Skip to main content
European Commission logo print header

Secure Architectures of Future Emerging Cryptography

Periodic Reporting for period 3 - SAFEcrypto (Secure Architectures of Future Emerging Cryptography)

Reporting period: 2018-01-01 to 2018-12-31

The realisation of quantum computers is ever closer with some researchers predicting their availability within the next decade. Since quantum computing offers dramatic speed-up over classical computing, when they do become a reality, commonly used public-key (or asymmetric) cryptographic algorithms based on integer factorisation and the discrete log problem, such as RSA, ECC, DSA and EC-DSA will be vulnerable to Shor’s quantum algorithm and hence, no longer secure. As a result, much research is now being conducted into post-quantum (PQ) cryptography, which refers to conventional non-quantum cryptographic algorithms that are secure today but should remain secure even after practical quantum computing is a reality. Among the various post-quantum techniques that exist (such as multivariate, code or hash-based), the most promising is lattice-based cryptography. Its main advantage is that it allows for extended functionality and is, at the same time, more efficient for the basic primitives of public-key encryption and digital signatures.

The public-key algorithms mentioned above (RSA, ECC etc..) are the mainstay of Internet security today. If the European Digital Single Market is to grow and prosper; and if the fundamental rights of European citizens with regard to security and privacy are to be upheld; then new quantum-resistant cryptographic protections must be adopted. The SAFEcrypto project provides a new generation of practical, robust and physically secure post-quantum cryptographic solutions that ensure long-term security for future ICT systems, services and applications. Novel public-key cryptographic schemes (digital signatures, authentication, and identity-based encryption (IBE)) have been developed using lattice problems as the source of computational hardness.
Project objectives have been achieved in full with key outputs being:

o Three new lattice-based algorithms were submitted to the NIST Post-Quantum Cryptography competition. These are the CRYSTALS-Dilithium and Falcon digital signatures and the CRYSTALS-Kyber key establishment mechanism.

o Three industrial proof-of-concept demonstrators have been delivered which clearly show the practicality of lattice-based cryptosystems in a wide variety of settings. Lattice-based primitives have been integrated into a variety of protocol stacks such as IPSec, TLS, and DTLS. Cryptographic key management has also been examined and lattice-based key materials integrated into OASIS KMIP clients.

o The libsafecrypto open-source software library has been published which provides a consistent platform to compare the performance of lattice-based algorithms.

o Physical security of lattice-based algorithms has been studied in detail and new side channel attack countermeasures proposed.

o Efficient hardware architectures and optimisations for lattice-based techniques have been developed.

o A full hardware implementation of the CRYSTALS-Kyber key establishment mechanism has been developed and will be released using the Amazon AWS-F1 cloud platform.

o Project partners have published 37 academic papers, including seven journal papers, since the start of the project. Many of these are published in leading journals and top quartile conferences.

o Project partners are currently editing a book on “Lattice-based Cryptography: From Theory to Practice” in conjunction with Springer publishing company.

The SAFEcrypto project has set in motion a series of standardisation activities, follow-on projects, development activities and market engagements that will ultimately deliver significant impact at macro and societal levels by delivering well-implemented, innovative cryptography which will fundamentally underpin the Digital Single Market and the security and privacy of citizens across Europe for many decades to come.
Widespread impact from the adoption of quantum-safe cryptography will be felt in the coming decade. That impact will be deep and broad with effects in almost all applications where public key cryptography is used today. However, wholesale migration to quantum-safe cryptography will not occur until standardisation takes place. The NIST Post-Quantum Cryptography competition is not expected to complete its work of selecting viable algorithms for standardisation until 2022 or beyond. The second round of the competition has begun and the emphasis of the later rounds will be on the practicality and robustness of the candidate algorithms, and their resistance to side channel attacks. It is not possible to predict if Dilithium, Falcon, Kyber and other lattice-based algorithms will progress through to the later stages of the competition but if they do then the work carried out by the SAFEcrypto team will certainly prove valuable.

Project outputs relating to side channel analysis of lattice-based algorithms lays the ground work for follow-on analysis in the NIST competition evaluating fault, timing and power attacks and the viability of countermeasures.

Project outputs on optimised implementations of lattice-based components lays a strong foundation for candidate algorithms. For example, in the selection of efficient, robust Gaussian samplers and constant-time implementations of same, may reduce the risks perceived in schemes such as Falcon.

Project outputs such as the libsafecrypto open-source software library provides a consistent platform to compare the performance of candidate algorithms. All the lattice-based algorithms implemented in the library use the same set of arithmetic functions, utility functions, hash functions and entropy sources. The library is completely standalone with no external dependencies and because of the frequent re-use of carefully implemented common components the library is both compact and portable. This also means that specific components can be optimised and implemented in constant-time where necessary.

Project outputs such as the proof-of-concept demonstrators show practical application of lattice-based primitives integrated into a variety of protocol stacks such as IPSec, TLS, and DTLS. Cryptographic key management has also been examined and lattice-based key materials integrated into OASIS KMIP clients.

The SAFEcrypto project completes several years in advance of when the first standardised quantum-safe cryptographic algorithms will be published. We hope that the three candidate algorithms submitted by SAFEcrypto consortium partners prove to be strong candidates that clearly display the practical, robust and physically secure post-quantum characteristics that underpin all the work undertaken in the project.
SAFEcrypto Final Project Review Meeting - March 2019