First trusted module with post quantum firmware update
Infineon Technologies has launched the world’s first trusted module with updateable encryption that is secure against quantum computers.
Quantum computing is expected to have a significant impact on cybersecurity, specifically on the confidentiality of encrypted data and on the integrity of digital signatures. One of the concerns is today’s secure communications could be stored and cracked with more powerful quantum computers in the future.
The Optiga TPM (Trusted Platform Module) SLB 9672 is the first with a post-quantum cryptography (PQC) protected firmware update mechanism using XMSS (eXtended Merkel Signature Scheme) signatures which are hash-based and similar to blockchain systems. The TPM can still be updated if the standard algorithms are no longer trusted and the design is engineered for improved computing performance with fail-safe features that counteract the effects of corrupted firmware.
Europe leads on post-quantum encryption technology
ETSI guidance for a quantum-safe world
This mechanism increases long term survivability of the device by enabling a quantum-resistant firmware upgrade path. The standardized, out-of-the-box TPM provides a solid foundation for securely establishing the identity and software status of PCs, servers, and connected devices, and for protecting the integrity and confidentiality of data at rest and in transit.
The TPM adds a firmware update mechanism with a 256-bits key length, along with an additional check based on PQC. With this strong and trusted update mechanism, the OPTIGA TPM SLB 9672 can still be updated if the standard algorithms are no longer trusted. Its design is engineered for improved computing performance with fail-safe features that counteract the effects of corrupted firmware. For instance, built-in fail-safe features enable TPM firmware recovery in accordance with the SP 800-193 Platform Firmware Resiliency Guidelines from NIST in the US.
NIST is currently agreeing the algorithms for standard PQC systems.
This TPM also provides an expanded non-volatile memory to store new features such as additional certificates and cryptographic keys. Security evaluation and certification are performed by independent bodies according to the Common Criteria and FIPS requirements. The new TPM also fully complies with the Trusted Computing Group (TCG) requirements (TPM 2.0 standard version 1.59) and is certified according to the latest TPM 2.0 standard.
The TPM enables easy integration with host software with tools and demonstration boards. It also supports the latest versions of Windows and Linux. The chip boasts an extended temperature range of -40°C to 105°C.
Infineon will provide the TPM SLB 9672 for a minimum of ten years for long term support and offers tailored support and maintenance through the Infineon Security Partner Network (ISPN). With this long-term commitment, customers can not only rely on the TPM’s continued availability but also on Infineon’s support.
The Optiga TPM SLB 9672 can be ordered now.
www.infineon.com/OPTIGA-TPM-SLB9672-kit
Related PQC articles
- Post-quantum chip has built-in hardware Trojan
- PQShield raises $20m for post quantum security
- Japanese consortium for post-quantum secure cloud
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
