Post-Quantum Cryptography: IT Security in the Era of Quantum Technology

Contact us

Protecting against quantum computer attacks with post-quantum cryptography

Quantum computers are far superior to conventional computers in specific tasks. Unfortunately, this also includes breaking cryptography. Therefore, as research into quantum computing progresses rapidly, the need for post-quantum security is becoming increasingly apparent.

In a world where quantum computers are becoming a reality, the risk of quantum computer attacks on traditional cryptographic mechanisms must be taken into account in order to ensure future-proof protection of information. We support you with various services in your transition to the post-quantum age.
 

  Resistant to quantum computers

With post-quantum cryptography, you ensure that your product is resistant to attacks with quantum computers - as well as classic attacks.
 

   Thinking about tomorrow today

Confidential information runs the risk of no longer being protected in the future. Post-quantum cryptography secures it at an early stage.
 

  One step ahead of regulations

Compliance with legal requirements, such as the EU GDPR, can require a rapid transition. By switching early, you are demonstrating foresight.
  

What is post-quantum cryptography?

Post-quantum cryptography (PQC) is a subfield of cryptography and refers to cryptographic methods on classical computers that are secure against both known quantum computer attacks and classical attacks. Therefore, no quantum computer is required to develop, implement or use PQC.

With the help of such quantum computer-resistant key exchange methods, which are based on complex mathematical operations, it is already possible today to guarantee the confidentiality and protection of information in the long term.

Post-Quantum Security Whitepaper

In our free whitepaper we

  • give an overview of how quantum computers will break today’s crypto, thus threatening all of today’s digital infrastructure,
  • show how PQC can effectively prevent this scenario using classical computers,
  • demonstrate why there is no time to waste and indeed the prerequisites to start the transition today are already there, and finally
  • consider implementation aspects and show that all know-how for secure implementation of classical cryptography will also be necessary for PQC.

Benefits of post-quantum cryptography

Resistance to quantum computers
Post-quantum algorithms are specifically designed to withstand all known attacks with quantum computers.
 

Long-term security
Post-quantum cryptography enables organizations to guarantee the long-term security of encrypted data.
 

Protection against data compromise
Post-quantum algorithms (already today) offer greater protection against data compromise.

 

Increased trust 
The implementation of post-quantum cryptography strengthens the trust of customers & business partners. 
 

Suitable for security-critical applications
Post-quantum cryptography offers a robust security solution, especially for security-critical applications.

 

Post-quantum cryptography: our services at a glance


Initial training & awareness workshops


Support for your secure product design


Support during your product development


Independent evaluation of your products


Certification of your products in various schemes


Support for migration to PQC in your security infrastructure

Current status of PQC standardization

Since 2016, the US National Institute of Standards and Technology (NIST) has been running a process to standardize quantum-resistant cryptographic algorithms for public keys.

The previous process consisted of three rounds of examination of the submitted PQC procedures. In the end, NIST announced its intention to standardize the following algorithms:
 

  • CRYSTALS-Kyber
  • CRYSTALS-Dilithium
  • Falcon
  • SPHINCS+


With FIPS 203, 204 and 205, NIST published three Federal Information Processing Standards (FIPS) for post-quantum cryptography on August 13, 2024, which are based on CRYSTALS-Kyber, CRYSTALS-Dilithium and SPHINCS+. These can be found on the NIST website. These can be found on the NIST website

In addition, three further key encapsulation mechanism algorithms will be examined in a fourth round
 

  • BIKE
  • Classic McEliece
  • HQC


Furthermore, a new call has been opened to investigate further post quantum secure signature methods as an alternative to FIPS 205. The aim of the NIST processes is to standardize a certain number of algorithms for the post-quantum era that are based on different mathematical problems

POST-QUANTUM CRYPTOGRAPHY

Particularly affected industries

Some industries will be particularly affected by the switch to post-quantum cryptography in the future. These include, among others


Transportation and traffic

Vehicles should receive a (post-quantum) secure firmware over-the-air update (FOTA). This is particularly important in the areas of V2X, V2I, V2V and V2N/V2G.


Internet-of-Things (IoT)

IoT devices - especially Industrial IoT (IIoT) devices - rely on hardware implementations of cryptographic algorithms. Access to IoT devices is usually easy and therefore side channels protection plays a crucial role.


Finance

Credit and debit cards and (mobile) payment applications in particular must be appropriately upgraded at an early stage and thus protected against attacks.


Energy

In the energy industry, charging solutions for battery electric vehicles (BEV) or smart meter gateways (SMGW), for example, are affected by a rapid changeover.


Telecommunications

For example, mobile network operators (MNOs) must be able to store their network access data securely on SIM cards and protect them against manipulation and theft.


Health

The pharmaceutical and healthcare industries are affected by a switch to post-quantum cryptography when it comes to implants with wireless interfaces, for example.

Frequently asked questions (FAQ):

What is a quantum computer?

A quantum computer is a new type of computer that is clearly superior to the classic PC in terms of some problems. Instead of bits, a quantum computer works with qubits.

Qubits are the quantum computer equivalent of the classical bit. A bit can only store information as either “0” or “1”, but a qubit can also be in an intermediate state.

Short glossary of the most important terms in the field of post-quantum cryptography
  • Asymmetric Cryptography: cryptography using two distinct keys, a private one (restricted to the key's owner) and an associated public key (known to everyone); each pair of public and private key can be used for an operation and its counterpart (e.g. encryption with public key, decryption with private key; signature generation with private key, signature validation with public key); can be used to communicate via untrusted channels without prior exchange of keys

  • Classical Cryptography: if used in context of post-quantum cryptography: mainly referring to asymmetric algorithms which are not secure against attacks with a quantum computer, e.g. RSA, ECC, DH, ECDSA

  • Key Exchange: computation of a shared secret by several parties in a protocol run; exchanged messages do not require confidentiality (but authenticity) to keep computed secret confidential

  • Post-Quantum Cryptography: cryptography, which can be used on classical computers and which is secure against both classical attacks as well as known attacks with quantum computer; uses different mathematical problems than classical cryptography; does not require a quantum computer

  • Superposition: property of quantum object to reside in a state between two basis states (e.g. 0 and 1); in contrast to common intuition, where objects are “either-or”: either here or there, either one or zero, etc.; in quantum physics (physics of small particles) this is not the case, but particles can be in an intermediate state

  • Symmetric Cryptography: cryptography using the same (pre-shared) key for an operation and its counterpart (e.g. encryption/decryption; creation/validation of a message authentication code); requires secure sharing of this key prior to first use

  • Quantum Computer: new kind of computing device highly superior to classical computers for specific tasks; instead of bits, quantum computers use qubits

  • Quantum Computing: computation using a quantum computer

  • Quantum Cryptography: cryptography using quantum physics with new hardware and new protocols

  • Entanglement: combination of several quantum objects acting as one entity; any change on one of these objects results in a simultaneous change of all entangled partners

  • Quantum Key Distribution: secure distribution of key material using quantum physical effects; currently still slow and with limited range between partners

  • Qubit: the quantum computer’s analogon to the classical bit; while a bit stores information as either a “0” or a “1”, a qubit can also reside in an intermediate state between 0 and 1

When will quantum computers be available?

There are different assumptions in research as to when the first commercial quantum computers will be available. Some experts assume that quantum computers could be able to break cryptographic procedures in the next 10 to 20 years. Others estimate that this could take longer.

Is the implementation of post-quantum cryptography already possible?

Yes, as post-quantum cryptography also works on conventional computers, no quantum computer is required to develop, implement or use PQC. Companies can therefore start the transition at an early stage.

Why we are a strong partner for you

Independence

Our employees are not subject to any conflicts of interest, as they are not committed to any product suppliers, system integrators, stakeholders, interest groups or government agencies.

Expertise

Our IT security experts have the appropriate qualifications to examine post-quantum hardware in our state-of-the-art hardware laboratory.

International network of experts

Around the globe: We support you both nationally and internationally. Our global network of experts is ready to help you in word and deed in all IT security issues.

Industry experience

Due to many years of experience in different branches of industry we can serve companies from a wide range of industries.

Tailor-made for you

We focus on individual services - and solutions - that optimally fit your current company situation and your set goals.

 

You have questions? We are pleased to help!

  

Eric Behrendt

+49 160 8880296
e.behrendt@tuvit.de