WP1: Post-quantum cryptography for small devices

More than 98% of all microprocessors sold worldwide are used in embedded devices, and this trend will most likely accelerate due to emerging applications in the Internet of Things (IoT). Hence, it is of crucial importance to consider the availability of post-quantum schemes on this class of small and embedded processors and devices, including low-cost microcontrollers and hardware devices (FPGA/ASIC). To ensure that the work will be done by taking all the constraints of low-cost devices into account, the partners involved in this work package will provide a clear description of their constraints and needs. Then suitable schemes will be identified and adapted to support the requirements of embedded devices. The consortium’s preliminary results on FPGAs and inexpensive 8-bit ATmega microcontrollers for MicroEliece and MQ-schemes have shown that post-quantum cryptography with secure parameters is feasible on small devices. Furthermore, advances in lattice-based schemes resulting in the NTRU and R-LWE encryption or BLISS signature schemes with moderate arithmetic and memory requirements indicate a great potential for running efficiently on embedded devices. Despite the many different promising approaches, it is still an open issue which asymmetric post-quantum schemes are most suitable for those constrained platforms.

Apart from asymmetric cryptosystems, post-quantum cryptography on embedded devices also needs a redesign of symmetric algorithms. Most of today’s lightweight crypto aims at an 80-bit or at most 128-bit security level. Those algorithms are broken by Grover’s algorithm on a quantum computer. One of the most widely used lightweight symmetric encryption algorithms today is PRESENT, which has been developed by researchers at RUB and DTU. A further task of this work package is to redesign symmetric algorithms as such to increase their security level to withstand attacks from quantum computers - of course without seriously hurting performance or resource consumption of their physically protected implementations.

This work package is dedicated to (a) identify and adapt the most suitable post-quantum candidates to the requirements of constrained devices and to produce (b) efficient and (c) physically secure implementations that can be built into existing and emerging embedded applications as easily as conventional cryptosystems such as AES, RSA and ECC.

Last modified: 2015.04.01