Periodic Reporting for period 1 - QUBIP (Quantum-oriented Update to Browsers and Infrastructures for the PQ Transition)
Periodo di rendicontazione: 2023-09-01 al 2025-02-28
Billions of people rely on cryptography every day for their secure digital interactions over the Internet. However, cryptographic algorithms that are considered secure today may become insecure in the future due to advances in quantum computing. The exciting new frontiers opened up by the development of quantum computers (QCs) come at the cost of breaking the foundations of Internet security. Therefore, the advent of QCs has motivated the cryptographic research community, under the coordination of NIST, to work on and propose post-quantum cryptography (PQC) algorithms (i.e. KEM and digital signatures) based on the complexity of new mathematical problems to make them harder to break them by QCs. The transition to PQC is delicate and will take time, as it affects many protocols in an a priori unknown cascade of dependencies. This transition is expected to be more complicated than previous ones, in fact a lot of effort is being put into analysing the intrinsic complexity of the transition process itself, in addition to the standardisation effort of PQC. Therefore, it is of paramount importance to start this transition now to shed light on the barriers to the transition and to experiment with appropriate approaches to overcome these barriers.
QUBIP is specifically designed to contribute to the EU transition to PQC with the aim of (i) simplifying and making replicable the transition process through recommended practices, structured support processes for industry and contributions to standardisation and policy making, and (ii) addressing PQ threats as soon as possible.
QUBIP addresses the transition of digital infrastructures to PQC by maximising the return on experience from different practical transition exercises involving the tailored adoption of PQC in HW, cryptographic libraries, operating system, communication protocols and applications. The resulting post-quantum building blocks will then be appropriately combined in three pilot demonstrators (i.e. quantum-secure IoT-based digital manufacturing, quantum-secure internet browsing and quantum-secure software network environments for telecom operators) to address system-level transition challenges.
QUBIP is specifically designed to contribute to the EU transition to PQC with the aim of (i) simplifying and making replicable the transition process through recommended practices, structured support processes for industry and contributions to standardisation and policy making, and (ii) addressing PQ threats as soon as possible.
QUBIP addresses the transition of digital infrastructures to PQC by maximising the return on experience from different practical transition exercises involving the tailored adoption of PQC in HW, cryptographic libraries, operating system, communication protocols and applications. The resulting post-quantum building blocks will then be appropriately combined in three pilot demonstrators (i.e. quantum-secure IoT-based digital manufacturing, quantum-secure internet browsing and quantum-secure software network environments for telecom operators) to address system-level transition challenges.
QUBIP is monitoring the evolution of the Cryptographically Relevant Quantum Computer (CRQC) and quantum algorithms to assess the impact on the key design decisions of QUBIP. The results of the monitoring activities are taken into account in every design decision. At the same time, the three target systems have been logically divided into building blocks: (i) IoT devices with hardware secure elements in their MCU and MPU flavors, (ii) three cryptographic libraries, OpenSSL and NSS for well-resourced devices and Mbed-TLS for constrained devices, (iii) two communication protocols, TLS v1.3 and IKE-less IPsec, (iv) the Fedora operating system, (v) the Mozilla Firefox browser. In addition, other horizontal building blocks such as, (vi) self-sovereign identity, (vii) public key infrastructure, and (viii) TPM-based integrity verification.
Each building block, in its classical crypto-based version, has been properly analyzed to design its transition to PQC. The design considered the PQC algorithms selected for standardisation and already standardised by NIST (e.g. ML-KEM, ML-DSA, SLH-DSA, FALCON) and other valuable options such as LMS and XMSS. In some cases, the design includes the proper adoption of PQC in a crypto-agile manner, and a different deployment strategy. All major design decisions are reported in deliverable D1.4. All building blocks have been implemented in open-source software and hardware in their first version and presented during the third General Assembly (GA) to demonstrate the MS4 achievement in practice.
Then, the consortium moved to integrate the building blocks into the three systems. The integration of the first implementation version of the building blocks into the three systems as detailed in deliverable D2.1 allows the partners to address the challenges and barriers to transition at the system level. Several unexpected barriers have been encountered. These have so far been documented to feed into future activities and have been well addressed. The deployment of the first integration system is successful and demonstrates the achievement of MS6.
While working on the implementation of quantum-secure building blocks and systems, the consortium has also defined the use cases specifically tailored to evaluate and validate the three systems deployed and running in relevant environments. A total of 9 use cases have been defined in detail, together with the Key Performance Indicators (KPIs), the acceptance criteria and the test plan for validation at TRL6, see deliverable D3.1.
Each building block, in its classical crypto-based version, has been properly analyzed to design its transition to PQC. The design considered the PQC algorithms selected for standardisation and already standardised by NIST (e.g. ML-KEM, ML-DSA, SLH-DSA, FALCON) and other valuable options such as LMS and XMSS. In some cases, the design includes the proper adoption of PQC in a crypto-agile manner, and a different deployment strategy. All major design decisions are reported in deliverable D1.4. All building blocks have been implemented in open-source software and hardware in their first version and presented during the third General Assembly (GA) to demonstrate the MS4 achievement in practice.
Then, the consortium moved to integrate the building blocks into the three systems. The integration of the first implementation version of the building blocks into the three systems as detailed in deliverable D2.1 allows the partners to address the challenges and barriers to transition at the system level. Several unexpected barriers have been encountered. These have so far been documented to feed into future activities and have been well addressed. The deployment of the first integration system is successful and demonstrates the achievement of MS6.
While working on the implementation of quantum-secure building blocks and systems, the consortium has also defined the use cases specifically tailored to evaluate and validate the three systems deployed and running in relevant environments. A total of 9 use cases have been defined in detail, together with the Key Performance Indicators (KPIs), the acceptance criteria and the test plan for validation at TRL6, see deliverable D3.1.
A set of 16 Key Exploitable Results (KERs) has been identified that almost coincide with the implemented quantum secure building blocks, see deliverable D4.1 and its update D4.2. Today, all KERs can be considered as results beyond the state of the art, as they are functional and secure building blocks using PQC. In particular, all results are released as open source software and/or hardware via the official GitHub repository (https://github.com/QUBIP(si apre in una nuova finestra)).