Page 58 - EE Times Europe Magazine

Page 58 - EE Times Europe Magazine – November 2023

P. 58

58 EE|Times EUROPE

THE INDUSTRY
U.K. Conference Accelerates Post-Quantum

Cryptography Standards Review Process

By Robert Huntley
Global crypto experts gathered in Oxford to put NIST’s DRAFT STANDARDS EIGHT YEARS

draft standards under the microscope. IN THE MAKING
PQShield (Oxford, U.K.) has played a crucial
ndustry readiness for post-quantum cryptography (PQC) took an important role in proposing and collaborating with NIST
on post-quantum cryptography standards. As
step forward in late summer when the U.S. National Institute of Standards company CEO Ali El Kaafarani recalled, “In
and Technology (NIST) published three quantum-safe draft standards for 2015, I was hired by the University of Oxford to
Ipublic review. The University of Oxford’s Mathematical Institute recently lead the post-quantum cryptography proj-
ect. That was when it all started, and it was
hosted the second Oxford Post Quantum Cryptography Summit to review and the same year that the NSA announced an
provide timely feedback on the published draft standards. international collaborative project to develop
quantum-safe security algorithms. We quickly
EE Times Europe spoke with three figured out with the stakeholders that this is
post-quantum cryptography experts at the not something that you can solve in an aca-
conference to gain insight into the new demic environment. It requires an industrial
standards and their potential impact on the setting, because it’s related to standards,
development of embedded systems. implementations, software, hardware and pro-
NIST’s draft standards, covering tocols. Mathematics is only one piece of that.
quantum-secure public key encryption and “The vision for PQShield is to have a safer
digital signature algorithms, are FIPS 203 world to live in, where everybody knows that
(Module-Lattice-Based Key-Encapsulation every line of code they’re writing and math
Mechanism Standard), FIPS 204 (Module- problem they’re solving has one purpose: to
Lattice-Based Digital Signature Standard) and keep us all one step ahead of attackers,” El
FIPS 205 (Stateless Hash-Based Digital Max Planck Institute for Security and Kaafarani added. “Perfect security does not
Signature Standard). More than 100 people Privacy’s Peter Schwabe exist, and every generation, every few years,
from the international cryptographic commu- a new tool will become available to attackers
nity, representing the foremost post-quantum post-quantum cryptography, of which there are that they will use and leverage to break our
cryptography experts from universities, two main parts: One is on protocol integration cybersecurity methods.”
technology organizations and governments and the other on achieving an efficient and While the challenge for the next 10 years
worldwide, attended the Oxford conference. secure implementation on microcontrollers.” is quantum computing, he said, it could well
Through a series of conference streams and Schwabe cited a project he’d been involved be something else in another 10 years. “It
workshops, delegates looked closely at the with before the draft PQC standards were is quantum computing when it comes to
proposed standards with the aim of acceler- announced. “We started on PQM4, which the underlying mathematics of the security
ating the standardization process through a presented a testing and benchmarking frame- algorithms, but it’s not quantum computing
collaborative technical review. work for the Arm Cortex-M4 using some of when it comes to side-channel resistance, for
the initial post-quantum encapsulation and instance.”
ADOPTING ARM CORTEX-M4 AS A PQC signature schemes,” he said. “The idea was to
REFERENCE PLATFORM get the algorithms working on the
While much work has gone into offering up Cortex-M4 platform so we could optimize
post-quantum algorithm candidates and the them and benchmark them in terms of speed
four selection rounds, embedded developers and memory consumption. I believe that with
may wonder whether the proposed options this project, we had a bit of influence on the
will be suitable for running on resource- NIST PQC standardization process since NIST
constrained microcontrollers. also decided to make the Cortex-M4 a refer-
Peter Schwabe, research group leader of the ence platform for implementations. Clearly,
Max Planck Institute for Security and Privacy the algorithms are somewhat bigger than [the
(Bochum, Germany), addressed this issue when current] elliptic-curve cryptography [ECC]
speaking with EE Times Europe about his work methods, but it’s not that much slower.”
on recent post-quantum security initiatives. Schwabe said that the computational speed
“I’ve been involved in the PQC process as a depends on which platform you are looking PQShield’s Ali El Kaafarani
co-author of seven proposals, and of the four at, but the new lattice-based cryptographic
algorithms that have now been selected for standards, such as Kyber, are about as fast as KEEPING A WATCH ON AI, MACHINE
standardization, I’m a co-author of three,” ECC and are not going to be a concern speed- LEARNING
Schwabe said. “I’ve also been conducting wise as long as they’re in the ballpark. “If your EE Times Europe asked El Kaafarani if there
research within a project funded by the EU design can afford ECC, then you can afford was anything on the far horizon that could
called EPOQUE, which stands for engineering Kyber,” he said. require replacing post-quantum cryptography

NOVEMBER 2023 | www.eetimes.eu

53 54 55 56 57 58 59 60 61 62 63