With every passing day, the need for crypto agility becomes more and more important. Whether you believe quantum computing is 10 years, 20 years or more away, the inevitability is that it is approaching fast. In the world of cryptography, Key Management Systems (KMS) are already well down the path of developing technologies for a quantum world. However, the KMS is only one portion of a total cryptography solution. This is why many leading technology organizations have begun research on Hardware Security Modules (HSMs) and their role in crypto agility.
What is an HSM?
There are many facets to a secure and technically sound cryptography solution. HSMs play a critical role in safeguarding and managing digital keys.
These physical computing devices enable strong authentication measures as well as the facilitation of crypto processing for encryption and decryption.
Whether the HSM is designed as an external device or a plug in card, these devices also feature tamper resistance that can detect, log, and provide alerts when suspicious activity occurs.
They are even capable of deleting crypto keys as a failsafe against tampering activity.
HSMs and crypto agility
Much of the initial focus for developing post-quantum, or PQ, strategies was focused on developing new algorithms that could resist the increased computing power of quantum computers. Today’s classical computing systems lack the processing power to perform the trillions and trillions of transactions required to effectively factor today’s crypto algorithms. Quantum computing has already been theoretically proven to be able to crack the code which prompted the crypto industry to scramble its resources to develop safe and secure PQ algorithms.
The development of these algorithms is just the first step in a complex deployment of crypto agile infrastructure solutions. The primary challenge in all of this is that organizations, especially those in the business of secure financial transactions, must begin living in both the pre and post quantum world.
This means that these entities will need to be able to exchange both quantum and non-quantum safe data during what could be a decades long transition. This places additional requirements on critical components of the infrastructure such as the HSMs.
Specifically for the HSMs, there will need to be methods to effectively and efficiently upgrade firmware and algorithms as the demands for encryption continue to evolve. This will impact any organization that is using digital certificates, embedding secure elements or providing payment mechanisms.
The HSMs will also need to be able to take into account the ever-growing universe of IoT connected devices. These are the driving forces behind the efforts of many of the major players in the research and development of post-quantum cryptography such as Microsoft, LG Electronics, and Isara.
The right HSM for the job
When major players like these get their vast research resources, including people and money, focused on a goal, they want to ensure they have the right tools for the job. Their tool of choice for HSMs is from Utimaco. Founded in 1983, Utimaco is a leading manufacturer of HSMs for financial services, payment services as well as the automotive industry. Their comprehensive line of products includes a range of HSMs that can be deployed as both general purpose and customized solutions. In addition to their family of HSMs, they also offer a pair of integrated Software Development Kits (SDK) that allows their customers to efficiently prepare and implement post-quantum safe solutions.
One of these major researchers, Microsoft, has detailed their efforts utilizing the Utimaco HSMs in a project code named “Picnic”. The detailed design document (The Picnic Signature Scheme, by
Melissa Chase, David Derler, Steven Goldfeder, Claudio Orlandi, Sebastian Ramacher, Christian Rechberger, Daniel Slamanig and Greg Zaverucha) describes Picnic as a signature scheme that is designed to be able to withstand attacks from quantum computers. It is built using foundational elements such as symmetric key primitives, post-quantum security measures, and a zero-knowledge proof system. This exhaustive analysis details the process that was undertaken to develop, test, and analyze the security of various forms of the Picnic signature scheme. This research included a wide variety of attack protocols along with various forms of the Picnic signature.
As you can imagine, the combination of signature forms and attack models required a significant amount of customization and adaptation in the underlying infrastructure. This includes the Utimaco HSMs and their ability to effectively function in both pre and post quantum states. In addition to the functional effectiveness of the HSMs, the agility afforded by the integrated SDKs contributed to the Utimaco devices being an integral part of the success of the Microsoft research effort ( #PartnersAreKey ).
The quantum future
Many refer to the age of quantum computing as the next major milestone of human existence. Its impacts will be felt in every aspect of life. Similarly, the impacts will be felt within every aspect of your crypto infrastructure.
A thorough and methodical deployment of a crypto agile solution, including your HSMs, is the optimal path forward.
Connect to the Utimaco PQC research network
Be informed about the release of the next post-quantum related blogs and videos. Simply enroll to our info-mail with the subscription button on the top right.
Are you part of a research institute of department and interested in participating in our collaborative research programs, please contact us for additional information.