Fraunhofer Institute for Applied and Integrated Security
Fraunhofer Institute for Applied and Integrated Security

Competence Center for Post-Quantum Cryptography

Competence Center for Post-Quantum Cryptography

Quantum computing advancements pose a threat to today’s IT security as a whole. This is because the established cryptographic processes can be cracked by quantum computers. Fraunhofer AISEC is pooling its expertise in the future technology of post-quantum cryptography (PQC) via the Competence Center for Post-Quantum Cryptography. Our goal as a neutral and manufacturer-independent center is to support companies and public research institutions in the switch to quantum-resistant cryptographic processes. To do so, we offer individual consultation and support for migrating to architecture with a quantum-secure design. Compatibility with existing solutions and cryptoagility play a key role in this. Other services offered by the competence center include security analyses for PQC implementations as well as an information portal for post-quantum cryptography. 

Almost every single process implemented today will become insecure

The ongoing development of quantum computers poses a threat to almost every cryptographic process currently implemented. Quantum algorithms, such as the »Shor algorithm« and variants thereof, have been used to crack frequently used public key processes that are based on factorization problems (like RSA encryption and signatures). This is also the case for processes based on difficult-to-calculate discrete logarithms (e.g., (EC)DSA signature processes, ElGamal encryption processes and Diffie-Hellmann key agreement protocols). Symmetrical processes are also affected by Grover’s algorithm. Here, however, bigger keys can be used to rebuild security — as opposed to public key processes.

It is becoming increasingly difficult to ensure that IT will remain secure in the long term. In Critical Infrastructures in particular, an orderly transition to quantum-resistant processes is key. However, simply replacing cryptographic processes is not necessarily possible due to the totally new algorithmic characteristics that PQC processes have. Significantly longer keys and data packets for transfer, stateful protocols or substantial changes to time responses are particular technical challenges here.

A manufacturer-neutral portfolio based on current research  

Requirements for ensuing the longevity of hardware and software components include cryptoagility (i.e., the possibility to rapidly replace cryptographic processes); newly constructed, quantum-resistant implementations that are secure; and the construction of a publicly accessible pool of knowledge.

The Competence Center for Post-Quantum Cryptography offers companies and public research institutions individual and manufacturer-neutral support based on current research when they change over to quantum-resistant cryptography and protocols. Examples include migration of PQC processes, security analyses for PQC implementations and an extensive information portal with proposals for a variety of target groups. 

SERVICES

Assistance with migration

For post-quantum migration, cryptographic processes must be replaced and adapted to a large extent. The common use of proprietary protocols (i.e., in industry) is hampering this process, in particular in terms of compatibility requirements and organizational framework conditions such as existing IT systems, which frequently lack cryptoagility. We take into account the initial position of each individual organization or public research institution to offer the following expertise: 

  • Development and implementation of migration strategies for the integration of PQCs in organizational infrastructures and products in a way that is compatible with existing strategies and solutions
  • Selection of appropriate PQC processes that are tailored to the individual needs of the customer (such as specific use cases, business processes or platforms)
  • Development and implementation of architecture designs which are sustainable and quantum-secure, with »cryptoagility by design«
  • Development of cross-application cryptoconcepts and security concepts for the secure performance of PQC, taking into account the system- and application-specific aspects of the target platform
  • Assistance in securely implementing PQC algorithms in hardware and software

CONTACT: Daniel Loebenberger

 

Security analyses for PQC implementations  

The competence center conducts individual security analyses. This service covers software, protocols and hardware:

  • Assessment of the security of software and hardware components in regard to implementing PQC processes securely (e.g., review of implementations, execution of side channel and error attacks, firmware analyses)
  • Analysis of the correct utilization of PQC cryptolibraries
  • Evaluation of the PQC solutions that are available on the market 

CONTACT: Matthias Hiller

 

Information portal 

The portal provides information that is relevant for Chief Information Security Officers (CISO) and those responsible for IT processes, as well as for strategic corporate development in the face of security threats posed by quantum computers.

The pqdb website provides a unified overview of all post-quantum cryptography methods that have been part of the National Institute of Standards and Technology (NIST) selection process to date. 

Additional information is available free of charge upon e-mail request. The following services are provided by the information portal: 

  • Information on quantum-resistant processes (i.e., security level, standardization status, efficiency on various platforms)
  • Material on industry-specific quirks in the context of quantum-resistant processes
  • Description of the scientific advancements in post-quantum cryptography including impact analysis
  • Monitoring advancements in implementing post-quantum cryptography in cryptolibraries and software and hardware products
  • Assessment of specific attacks on PQC implementations and illustration of countermeasures  

CONTACT: Marian Margraf

RESEARCH PROJECTS

Companies profit in the long-term from the well-founded knowledge and practical experience that our scientists possess in the field of post-quantum cryptography. As such, competence center stakeholders are involved in four of the research projects on post-quantum cryptography that are funded by the German Federal Ministry of Education and Research (BMBF). These projects are investigating whether and how quantum-resistant processes can be implemented in a variety of application scenarios.

 

KBLS

In the »BOTAN cryptographic library: long-lasting security for IT applications and services (KBLS)« project, Fraunhofer AISEC is coordinating the development and implementation of reliable, user-friendly cryptographic processes, which also cannot be cracked by quantum computers. 

 

QuaSiModO

The objective of the QuaSiModO (Quantum-Secure VPN Modules and Operation Modes) project is to develop — taking into account current international research — quantum-secure virtual private networks (VPNs) at layers 2 and 3 of the TCP/IP reference model and to advance the standardization of the network protocols required on an international scale.

 

FLOQI

The objective of the full-lifecycle post-quantum PKI (FLOQI) project is to develop a PKI that is resistant to quantum computers. This needs to be compatible with current cryptographic processes. To this end, post-quantum processes are implemented on a variety of platforms, as well as being tested in three demonstrators.

 

Aquorypt

This research project is investigating the application and practical implementation of cryptographic processes that are resistant to quantum computers.

COMMUNITY

The Competence Center Post-Quantum Cryptography is connected with numerous partners. We would like to continuously expand this network and welcome collaborative requests from partners who would like to join us in bringing the latest scientific findings into real world applications. 

Keep in touch with us!

* Required

Consent to data protection notice