Industry Expert Blogs
Overcoming Challenges in the Integration of Post-Quantum Cryptography- Secure-ICSep 19, 2024 |
The transition to post-quantum cryptography (PQC) represents a major challenge for the industry, both in terms of performance and security. As quantum threats become increasingly imminent, companies must navigate a complex landscape of technical constraints and security risks to effectively integrate these new technologies.
Performance challenges
One of the main challenges in implementing PQC lies in performance. Embedded systems face significant constraints in terms of computing power, energy and memory. These environments introduce limitations that make it difficult to integrate PQC without compromising operational efficiency.
Adding countermeasures to protect against physical attacks also imposes an additional cost in terms of performance. The challenge is therefore to balance cryptographic robustness with performance efficiency, a particularly delicate balance to achieve in embedded systems.
Secure-IC, a leader in this field, has met this challenge by designing architectures that manage the impact on power, performance and silicon area (PPA). Integrating PQC with conventional cryptography in shared engines, such as Secure-IC's Securyzr™ cryptographic coprocessors, accommodates multiple PQC algorithms, such as Kyber and Dilithium, while optimizing the use of memory resources.
Security challenges
Although PQC schemes are cryptanalytically robust, they introduce new security challenges, including susceptibility to side channel and fault injection attacks. To ensure secure implementation, multiple countermeasures need to be integrated, requiring specialized expertise to minimize leakage while optimizing performance.
The hybridization of PQC algorithms with classical cryptography is another major challenge. This hybridization aims to combine cryptographic schemes to guarantee robust security against both classical and quantum attacks. For example, for key encapsulation mechanisms (KEMs), secure combination methods use key derivation functions (KDFs) with parallel or cascaded combiners. However, this approach requires meticulous design and implementation to ensure robust security in the transition to PQC.
Secure-IC has developed specific implementations to meet the security challenges posed by PQC. The company adopts a strategic partition between hardware and software to optimize the performance of the most intensive parts of the algorithms while ensuring consistent execution. In addition, flexible software libraries offer crypto agility in terms of modes, key sizes, and countermeasures.
New challenges for cryptographic primitives
The adoption of new cryptographic primitives, particularly those based on lattice networks, presents formidable challenges. These include:
- Lack of Familiarity: New primitives, such as Gaussian sampling, may be unfamiliar to developers, complicating their implementation.
- Performance issues: Some PQC primitives entail higher computational costs, requiring a more powerful computing infrastructure.
- Patent issues: Patented PQC primitives can hinder commercial adoption without appropriate licenses or alternative solutions.
- Interoperability: Ensuring compatibility with existing cryptographic protocols is crucial for smooth integration and transition.
- Complexity: The complexities of new PQC primitives introduce new vulnerabilities and implementation difficulties
The Complexity of Certifications
For industries such as aerospace and automotive, obtaining certifications is essential but arduous. The certification process is rigorous, time-consuming and costly, requiring compliance with strict specifications that vary from region to region. Moreover certifications schemes also vary across regions, necessitating compliance with multiple standards such as CC, FIPS (USA), EN ETSI 303 645 (Europe), OSCCA (China) to access diverse markets, further complicating the certifi cation landscape and extending the time-to-market. This complexity makes access more challenging to international markets and prolongs time-to-market. Secure-IC is well-prepared to offer a complete range of certification-ready PQC solutions, including tools and methods to simplify this process. For FIPS/CAVP, Secure-IC provides self-tests and keypair consistency checks. Under the Common Criteria, Secure-IC ensures resistance against leakage. Additionally, Secure-IC adheres to the Protection Profi le (PP) from NIAP. Their comprehensive approach, in line with the most demanding protection profiles, significantly reduces the certification burden, speeding up the market entry of PQC-compliant products.
Conclusion
The transition to Post-Quantum Cryptography is a multidimensional challenge requiring a balanced approach between performance, security and compliance. With innovative solutions like those offered by Secure-IC, companies can overcome these challenges and prepare effectively for the quantum era. PQC is no longer an option, but an imminent necessity to ensure the security of cryptographic infrastructures in the face of future threats.