Industry Expert Blogs

Introduction

As technology progresses, the rise of quantum computing brings both exciting opportunities and serious challenges, particularly in the field of cybersecurity. Quantum computers have the potential to break widely used encryption methods, threatening the security of the digital systems that keep our world connected. In response, Post-Quantum Cryptography (PQC) is emerging as the solution to future-proof data security, specifically designed to resist attacks from both classical and quantum computers.

However, integrating PQC into embedded systems presents unique challenges due to their limited resources. In this post, we’ll explore why PQC is essential, the current standards, the general hurdles of adopting these technologies, and the specific challenges developers face when working with embedded devices.

Understanding Cryptography

Before we delve into the topic of post-quantum cryptography, it is helpful to understand the fundamentals of (classical) cryptography. First, crypthography is a process for encrypting and decrypting data and follows the four main principles:

• Confidentiality: sensitive data should not be passed on to unintended recipients
• Authenticity: the source of the data should be verified
• Data integrity: data should not have been altered by an untrustworthy party
• Non-repudiation: it should be prevented that the sender and recipient can deny their involvement in certain messages

In cryptography, individual building blocks are referred to as cryptographic primitives (low-level algorithms) that can be combined to form more complex cryptographic protocols. Examples of primitives are RSA and AES, while examples of protocols are TLS (Transport Layer Security) and SSH (Secure Shell).

Cryptographic algorithms have formed the backbone of secure communication for decades and were developed for two main functions:

• General encryption, which protects data such as passwords that are transmitted over public networks
• Digital signatures, which are used to verify identity

Cryptographic Functions

The most well-known cryptographic functions are encryption schemes. They protect the confidentiality of data and prevent it from being intercepted by unauthorized persons. To encrypt data, an encryption key is used that can only be decrypted with the correct key.

Another widely used cryptographic function is the signature method, which aims to ensure the authenticity and integrity of data. The data is signed with a key, which in turn can be verified with a verification key.

To function securely, cryptographic functions need secure keys, which are generated either symmetrically or asymmetrically.

• In symmetric cryptography, encryption and decryption or signing and verification are done with the same key, which the parties must agree on in advance. This leads to a problem known as the key distribution problem, which describes that the key could be stolen or copied while in transit.
• In asymmetric cryptography, two different keys are used, a public and a private one. One party generates a key pair and publicly announces the public key so that anyone can encrypt data or verify signatures. However, only the owner of the private key can decrypt or create signatures.

Symmetric key functions are usually more efficient than asymmetric key functions, so the less efficient asymmetric primitives are usually used to create a symmetric key. This solves the key distribution problem.

The asymmetric primitives used to create a shared symmetric key between two parties are called Key Exchange (KE) algorithms or Key Encapsulation Mechanisms (KEMs). To protect the communication channel, more efficient symmetric primitives such as AES can be used.

In addition, hash functions convert a message into a hash value, so it is easy to check whether a particular hash value matches a particular message. Reversing the hash value to its origin or finding two different messages with the same hash value is difficult. Hash functions do not necessarily require a cryptographic key, but if they do, they use a symmetric key. Therefore, they are often grouped with symmetric key primitives.

Finally, message authentication codes (MACs) ensure authenticity and integrity by marking a message so that the recipient can verify that it was sent by the intended party and has not been altered during transmission. MACs are usually constructed from hash functions or block ciphers.

Why Is Post-Quantum Cryptography necessary?

Click here to read more ...