MENU

Post-Quantum Cryptography: IT Security in the Era of Quantum Technology

  1. Innovations
  2. Post-Quantum Cryptography

Quantum computers threaten today’s cryptography – Post-quantum cryptography (PQC) comes to its rescue

A quantum computer is a new kind of computing device highly superior to classical computers for specific tasks. Unfortunately, breaking cryptography is one of them. With the rapidly ongoing research in quantum computing, the need for post-quantum security is emerging. In a world where quantum computing is no longer a mere theory but becoming a reality, the danger of quantum attacks on classical cryptographic mechanisms needs to be taken into account, to ensure a future-proof protection of information assets.

This necessity will soon lead to a significant market for post-quantum secure products. Product manufacturers, irrespective of whether they develop a small post-quantum crypto co-processor or a full-fledged, post-quantum security gateway, need to get ready now.

With first PQC algorithms already standardized and more to follow, the good news is that developers can start now.

of today’s public key crypto will be broken by a large quantum computer.

7

NIST PQC 3rd round finalists.

2022

the first draft standards will be available!

Post-quantum cryptography does not require quantum computers but protects against attacks with quantum computers

Today’s cryptography uses two major schemes: symmetric schemes, where sender and recipient share the same key, and asymmetric, or public key schemes, where sender and recipient use different keys – a public key and a private key.

As symmetric schemes require the prior secure exchange of keys, public key schemes are the backbone of today’s digital world. Unfortunately, a quantum computer breaks today’s most widely deployed public key algorithms entirely and irreversibly and hence threatens all of today’s digital infrastructure security!

Post-Quantum Cryptography (PQC) is cryptography running on classical computers, which is secure against quantum computer attacks and classical attacks alike. Thus, no quantum computer is required to develop, implement or use PQC.
  

Information is already at risk today

There is no time to waste – sufficiently powerful quantum computers will become a reality rather sooner than later and the world needs to be ready by then. All confidential information today, which is transmitted via the Internet or stored in the Cloud, is in danger of being revealed in the future.

Replacing today’s cryptography with Post-Quantum cryptography is not a plug and play scenario but will take a lot of time – in particular for security hardware in long-living products like cars, medical devices, industrial production lines etc.

Compliance with legislation might require a fast transition. The European General Data Protection Regulation (GDPR) explicitly names cryptography as a means to protect personal data. Together with the requirement to take the state of the art into account, this leads to the conclusion that PQC must be considered for the protection of personal data.

Fortunately, the transition to PQC can start today

There are several well-studied post-quantum algorithms available. Standardization for these algorithms is ongoing and first recommendations are already published.

Even if no use-case specific recommendation is (yet) available, hybrid schemes can help to accelerate the transition: By using a combination of a pre-quantum algorithm and a post-quantum algorithm, companies can implement the new algorithms without adding any additional risks.  

Cryptographic security does not merely require a secure algorithm design but a secure implementation is equally important. History shows a variety of attacks on implementations of cryptographic algorithms, with side-channel attacks and fault-injection attacks being most difficult to mitigate. The experience with classical cryptography implementations will help to also securely implement PQC.


You can find detailed information on these topics in our comprehensive Post-Quantum Security Whitepaper.  
  

Our post-quantum service portfolio

With our long-standing experience in IT security we support you in your transition to the post-quantum era. Our service portfolio includes a broad spectrum of services ranging from introductory workshops to post-quantum readiness analyses. Moreover, our experienced security experts in our state-of-the art hardware laboratory can also test your post-quantum hardware for secure implementation. See below for an extract of our services.

Initial training & awareness workshops

Support for your secure product design

Support during your product development

Independent evaluation of your products

Certification of your products in various schemes

Support for migration to PQC in your security infrastructure


There is no time to waste – sufficiently powerful quantum computers will become a reality rather sooner than later and the world needs to be ready by then.

- Dirk Kretzschmar, Managing Director at TÜV Informationstechnik GmbH

  


Industries that will be particularly affected in the future by switching to post-quantum cryptography:

Not only the security industry but also the following industries will be particularly impacted by the necessity to switch to post-quantum security.
 

Automotive industry

The automotive industry is affected with their long-lived products, which for sure will still be around when quantum computers are a reality. Here, topics include a (post-quantum) secure Firmware Over-The-Air Update (FOTA) and of course Vehicle-To-Everything (V2X), Vehicle-To-Infrastructure (V2I), Vehicle-To-Vehicle (V2V), Vehicle-To-Network/Grid (V2N/V2G) and alike.

Suppliers of IoT devices

Suppliers of Internet-of-Things (IoT) devices – in particular Industrial IoT (IIoT) – are affected, as these low-resource devices need to rely on hardware implementations of cryptographic algorithms, which are difficult to replace.

Banking industry

The banking industry is affected with their credit and debit cards as well as (mobile) payment applications.

Energy industry

The energy industry is affected, e.g., with charging solutions for Battery Electric Vehicles (BEV) or Smart Meter Gateways (SMGW).

Telecommunication industry

The telecommunication industry is affected, e.g., with Mobile Network Operators (MNO) who need to be able to securely store their network access credentials on SIM cards.

Pharma and healthcare industry

The pharma and healthcare industry is affected, e.g., when considering implants with wireless interfaces.

Would you like to dive even deeper into the matter and get more detailed information? Then we recommend our whitepaper on the subject of post-quantum security.
 

Download: Post-Quantum Security Whitepaper

In our free whitepaper we

  • give an overview of how quantum computers will break today’s crypto, thus threatening all of today’s digital infrastructure,
  • show how Post-Quantum Cryptography (PQC) can effectively prevent this scenario using classical computers,
  • demonstrate why there is no time to waste and indeed the prerequisites to start the transition today are already there, and finally
  • consider implementation aspects and show that all know-how for secure implementation of classical cryptography will also be necessary for PQC.