Competence Centre for Quantum Security

Quantum computing advancements pose a threat to today’s IT security as a whole. This is because the established cryptographic processes can be cracked by quantum computers. Fraunhofer Singapore and Fraunhofer AISEC are pooling its expertise in the future technology of post-quantum cryptography and quantum communciation via the Competence Center for Quantum Secuirty. Our goal as a neutral and manufacturer-independent center is to support companies and public research institutions in the switch to quantum-resistant cryptographic processes. To do so, we offer individual consultation and support for migrating to architecture with a quantum-secure design and transition to quantum readiness. Compatibility with existing solutions and cryptoagility play a key role in this. Other services offered by the competence center include quantum risk assessment, security analyses for quantum-safe implementations as well as an information portal for post-quantum cryptography. 

The ongoing development of quantum computers poses a threat to almost every cryptographic process currently implemented. Quantum algorithms, such as the »Shor algorithm« and variants thereof, have been used to crack frequently used public key processes that are based on factorization problems (like RSA encryption and signatures). This is also the case for processes based on difficult-to-calculate discrete logarithms (e.g., (EC)DSA signature processes, ElGamal encryption processes and Diffie-Hellmann key agreement protocols). Symmetrical processes are also affected by Grover’s algorithm. Here, however, bigger keys can be used to rebuild security — as opposed to public key processes.

It is becoming increasingly difficult to ensure that IT will remain secure in the long term. In Critical Infrastructures in particular, an orderly transition to quantum-resistant processes is key. However, simply replacing cryptographic processes is not necessarily possible due to the totally new algorithmic characteristics that quantum-safe approaches and processes have. For PQC, significantly longer keys and data packets for transfer, stateful protocols or substantial changes to time responses are particular technical challenges here.

Requirements for ensuing the longevity of hardware and software components include cryptoagility (i.e., the possibility to rapidly replace cryptographic processes); newly constructed, quantum-resistant implementations that are secure; and the construction of a publicly accessible pool of knowledge.

The Competence Center for Quantum Security offers companies and public research institutions individual and manufacturer-neutral support based on current research when they change over to quantum-resistant cryptography and protocols. Examples include migration of PQC processes, security analyses for quantum-safe implementations and an extensive information portal with proposals for a variety of target groups. 

Assistance with migration

For post-quantum migration, cryptographic processes must be replaced and adapted to a large extent. The common use of proprietary protocols (i.e., in industry) is hampering this process, in particular in terms of compatibility requirements and organizational framework conditions such as existing IT systems, which frequently lack cryptoagility. We take into account the initial position of each individual organization or public research institution to offer the following expertise: 

• Development and implementation of migration strategies for the integration of PQCs and QKD in organizational infrastructures and products in a way that is compatible with existing strategies and solutions
• Selection of appropriate quantum-safe technology and migration processes that are tailored to the individual needs of the customer (such as specific use cases, business processes or platforms)
• Development and implementation of architecture designs which are sustainable and quantum-secure, with »cryptoagility by design«
• Development of cross-application cryptoconcepts and security concepts for the secure performance, taking into account the system- and application-specific aspects of the target platform
• Assistance in securely implementing quantum-safe technology in hardware and software

Security analyses for PQC implementations  

The competence center conducts individual security analyses. This service covers software, protocols and hardware:

• Assessment of the security of software and hardware components in regard to implementing quantum-safe securely (e.g., review of implementations, execution of side channel and error attacks, firmware analyses)
• Analysis of the correct utilization of PQC cryptolibraries
• Evaluation of the QKD and PQC solutions that are available on the market 

Information portal 

The portal provides information that is relevant for Chief Information Security Officers (CISO) and those responsible for IT processes, as well as for strategic corporate development in the face of security threats posed by quantum computers. The information available can be downloaded free of charge. Specifically, the following services are provided by the information portal: 

• Information on quantum-resistant processes (i.e., security level, standardization status, efficiency on various platforms)
• Material on industry-specific quirks in the context of quantum-resistant processes
• Description of the scientific advancements in post-quantum cryptography including impact analysis
• Monitoring advancements in implementing post-quantum cryptography and quantum communiation in software and hardware products
• Security evaluation QKD network management and key management solutions
• Assessment of specific attacks on PQC implementations and illustration of countermeasures