First successful implementation on a commercially available contactless microcontroller
What is all the fuss about post-quantum cryptography on smart cards? Well, with vastly superior computing power, quantum computers have the potential to break the current encryption algorithms used to secure all smart cards and most other IT systems. That is why the IT sectors are – or at least should – be looking ahead and preparing for future innovations like quantum computing.
Infineon demonstrated a test case in which it supported an instance of next-generation, post-quantum cryptography (PQC) on smart cards. Accomplishing this on a commercially available contactless chip – the same used for electronic identity documents and cards – is important in that many expected it would take reengineered microcontrollers to support the memory capacity and data transfer requirements for such advanced cryptography.
Our challenges comprised the small chip size and limited memory capacity to store and execute such a complex algorithm as well as the transaction speed
Quantum computing uses “qubits” that can exist in any superposition beyond just the 0 and 1 bits used in conventional computing. This allows multiple calculations to be performed simultaneously, vastly upping computing speed and power. With operations that are thousands of times faster, quantum computers bring new capabilities for both good computing purposes but also for hacking and attacks against current encryption schemes.
Quantum computer attacks are not expected to become reality for a decade or two, but upon arrival they will threaten all current algorithms including RSA and ECC. If not protected, this would impact Internet standards such as Transport Layer Security (TLS), S/MIME or PGP/ GPG as well as smart cards, servers industrial control systems, online banking and more.
Security experts at Infineon made a breakthrough in this area by implementing a post-quantum key exchange scheme on the commercially available contactless smart card chip. Key exchange schemes are used to establish an encrypted channel between two parties.
“Our challenges comprised the small chip size and limited memory capacity to store and execute such a complex algorithm as well as the transaction speed,” says Thomas Pöppelmann from Infineon’s Chip Card & Security Division.
In a world of quantum computers, post-quantum cryptography should provide a level of security that is comparable with what RSA and ECC provide today in the current computing world. However, to withstand quantum calculation power, key lengths need to be longer than the usual 2048 bits of RSA or the 256 bits of ECC.
As always the key will be standardization. Standards bodies plan to release one or multiple PQC algorithms within the next few years to prepare for the inevitable arrival of quantum hacking. Infineon is actively participating in the development and standardization process in order to enable a smooth transition and to address security challenges that may arise.