Fraunhofer Institute for Applied and Integrated Security 
Competence Center for Post-Quantum Cryptography
Competence Center for Post-Quantum Cryptography
Quantum computing advancements pose a threat to today’s IT security as a whole. This is because the established cryptographic processes can be cracked by quantum computers. Fraunhofer AISEC is pooling its expertise in the future technology of post-quantum cryptography (PQC) via the Competence Center for Post-Quantum Cryptography. Our goal as a neutral and manufacturer-independent center is to support companies and public research institutions in the switch to quantum-resistant cryptographic processes. To do so, we offer individual consultation and support for migrating to architecture with a quantum-secure design. Compatibility with existing solutions and cryptoagility play a key role in this. Other services offered by the competence center include security analyses for PQC implementations as well as an information portal for post-quantum cryptography.
Almost every single process implemented today will become insecure
The ongoing development of quantum computers poses a threat to almost every cryptographic process currently implemented. Quantum algorithms, such as the »Shor algorithm« and variants thereof, have been used to crack frequently used public key processes that are based on factorization problems (like RSA encryption and signatures). This is also the case for processes based on difficult-to-calculate discrete logarithms (e.g., (EC)DSA signature processes, ElGamal encryption processes and Diffie-Hellmann key agreement protocols). Symmetrical processes are also affected by Grover’s algorithm. Here, however, bigger keys can be used to rebuild security — as opposed to public key processes.
It is becoming increasingly difficult to ensure that IT will remain secure in the long term. In Critical Infrastructures in particular, an orderly transition to quantum-resistant processes is key. However, simply replacing cryptographic processes is not necessarily possible due to the totally new algorithmic characteristics that PQC processes have. Significantly longer keys and data packets for transfer, stateful protocols or substantial changes to time responses are particular technical challenges here.
A manufacturer-neutral portfolio based on current research
Requirements for ensuing the longevity of hardware and software components include cryptoagility (i.e., the possibility to rapidly replace cryptographic processes); newly constructed, quantum-resistant implementations that are secure; and the construction of a publicly accessible pool of knowledge.
The Competence Center for Post-Quantum Cryptography offers companies and public research institutions individual and manufacturer-neutral support based on current research when they change over to quantum-resistant cryptography and protocols. Examples include migration of PQC processes, security analyses for PQC implementations and an extensive information portal with proposals for a variety of target groups.
SERVICES
Assistance with migration
For post-quantum migration, cryptographic processes must be replaced and adapted to a large extent. The common use of proprietary protocols (i.e., in industry) is hampering this process, in particular in terms of compatibility requirements and organizational framework conditions such as existing IT systems, which frequently lack cryptoagility. We take into account the initial position of each individual organization or public research institution to offer the following expertise:
- Development and implementation of migration strategies for the integration of PQCs in organizational infrastructures and products in a way that is compatible with existing strategies and solutions
- Selection of appropriate PQC processes that are tailored to the individual needs of the customer (such as specific use cases, business processes or platforms)
- Development and implementation of architecture designs which are sustainable and quantum-secure, with »cryptoagility by design«
- Development of cross-application cryptoconcepts and security concepts for the secure performance of PQC, taking into account the system- and application-specific aspects of the target platform
- Assistance in securely implementing PQC algorithms in hardware and software
CONTACT: Daniel Loebenberger
Security analyses for PQC implementations
The competence center conducts individual security analyses. This service covers software, protocols and hardware:
- Assessment of the security of software and hardware components in regard to implementing PQC processes securely (e.g., review of implementations, execution of side channel and error attacks, firmware analyses)
- Analysis of the correct utilization of PQC cryptolibraries
- Evaluation of the PQC solutions that are available on the market
CONTACT: Matthias Hiller
Information portal
The portal provides information that is relevant for Chief Information Security Officers (CISO) and those responsible for IT processes, as well as for strategic corporate development in the face of security threats posed by quantum computers.
The pqdb website provides a unified overview of all post-quantum cryptography methods that have been part of the National Institute of Standards and Technology (NIST) selection process to date.
Additional information is available free of charge upon e-mail request. The following services are provided by the information portal:
- Information on quantum-resistant processes (i.e., security level, standardization status, efficiency on various platforms)
- Material on industry-specific quirks in the context of quantum-resistant processes
- Description of the scientific advancements in post-quantum cryptography including impact analysis
- Monitoring advancements in implementing post-quantum cryptography in cryptolibraries and software and hardware products
- Assessment of specific attacks on PQC implementations and illustration of countermeasures
CONTACT: Marian Margraf