Full Lifecycle Post-Quantum PKI
The FLOQI project aims to develop a backward-compatible, quantum-resistant PKI. Within the project, solutions are investigated that are based on hybrid X.509 certificates as well as solutions that enable a parallel deployment of conventional and post-quantum PKIs.
The resulting PKI concepts will be deployed in demonstrators by leading tech companies from the automotive and automation domain as well as leading trust service providers.
Cryptographic primitives and their parameters erode over time: New attack avenues are being discovered, and the steady increase in computational power leads to more powerful attacks. Apart from that, new computing technologies such as quantum computers pose a serious threat to currently deployed public-key cryptography that is widely used for key establishment and digital signatures. As a result, products with a long lifespan, e.g., components in industrial control systems, require the early development of security technologies that can withstand attacks aided by quantum computers. Such technologies must be able to protect the confidentiality of data but also enable the straightforward use of digital signatures. The latter relies on public-key infrastructures (PKI), which currently make use of conventional public-key cryptography. Therefore, PKIs need to be modified to resist upcoming quantum attacks, which require the design, development, and deployment of post-quantum cryptography (PQC).
The goal of the project Full-Lifecycle Post-Quantum PKI (FLOQI) is the development of quantum-resistant PKI. Such a PKI must be backward-compatible with current cryptographic primitives. In order to achieve this, PQC schemes are implemented for different platforms and evaluated in three demonstrators. These demonstrators will showcase the solutions in three distinct domains: automotive, industrial, and trust services. In all these domains, it is essential to deploy long-term security solutions since their products, such as control units inside manufacturing plants, often have long lifespans (> 15 years).
Innovations and Outlook
The project targets the entire lifecycle of a PKI. With this target in mind, the development of a PKI that supports conventional and post-quantum primitives is core element of this project. Such an infrastructure has the advantage that flaws in novel cryptographic primitives are mitigated due to the simultaneous use of conventional cryptography. As a result, companies can rely on a suitable, long-term security solution, which, in turn, helps customers to benefit from a higher level of security.
|Technische Universität Berlin||ETAS GmbH||D-Trust GmbH||NXP Semiconductors Germany GmbH|
Robert Bosch GmbH
Deutsche Telekom Security GmbH
Fraunhofer Institute for Applied and Integrated Security (AISEC)
Bayerische Motoren Werke Aktiengesellschaft
This project is funded by the German Federal Ministry of Education and Research (BMBF) [Link]
Other projects funded within the funding program “Post-Quantum Cryptography”:
- Aquorypt [Link]
- KBLS [Link][Link]
- PQC4MED [Link][Link]
- QuantumRISC [Link][Link]
- QuaSiModO [Link][Link]
- SIKRIN-KRYPTOV [Link]
Other companies with results targeting a Post-Quantum PKI:
- MTG AG with PQC-PKI-Demo [Link]