to enable a smooth transition and to address security challenges that may arise in the advent of quantum computers. Infineon’s contributions span case studies, demonstrators, whitepapers, and two submissions to the NIST PQC standardization process.

Infineon security experts are members of the teams that submitted the stateless hash-based signature scheme SPHINCS+ and the NewHope key-exchange protocol. SPHINCS+ was recently chosen as one of the schemes to be standardized, not least due to the high level of trust in its security claims. Although NewHope was not selected by NIST, novel techniques introduced by NewHope have been adopted by other schemes.

Besides NIST, other standardization bodies are also focusing on PQC. For example, the European Telecommunications Standards Institute (ETSI) and the International Organization for Standardization (ISO) are now running study groups specifically focused on PQC.

Migration strategy to PQC: Crypto agility

The transition from today’s conventional algorithms to PQC will be gradual. The speed of migration depends not only on the availability of quantum computers, but also on the extent to which security is critical for the applications in question, the lifetime of devices in the field, and many other factors. Additionally, the set of PQC algorithms will change over time, reflecting the latest research insights. How can device vendors navigate all of these uncertainties?

The path to success lies in crypto agility; in other words, making sure that devices can evolve to support different crypto algorithms. Looking ahead, adaptability in this dynamic space hinges on the ability to add and exchange crypto algorithms and the corresponding protocols.

The underlying software update mechanisms must be properly safeguarded for crypto agility to work. Once again, Infineon has taken a first step towards providing the necessary safeguards by implementing future-proof, quantum-resistant software update mechanisms on its widely used Trust Platform Module (TPM): OPTIGA™ TPM SLB 9672.

Application examples of post-quantum cryptography

Identification (government) documents

Governmental applications are critical, especially due to the fact that identity theft or misuse can have major consequences. Government ID applications include travel documents (ePassport) and ID cards – often equipped with digital signature functionality.

ICT technology

ICT is one of the main applications where public-key/asymmetric cryptography is used, e.g. in order to secure protocols, secure storage, etc. ICT can be roughly clustered into communication technology, e.g. network equipment, and servers, e.g. running cloud services. ICT component suppliers will need to address the security related aspects tied to quantum computers and prepare upfront for a possible migration.

Automotive security

The increasing connectivity of cars via mobile networks enables a lot of new services and interactivity between car and end-user. Cryptography plays a major role in securing the cars against potential threats. Due to the comparable long lifetime of cars in the field, the automotive industry will need to consider the impact of quantum computing in the not too distant future.

The general impact on applications

The impact on cryptography will be dramatic: most public-key algorithms currently in use are expected to be broken easily by adequate quantum computers including RSA and ECC-based public-key cryptography algorithms. The most vulnerable applications concerning quantum-computer attacks are those where asymmetric cryptography is used:

Communication protocols: Authentication protocols verifying the authenticity via digital certificate provided through a PKI infrastructure. Various internet standards (e.g.Transport Layer Security (TLS), S/MIME, PGP, and GPG.)

Digital signatures: Digital signatures are increasingly replacing traditional, manual, signing of contracts. They protect signed contracts by veryfying every bit of the document against a digital signature. Public key, i.e. asymmetric, algorithms secure sign and/or verify data through digital signature algorithms.

Why to act now?

There are applications, for instance, energy infrastructure, space et al., where products' lifetime of 15-30 years is common. Thus, these applications and corresponding devices / infrastructure will be in use when quantum computers become a reality. Therefore, system designers must already think about migration from traditional asymmetric cryptography to PQC. This does not imply that PQC algorithms must mandatorily be implemented now, but rather a forward looking strategy must be in place.