BSI certifies first smartcard with post-quantum cryptographic algorithm
The BSI has certified the first quantum-safe smartcard. This means that quantum computers cannot crack the encryption of data.
(Image: Jackie Niam/Shutterstock.com)
Algorithms for quantum computers to break conventional encryption in particular are making progress, which is why cryptologists are looking for ways to encrypt communication in such a way that the new class of computers can bite their teeth out. The BSI has now certified the first smartcard that can guarantee quantum-safe encryption.
IT security researchers are developing specific post-quantum cryptographic algorithms (PQC), in particular to ensure that recordings of encrypted communication cannot be decrypted afterward (“collect now, decrypt later”). Just last August, the US NIST adopted three encryption standards that are designed to withstand attacks by quantum computers: FIPS203, FIPS204 and FIPS205. The smartcard now certified by TÜV for the BSI is based on an Infineon IC that implements the FIPS203 PQC method, also known as ML-KEM.
Long-term protection of data
According to the BSI, this is the world's first Common Criteria security certificate for a specific implementation of FIPS203. Data encrypted with this certificate should also be able to withstand potentially powerful attacks using quantum computers. The smartcards can be used for ID cards, health cards, credit cards or SIM cards, the BSI cites a few specific examples.
Videos by heise
The BSI sees an urgent need for action to migrate encryption to quantum-resistant algorithms. The IT security authority explains that traditional cryptography is facing an increasing threat scenario from quantum algorithms. Together with 17 European partners, the BSI is calling for an “active switch to quantum-resistant methods by 2030 at the latest”.
Common Criteria certificate
The BSI declares that the certified Infineon IC-based smartcard fulfills the “quasi-industry standard” for secure IT products Common Criteria (ISO/IEC 15408). With such a CC certificate, manufacturers can prove that a product actually meets the defined security requirements. Successful certification also means that the implementation is correct and that the product is resistant to attacks in everyday use.
The BSI also points out that the switch to European certification with EUCC is imminent and will harmonize and expand CC certification at European level.
(dmk)
