How Post-Quantum Cryptography Impacts SoC Design

Dana Neustadter, Ruud Derwig, Sara Zafar Jafarzadeh

Dec 05, 2022 / 5 min read

What do stock option pricing, drug discovery, and fraud detection have in common? They are among a growing number of applications that rely on rapid, precise calculations performed on massive volumes of data to uncover actionable insights. As powerful as supercomputers are, large-scale problems like these require even more processing power and capacity. This is where quantum computers come into play, with their ability to solve some of today’s intractable problems much more efficiently with enormous performance advantages, increased capacity, and better precision.

The impressive capabilities of quantum computing also present a new dilemma: once they become available some years from now, these mathematically astute computers will break current public-key cryptography and weaken the symmetric cryptographic algorithms. This presents a serious threat to the integrity and confidentiality of all our digital communications that rely on encryption, digital signatures, and communication protocols using digital certificates for proof of authenticity.

It’s hard to say exactly when quantum computers will become commercially pervasive, but industry experts pin the timeframe as 10 to 15 years from now. Even if this timeframe seems far away, we are already at an inflection point for post-quantum security because devices and infrastructure systems with longer life cycles or communicating data that must be kept confidential for an extended period need to have a path towards quantum-safe solutions. This is challenging for a number of reasons: the standardization effort for new public key cryptographic algorithms is still ongoing; there is a large spectrum of candidate algorithms, some of which may be broken before or after being standardized; and, overall, the migration to a post-quantum world will be much more complex than transitions witnessed in the past.

In this blog post, we’ll elaborate on the urgency of addressing post-quantum cryptography (PQC) now. Read on to learn about how you can secure your system-on-chip (SoC) designs today to ensure that they’ll be threat-resistant when quantum computers become available to bad actors.

Cryptography

Quantum Computing Will Break Current Cryptography Schemes

Today’s quantum computers can’t break current cryptography schemes, but it is only a matter of time when newer generations do, given the nature of quantum computing. Classical computers store information in binary bits, represented by ones or zeros; they can address one set of inputs and one calculation at a time and can thus process information sequentially. Quantum computers, on the other hand, are based on a different paradigm, quantum physics, and use quantum bits (qubits) that can store data in a state of superposition; the data can be zero, one, or both simultaneously. As such, quantum computing can explore all possible paths in parallel, solving some of the most complex problems in minutes versus the potentially thousands of years that classical computers and supercomputers would require.

However, this computing prowess also means that quantum computers will eventually be able to break the public-key cryptography schemes that are commonly used to secure sensitive data on the internet today. Also known as asymmetric cryptography, public-key cryptography uses a public key and a corresponding private key generated by cryptographic algorithms. While public keys can be distributed openly without compromising security, the private key must be kept secret to maintain the level of security. Data can be encrypted with a public key and decrypted only with the corresponding private key.

Asymmetric cryptography provides confidentiality, authenticity, and non-repudiation. It’s part of the foundation of many internet standards, including Transport Layer Security (TLS), Secure Shell Protocol (SSH), S/MIME, and Pretty Good Privacy (PGP). Public-key cryptography is also used for email traffic and digital signatures.

Common public-key cryptography implementations utilize algorithms from Rivest-Shamir-Adelman (RSA) and Elliptic Curve Cryptography (ECC). These algorithms rely on the difficulty of solving mathematical problems such as factoring large numbers in the case of RSA and solving the discrete logarithm problem over large groups in the case of ECC.

Quantum computers will not break symmetric algorithms but will weaken their security level. To mitigate this, larger key sizes will be required. Symmetric encryption uses the same key to encrypt and decrypt the message.  While faster than asymmetric encryption, symmetric algorithms provide confidentiality and are typically used for larger amounts of data.  One example algorithm is the Advanced Encryption Standard (AES). To protect the integrity of messages, hash algorithms are used such as Secure Hash Algorithm (SHA). Similar to the symmetric algorithms, hash algorithms will also have their security level weakened by quantum computers; however, with larger output sizes, they can still be made quantum safe.

The largest quantum computer so far today is around 400 physical qubits; it will take 1,500 logical qubits, which translates into millions of physical qubits, to break ECC-256 and 4,000 qubits to break RSA-2048.

How to Safeguard Your Chip Designs Today

What would happen once quantum computers break our current cryptography schemes? A bad actor would be able to decrypt and access all the information we currently send via the internet. Many of the electronic devices and systems in production today could have lifetimes that span 10 years or more—into the timeframe when quantum computers are anticipated to be in commercial use. Moreover, when data is captured and stored today, it could be decoded offline later when quantum computers become available. So not only the device lifetime, but also the time that data needs to remain confidential needs to be considered.

While universities, research institutes, and standards bodies have been actively working on solutions to address PQC, now is the time to start designing products with mechanisms that will be resistant to the threats that this level of computing deftness presents. Among the mechanisms that are worth considering:

  • Use of larger keys and larger output sizes for symmetric and hashing. For example, 256-bit keys for symmetric algorithms can still provide a 128-bit security level post quantum.
  • Implement crypto agility in a way that the algorithms can be adapted to the PQC world, and your designs are not dependent on specific algorithms. Consider programmable designs that consist of hardware and embedded firmware, where the hardware accelerates the main cryptographic primitives for performance and power benefits, but the higher level algorithms are implemented in firmware, thus offering flexibility for updates to continue to adapt the changing standards/algorithms.
  • Implement hybrid solutions that utilize both the traditional and PQC algorithms, an approach that maintains security should one of the algorithms break.

In the U.S., the PQC standardization process is well underway with the National Institute of Standards and Technology (NIST), which is evaluating algorithm candidates with a target of 2023-2024 for a complete set of PQC standards to become available. There are other PQC working groups and standardization initiatives underway including in Europe (ETSI), Germany (BSI), Japan, and China. It remains to be seen which PQC algorithms will be adopted globally, and which ones will be driven for specific geographical regions, but at this time NIST is the most visible in the standardization and migration process.

Leading the Way Toward a Quantum-Safe Future

The transition to post-quantum cryptography and its supporting infrastructure is deeply complex and will take a long time. While the industry works toward PQC standardization, Synopsys, an established leader in security IP and cryptographic solutions, can provide design teams with quantum-safe offerings now. Our portfolio includes:

Summary

Quantum computers offer the tantalizing promise of helping us solve some of the world’s biggest problems. Its rapid and exhaustive level of calculations can turn vast troves of data into actionable insights on complex challenges. Because they will eventually be capable of breaking current cryptographic schemes that protect so much of our sensitive data, it’s important to consider post-quantum cryptography in your designs today. With our continued investment in security—and specifically in solutions offering crypto agility—Synopsys is ready to guide design teams through this important transition into the next era of computing.

Continue Reading