Our increasingly digital modern society is critically dependent on the protection of digital assets. Such assets do not only include private information stored on and transmitted between computers, smartphones, and wearables, but also the control over critical infrastructure, cars, airplanes, and a variety of small devices forming the Internet of Things (IoT). Essentially all mechanisms to protect these digital assets rely on cryptography. Most of the cryptographic protocols that we are using every day for, for example, secure Internet communication, secure payment, or secure software updates, rely on only five cryptographic building blocks: symmetric encryption, message-authentication codes, hash functions, key-agreement mechanisms, and digital signatures.
For each of those building blocks there exist algorithms that are trusted to withstand attacks even by well-funded attackers with serious computation power. However, this statement is only true if the attacker is restricted to using classical computers. Already in 1994, Shor showed that a hypothetical large universal quantum computer can efficiently solve two problems that are considered hard for classical computers: factoring large integers and computing so-called discrete logarithms. As it turns out, all key-agreement algorithms and signature algorithms in use today are based on one of those two problems. This means that if and when a large quantum computer is built, all currently deployed key-agreement and signature algorithms will no longer offer any protection.
Luckily, the dawn of large quantum computers does not mean the end of cryptography. There exist proposals for key-agreement and signatures that, as far as we know, resist attacks also by large quantum computers, so called "post-quantum" schemes.
In order to focus efforts and eventually standardize post-quantum key-agreement and signature schemes, the US National Institute for Standards and Technology (NIST) issued a public call for proposals for such schemes in 2016. As a first major result, in 2022 this effort by NIST selected four schemes for standardization,
three of these schemes are co-designed by the PI of this project, including the only selected key-agreement algorithm, for which he is the primary submitter to the NIST standardization project.
Research within EPOQUE tackled engineering challenges of post-quantum cryptography following two main themes.
The first theme is research into efficient and secure implementations of post-quantum schemes.
This includes optimization for speed on various platforms, for code size, and for RAM usage. Furthermore we
studied various aspects relating to so-called side-channel attacks and countermeasures. Side-channel attacks use
information such as timing or power consumption of cryptographic devices to obtain secret information.
The second direction is about protocol integration. We examied how different real-world cryptographic
protocols can accommodate the drastically different performance characteristics of post-quantum cryptogra-
phy, explore what algorithms suit best the requirements of common usage scenarios of these protocols, and
investigate if changes to the high-level protocol layer are advisable to improve overall system performance.
