Quantum computing today is more a promise of the future than a practical approach. Though significant progress has been achieved over the past couple of years, in particular under the aspects of error correction, stability and scalability, today’s quantum computers have not even reached the status of infancy. Nevertheless, the avant-garde of innovative data companies such as Google and IBM is investing significant amounts of money into the further development of quantum computers, explains Manfred Lochter, consultant at Germany’s data security authority BSI.
Many industry branches, including materials science, medicine, pharmacy and metrology, are hoping for true wonders from quantum computers, but unity prevails above all with regard to QC’s ability to break data encryption (and in particular the widespread asymmetric public-key encryption) in no time at all. Experts like Michele Mosca, co-founder of the Institute of Quantum Computing at the University of Waterloo (Canada), sees a chance of 50% that by 2031 quantum computers will be able of breaking RSA-2048 encryption – a scheme today regarded as secure.
High time to act, says Andreas Fuchs, deputy department head for Cyber Physical System Security at the Fraunhofer Institute for Security in the Information Technology (SIT). The reason is that car-based systems that enter the development phase now will still populate the roads in more than a decade – in a time when the security of data connections can no longer be guaranteed thanks to the use of QC. This is owed to the relatively long design cycle of cars (today some 5 to 7 years), their relatively long production cycle of 5 to 10 years and more, and their subsequent life as consumer durables, with an additional lifetime of up to twelve years.
Thus, the cars that today are under development, will be for sure affected by the code breaking capabilities of tomorrow’s quantum computers, Fuchs said. The relevance to identify new encryption schemes that can withstand even the superior code cracker capability of quantum computers results from the variety of communication applications in the connected car that must not be compromised: From value added services (for instance, charge point reservation for e-cars) to novel business models (such as, for instance, “pay-as-you-drive” insurance tariffs) or OEM services such as quality control, product improvement and the like. All these applications and their related data links rely on security. Referring to the famous Miller / Valasek Jeep hack of 2015, when two security experts remotely drove a car from the street, Fuchs said “This is what is possible with today’s cars. Now imagine you are sitting in a car that doesn’t even have a steering wheel!”.
The conclusion: Data encryption must be hardened to an extend that not even a quantum computer will be able to crack the code. This “Post quantum security” needs to be developed now, Fuchs said.
How can such a post quantum security look like? In any case, it requires more computing resources in the car (and likewise in any IoT node that relies on secure communication). The expert suggested automotive electronics developers should incorporate “cryptographic agility” into all networking and local protocols. This means that all crypto-based routines and devices must be exchangeable and upgradeable – which in turn could mean that today’s developers will already leave generous space to accommodate larger keys (much larger keys, actually) and more complex data processing. This also will require that future cars can be updated across the air – a feature the auto industry has currently under development. Under the aspect of data structures, cars will be “long-lived identities”, Fuchs puts it. These identities are required, among other, to establish backend connections, or to retrieve short-lived but safety-critical identities like those that exchange data in a V2X context. Given the longevity of cars and their data identity, it will be very likely that they need to be updated several times over their lifetime – and towards this end, standards are needed, Fuchs added.
Here, Infineon steps in. Through its activities in the production of security chips for payment systems, access control systems and passports, the chipmaker has already significant expertise in the area of identity management and data security. Plus, the company is actively pursuing intensive research on post-quantum cryptography, explained Thomas Pöppelmann who oversees these areas at Infineon. Post-quantum cryptography does not require quantum computers but instead can run on basically conventional hardware, Pöppelmann explained. However, new mathematical hardness assumptions are required in particular for public-key cryptography. Basically five approaches out of several dozens of techniques and are algorithms regarded as promising, Pöppelmann explained. One of them is the “New Hope” approach, based on the research of a quartet of scientists – Erdem Alkim, Léo Ducas, Peter Schwabe – and Infineon’s Thomas Pöppelmann. The chipmaker has implemented the New Hope approach on a commercially available contactless safety chip. This proves that PQC can also be implemented on systems with little memory and contactless power supply – and is therefore practicable, Pöppelmann said.
Infineon, by the way, is not alone. Important institutions such as the National Institute of Standards and Technology (NIST) of the U.S. has already started a standardization effort, organized as a competition where research institutes, industrial entities and others can submit proposals for standard crypto processes and protocols; the timeline for the submissions is November 201, and New Hope is one of the papers submitted.
Nevertheless, there is still a lot to do. At the device level, further research is needed to optimize existing systems in terms of low power consumption, low storage requirements and high security, Pöppelmann explained. Even when this will be done, more challenges ware waiting further down the road. These include the integration of post-quantum cryptography into applications. Existing RSA and ECC encryption in large-scale infrastructures need to be replaced by PQC security. “This can become extremely expensive”, Pöppelmann foresees.