Page 11 - 23_EETE

Page 11 - 23_EETE_03

P. 11

EE|Times EUROPE 11

EMBEDDED WORLD 2023: SECURITY FOCUS
Post-Quantum Cryptography: Are You Ready?

By Robert Huntley

he Quantum Computing Cybersecurity Preparedness Act was signed attacks. “There’s no question that for really
into U.S. law on Dec. 22, 2022, marking a crucial step in U.S. cyber- critical information, adversaries are capturing
security legislation that commenced in 2016. Back then, the U.S. it. If they can decrypt it a decade from now,
T National Institute of Standards and Technology (NIST) issued a call that could be extremely damaging. In the
U.S., for example, the U.S. National Security
for proposals of post-quantum cryptographic algorithms that could resist Agency has recommended all digital signing
attempts by quantum computers to compromise them. Now, eight years and be updated to quantum-safe by 2025, so we’ve
four selection rounds later, NIST has announced its choice of quantum- got pressure from government regulations to
adopt it more quickly.”
resistant algorithms for public key encryption (CRYSTALS-KYBER) and digital Shahram Mossayebi, co-founder and CEO
signatures (CRYSTALS-DILITHIUM and SPHINCS+). The finalized standards will of Crypto Quantique, told EE Times Europe
that the science of cryptographic standards
be published in 2024, but that doesn’t mean the semiconductor industry and its is built on complex mathematical problems
customers should wait until then. that cannot be solved efficiently and within
a reasonable time. How-
The threat that quantum computers pose a worldwide standard,” said ever, “while we build and
to classical security methods like RSA and Joppe Bos, senior princi- use these cryptographic
ECC has been growing steadily. It is widely pal cryptographer at NXP algorithms, it never rules
recognized that once commercially available Semiconductors’ Competence out that someone, at some
quantum computers have sufficient com- Center for Cryptography and point, might come up with
putation resources, current “hard problem” Security in Belgium and a a genius idea and be able to
asymmetrical cryptographic techniques member of the NIST-selected break the algorithm,” he said.
will not be adequate. There is no precise CRYSTALS-KYBER algorithm “So whether we worry about
estimate of when large-scale quantum com- team. “However, we already quantum computers or not,
puters will become a reality. However, most see in Europe that certain from a cryptography point
experts suggest it is within the next decade government agencies—for of view, there is an element
and advise that whenever it might happen, example, Germany’s Federal that breaking the algorithm
being prepared is the best policy. National Office for Information is always possible.”
cybersecurity organizations across Europe Security [BSI] and the For most commercial orga-
are already publishing frameworks and National PQShield’s Alan Grau nizations, there is no hard
checklists for companies and government Cybersecurity Agency of and fast timeline to follow.
agencies, with an emphasis on reviewing France [ANSSI]—are saying they will support That said, the need to continually evaluate
and equipping their security infrastructures the selected schemes but might extend the the risks from any adversaries, whether
ahead of time. list to standardized algorithms by certain quantum-based or not, is omnipresent,
other algorithms.” something the embedded community has
NIST ALGORITHMS BECOME GLOBAL adopted since disparate systems connected
STANDARDS THE COUNTDOWN TO QUANTUM- to the internet. Regulatory compliance
Although NIST is setting the U.S. policy on RESISTANT COMPUTING against national, regional and market-specific
quantum-safe computing, its actions are Many in security have set the end of this security standards will significantly influence
of worldwide concern. Global adoption of decade as the notional timeline for imple- the timeline that is right for your company.
cybersecurity standards is menting post-quantum Mossayebi cited the ETSI Quantum-Safe
crucial for interoperability, cryptography (PQC). “It takes Cryptography specifications and the EU’s
with other regions of the a long time to roll [PQC] Cybersecurity and Cyber Resilience Acts as
world following the U.S., through infrastructure,” said factors that will heavily drive customer adop-
just as we have done for RSA Alan Grau, sales and market- tion of post-quantum security.
and ECC. That’s not to say ing director of PQShield. “In
Europe hasn’t been involved the telecom world, for exam- CHALLENGES FOR THE SEMICONDUCTOR
in the submission process. ple, the scope of the problem, INDUSTRY
Most submissions are from from end-to-end consumer Microcontroller (MCU), SoC and other
global teams, with European devices, the infrastructure, processor vendors face many challenges
cryptographic experts well public key systems and hard- incorporating quantum-resistant cryp-
represented. But will ware security modules—it’s tographic functions inside their products.
European countries continue a massive undertaking to Thankfully, and perhaps most importantly,
to adopt the NIST selections, update all that. It will take a the market leaders tasked their engineering
or might there be decade or more.” teams to investigate the potential problems
country-specific differences? Grau also noted the well ahead of any selected algorithms and to
“Everybody will follow this NXP Semiconductors’ concerns over harvesting anticipate customer requirements.
[NIST] standard, so it will be Joppe Bos now and decrypting later The longer key and signature lengths and

www.eetimes.eu | MARCH 2023

6 7 8 9 10 11 12 13 14 15 16