Due to their computing power, quantum computers have the disruptive potential to break various currently used encryption algorithms. Infineon Technologies has successfully demonstrated the first post-quantum cryptography implementation on a commercially available contactless security chip, as used for electronic ID documents.
Quantum computer attacks on today’s cryptography are expected to become reality within the next 15 to 20 years. Once available, quantum computers could solve certain calculations much faster than today’s computers, threatening even best currently known security algorithms such as RSA and ECC.
Various internet standards like Transport Layer Security (TLS), S/MIME or PGP/ GPG use cryptography based on RSA or ECC to protect data communication with smart cards, computers, servers or industrial control systems. Online banking on “https” sites or “instant messaging” encryption on mobile phones are well-known examples.
Chip memory size and computation time are key
Infineon security experts and the Center of Excellence for contactless technologies in Graz, Austria, made a breakthrough in this field. They implemented a post-quantum key exchange scheme on a commercially available contactless smart card chip. Key exchange schemes are used to establish an encrypted channel between two parties.
The deployed algorithm is a variant of “New Hope”, a quantum-resistant cryptosystem also explored successfully by Google on a development version of the Chrome browser.
“The phantom of the quantum computer is keeping academia and the IT industry on high alert,” said Thomas Pöppelmann from Infineon’s Chip Card & Security Division, who has been co-developing the New Hope algorithm. “At Infineon, we are proud to be the first to transfer PQC onto contactless smart cards. Our challenges comprised the small chip size and limited memory capacity to store and execute such a complex algorithm as well as the transaction speed.” Thomas Pöppelmann and his co-researchers received the Facebook Internet Defense Prize 2016 for the development of New Hope.
In a world of quantum computers, post-quantum cryptography should provide a level of security that is comparable with what RSA and ECC provide today in the classical computing world. However, to withstand quantum calculation power, key lengths need to be longer than the usual 2048 bits of RSA or the 256 bits of ECC. Nevertheless, researchers were able to implement New Hope on a commercially available security chip without requiring additional memory space and hence a larger chip size.
Standardization bodies are expected to agree on one or multiple post-quantum cryptography algorithms within the next few years before governments and industries mandate the migration.