In collaboration with the German Federal Office for Information Security (BSI), Infineon has achieved the world’s first Common Criteria EAL6 certification for implementing a post-quantum cryptography algorithm in a security controller, marking a pivotal moment in the transition to a quantum-resilient era.
This milestone underscores the urgent need to fortify digital infrastructure against the looming specter of quantum computer attacks, which are expected to compromise current cryptographic algorithms within the next two decades. It highlights Infineon’s commitment to providing future-proof security solutions that will underpin the trustworthiness of our increasingly interconnected world.
Introduction to Post-Quantum Cryptography
The advent of quantum computers poses a significant threat to current cryptographic algorithms, which are used to secure digital infrastructure. As quantum computers become more powerful, they will be able to break current encryption methods, compromising the security of our digital lives. To address this issue, researchers and companies are working on developing post-quantum cryptography (PQC) algorithms that can resist attacks from both classical and quantum computers. Infineon Technologies AG has recently achieved a milestone in this field by receiving the world’s first Common Criteria EAL6 certification for implementing a PQC algorithm in a security controller.
The need for PQC arises from the fact that current cryptographic algorithms, such as RSA and elliptic curve cryptography, are vulnerable to attacks by quantum computers. These algorithms rely on the difficulty of certain mathematical problems, such as factorization and discrete logarithms, which can be solved efficiently by quantum computers using Shor’s algorithm. In contrast, PQC algorithms are designed to be secure against both classical and quantum attacks, ensuring the long-term security of digital infrastructure. Infineon’s achievement demonstrates the company’s commitment to providing future-proof security solutions and highlights the importance of migrating to post-quantum cryptography.
The certification process involved evaluating Infineon’s secured implementation of a PQC algorithm, specifically the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM), on a TEGRION security controller. The ML-KEM algorithm is a type of post-quantum key encapsulation mechanism that combines the hardness of lattice problems with the algebraic structure of modules to provide secure key establishment and encapsulation. The certification was awarded by the German Federal Office for Information Security (BSI) under the Common Criteria scheme, which sets guidelines and criteria for the security of IT products and systems.
Post-Quantum Cryptography Algorithms
Post-quantum cryptography algorithms are designed to be secure against attacks from both classical and quantum computers. These algorithms can be categorized into several types, including lattice-based cryptography, code-based cryptography, and hash-based signatures. Lattice-based cryptography, such as the ML-KEM algorithm used by Infineon, relies on the hardness of problems related to lattices, which are high-dimensional geometric objects. Code-based cryptography, on the other hand, is based on the difficulty of decoding error-correcting codes.
The development of PQC algorithms is an active area of research, with many organizations and companies working on developing new algorithms and implementing them in various products and systems. The National Institute of Standards and Technology (NIST) has launched a standardization process for PQC algorithms, which aims to identify suitable algorithms for widespread use. Infineon’s certification demonstrates the company’s expertise in this field and highlights the importance of collaborating with industry partners to develop and implement secure PQC solutions.
The implementation of PQC algorithms on security controllers like Infineon’s TEGRION is crucial for ensuring the security of digital infrastructure. These controllers provide a robust foundation for post-quantum cryptography, combining high-performance processing with advanced cryptographic capabilities. The certification of Infineon’s TEGRION security controller demonstrates that the company’s products meet the highest standards of security and can be trusted to protect sensitive information in a post-quantum world.
Common Criteria Certification
The Common Criteria standard sets guidelines and criteria for the security of IT products and systems, providing a framework for evaluating the security of these products. The certification process involves evaluating the product or system against a set of security requirements, which are defined in a protection profile. The evaluation is carried out by an independent third-party laboratory, which assesses the product’s security features and ensures that they meet the required standards.
The Common Criteria scheme has several levels of assurance, ranging from EAL1 (basic assurance) to EAL7 (highest assurance). Infineon’s TEGRION security controller was certified at EAL6, which is a highly advanced level of assurance. This indicates that the product has undergone a comprehensive and rigorous evaluation to confirm its security claims. The certification process involved evaluating the product’s resistance to classic attacks, such as fault attacks, as well as quantum computer attacks.
The Common Criteria certification is recognized internationally, providing a widely accepted standard for the security of IT products and systems. This certification enables organizations to trust that Infineon’s TEGRION security controller meets the highest standards of security, ensuring the long-term protection of sensitive information in a post-quantum world. The certification also demonstrates Infineon’s commitment to providing secure products and solutions, highlighting the company’s expertise in the field of post-quantum cryptography.
Industry Implications and Future Developments
The certification of Infineon’s TEGRION security controller has significant implications for the industry, as it sets a new standard for the implementation of post-quantum cryptography. The widespread adoption of PQC algorithms will require collaboration between industry partners, governments, and research organizations to develop and implement secure solutions. Infineon’s achievement demonstrates the company’s leadership in this field and highlights the importance of investing in research and development to stay ahead of emerging threats.
As quantum computers become more powerful, post-quantum cryptography will become increasingly urgent. Organizations must begin to migrate to PQC algorithms to ensure the long-term security of their digital infrastructure. Infineon’s certification demonstrates that the company is committed to providing future-proof security solutions and is well-positioned to support organizations in this transition.
External Link: Click Here For More
