QUBIP is monitoring the evolution of the Cryptographically Relevant Quantum Computer (CRQC) and quantum algorithms to assess the impact on the key design decisions of QUBIP. The results of the monitoring activities are taken into account in every design decision. At the same time, the three target systems have been logically divided into building blocks: (i) IoT devices with hardware secure elements in their MCU and MPU flavors, (ii) three cryptographic libraries, OpenSSL and NSS for well-resourced devices and Mbed-TLS for constrained devices, (iii) two communication protocols, TLS v1.3 and IKE-less IPsec, (iv) the Fedora operating system, (v) the Mozilla Firefox browser. In addition, other horizontal building blocks such as, (vi) self-sovereign identity, (vii) public key infrastructure, and (viii) TPM-based integrity verification.
Each building block, in its classical crypto-based version, has been properly analyzed to design its transition to PQC. The design considered the PQC algorithms selected for standardisation and already standardised by NIST (e.g. ML-KEM, ML-DSA, SLH-DSA, FALCON) and other valuable options such as LMS and XMSS. In some cases, the design includes the proper adoption of PQC in a crypto-agile manner, and a different deployment strategy. All major design decisions are reported in deliverable D1.4. All building blocks have been implemented in open-source software and hardware in their first version and presented during the third General Assembly (GA) to demonstrate the MS4 achievement in practice.
Then, the consortium moved to integrate the building blocks into the three systems. The integration of the first implementation version of the building blocks into the three systems as detailed in deliverable D2.1 allows the partners to address the challenges and barriers to transition at the system level. Several unexpected barriers have been encountered. These have so far been documented to feed into future activities and have been well addressed. The deployment of the first integration system is successful and demonstrates the achievement of MS6.
While working on the implementation of quantum-secure building blocks and systems, the consortium has also defined the use cases specifically tailored to evaluate and validate the three systems deployed and running in relevant environments. A total of 9 use cases have been defined in detail, together with the Key Performance Indicators (KPIs), the acceptance criteria and the test plan for validation at TRL6, see deliverable D3.1.