POST-QUANTUM CRYPTOGRAPHY (PQC)
Protect current systems against future quantum computer threats
Who needs PQC today?
PQC is primarily relevant for long-lived products and critical infrastructures. These are industries such as:
- transportation (e.g. automotive industry, railways, airports) and
- energy supply (e.g. power plant operation, grid operation),
- public authorities (e.g. police, military, government, judiciary),
- research & development (e.g. high-tech companies, government research institutions).
© MTG AG
Anyone that is producing long-lived products or is responsible for highly sensible data should already start dealing with PQC today. This is technically possible and feasible, since current computers can already use post-quantum methods.
In particular, industries listed above should not waste any time in protecting themselves against quantum attacks threatened by quantum computers. As soon as their products and services enter the quantum computer age, they become exposed to attacks.
When will the quantum computer age start?
Commercial quantum computers will be available with a 50% probability by the end of the next decade (Nist, 2016). Drivers of quantum computers are IT applications that, for example, have to cope with many parallel computing operations in order to simulate the physical quantum-mechanical world more effectively. Examples include applications from the pharmaceutical industry, materials research, logistics, finance and meteorology.
On the other hand, this "Quantum Leap" in computation power, carries the negative side effect that today's "Best Security Practices" and encryption algorithms will be broken, leaving the existing IT security infrastructures completely vulnerable.
The protection of your data against future decryption with quantum computers is already possible with our PQC portfolio today. For this purpose, a new generation of MTG products has been developed, which allow a seamless integration of PQC Algorithms.
PKI Product (MTG CARA)
MTG CARA is a flexible, configurable, multi-tenant CA system for the generation and administration of certificates using traditional and post-quantum cryptography (PQC).
Key Management System (MTG KMS)
MTG KMS is a centralized, highly available management and encryption of traditional and PQC keys for various applications.
MTG PQC Suite
We offer a complete suite of crypto-agile applications using hybrid PQC schemes suitable for any IT-infrastructure, such as Web Server, Browser, Email, and Document Signing. All solutions are based on industry solutions like Firefox, Thunderbird, Tomcat, Apache HTTP.
Hardware Security Module (HSM)
Even in the age of PQC schemes, HSMs remain the backbone of the security infrastructure. MTG therefore supports PQC schemes in selected HSM models. This is achieved by the integration of PQC algorithms into the desired HSM. The integration can also be undertaken into existing HSMs being used productively today.
MTG Services – PQC Integration in Customer Solutions
In close cooperation with our customers, we are implementing the integration of PQC into existing applications and protocols as in a joint project.
Application of hybrid processes
One of the most important aspects for the successful integration of new PQC algorithms in the existing security infrastructure, is the use of so-called hybrid methods. A hybrid protocol, combines a classical and a PQC scheme to offer maximum possible security and provide full reliability. Hybrid methods take advantages of both universes: On the one hand, the robustness of crypto methods that have been tried and tested millions of times and are currently in use (e.g. RSA, ECC) and, on the other hand, the combined use of the new, post-quantum-safe methods.
PQC Standardization & Crypto Agility
The standardization of the PQC schemes is an essential step towards a more secure, reliable and widely used PQC. Leading institutions such as ETSI, ITU-T and NIST have already started various standardization processes, but the end results are not expected for some years to come. Until then, we rely on highly secure, hash-based algorithms like XMSS and SPHINCS+ for signing operations and code-based algorithms like Classic McEliece for asymmetric public key encryption and key exchange. .
We always consider recent developments in our projects and keep our solutions "upgradeable". A central aspect of our development processes is Crypto Agility. This the ability to add and remove cryptographic algorithms from and to our products with minimal effort and down time.
Research & Development
When developing our PQC solutions and services, we remain in regular cooperation with other PQC specialized companies (e.g. Isara) and also work closely with research institutions (e.g. Fraunhofer SIT and universities). We constantly monitor the developments of the NIST Competition to determine the future PQC schemes. This ensures that only recognized and tested PQC schemes are implemented in our products and projects.