Research team develops hardware architecture for post-quantum cryptography

Integrating post-quantum security algorithms into hardware has long been considered a challenge. But a research team from TU Graz has now developed hardware for NIST’s post-quantum cryptography standards, with additional security measures for this purpose.

They are not yet a reality, but in the not-so-distant future, sophisticated and efficient quantum computers will be available. They will revolutionize areas such as artificial intelligence, financial modeling, drug development, weather forecasting and traffic optimization, but they also represent a significant cybersecurity risk.

A powerful quantum computer will break a subset of widely used cryptographic algorithms important to securing the digital world. This is why several quantum-secure algorithms, more commonly called “post-quantum cryptography” (PQC), are already under development. Their implementation in hardware, however, has proven difficult until now.

In the PQC-SRC project, a team led by Sujoy Sinha Roy from the Institute of Applied Information Processing (IAIK) and Communications at the Graz University of Technology (TU Graz) developed hardware for these algorithms PQC and implemented additional security measures. During the research, the team was also in contact with companies such as Intel and AMD.

The work is published in the journal IEEE Transactions on Computers.

Among algorithms, those based on computational problems involving mathematical network structures are particularly promising. Solving these computational problems is considered an infeasible task, even for quantum computers.

In the PQC standardization process, the American National Institute for Standards and Technology (NIST) selected one key encapsulation mechanism (KEM) algorithm, namely Kyber, and three digital signature algorithms, namely Dilithium, Falcon and SPHINCS+, which were partly developed at IAIK, for standardization.

KEM algorithms allow communicating parties to agree on the same encryption key securely, while digital signature algorithms allow the recipient to verify the authenticity of messages received.

Need for a secure and efficient design

Following the release of standardized PQC algorithms, organizations and industry are preparing for a transition to quantum-secure cryptography. All devices must move from classical KEM and signature algorithms to quantum-secure PQC algorithms. It becomes imperative that the newly standardized PQC algorithms are feasible across a wide range of electronic devices.

There is an urgent need for secure and efficient design and implementation methodologies to enable a smooth transition to quantum-secure cryptography. Researchers from the cryptographic engineering team, led by Sujoy Sinha Roy, have studied such methodologies, particularly targeting low-resource electronic devices. The PQC-SRC project resulted in the development of several new methodologies.

Development of a hardware coprocessor for a standardized PQC

One of the research results is the construction of a unified cryptographic coprocessor named KaLi, which supports the Kyber KEM and Dilithium digital signature algorithms. Such unified design is essential in real-world secure communication protocols, such as the widely used Transport Layer Security (TLS), in which KEM and signing operations are performed.

One of the main research challenges was how to make the unified design very compact. Newer PQC algorithms require much larger memory and processing units to store and process keys compared to current algorithms. If the design is not compact, many low-resource computers used in IOT and smart card applications will become unusable.

Another important aspect is the agility or flexibility of the architecture: minor changes to cryptographic algorithms due to potential future threats can be accommodated without replacing hardware resources.

Besides efficiency and compactness, the physical security of a cryptographic implementation is important. Although the mathematics behind a cryptographic algorithm can resist known mathematical attacks, the physics of a computing device can disclose sensitive information in the form of variations in heat, radiation, or power consumption.

An attacker can try to guess what is happening inside an electronic device using an antenna. Researchers have investigated techniques for making cryptographic implementations of emerging PQC algorithms resilient to such attacks. They invented a data randomization technique called “Kavach”.

The technique optimizes the computational overhead, by taking special properties of the numbers used in the polynomial operations of PQC algorithms. The results will help cryptographers build more user-friendly PQC KEM and signature algorithms for countermeasures against physics-based attacks.

An important step for businesses and organizations

“We have seen great progress in the field of quantum processors over the past five years,” says Sujoy Sinha Roy.

“When powerful quantum computers are fully developed, they will be able to break encryptions in seconds, something that would take conventional computers years. This would be dangerous for banking transactions, state defense systems and other things. This is often called the quantum apocalypse and we want to prevent it.

“As businesses and organizations prepare to transition to post-quantum cryptography, our research findings are an important step toward this transition.”