Newsportal - Ruhr-Universität Bochum
Personal data stored on electronic health cards needs to be still secure in many years’ time. However, once quantum computers exist, this is no longer guaranteed for the asymmetric techniques that are currently in use.© Roberto Schirdewahn
In order to test cryptographic techniques for microdevices, the researchers develop the central components of the devices and implement them on evaluation platforms. With their aid, they are able to demonstrate that attackers would not be able to achieve their aim even under optimal lab conditions.© Roberto Schirdewahn
Today, long-term secure cryptographic techniques are integrated in a wealth of everyday items such as in electronic key-lock systems.© Roberto Schirdewahn
Data protection against the threats of tomorrow
Cryptography is subdivided in the two categories symmetric and asymmetric techniques; the latter are considerably more complex because of their underlying mathematical structures. In symmetric techniques, sender and receiver use the same key to encrypt a message and to subsequently decrypt it. In asymmetric techniques, on the other hand, sender and receiver use different keys that are linked via a mathematic relationship.
Asymmetric encoding techniques are required for many applications with advanced security requirements, for example those for digital signatures.
The asymmetric techniques that are in use today would no longer be secure if quantum computers existed. Under the umbrella of the EU project Post-Quantum Cryptography, researchers are therefore searching for new cryptographic solutions and implementations. Four categories of mathematic techniques are suited for the purpose: code-based cryptography, lattice-based cryptography as well as cryptography on the basis of systems of multivariate-quadratic equations or cryptographic hash functions.
To this end, the team headed by Prof Dr Tim Güneysu, in close collaboration with the Chair for Embedded Security, has initially identified and analysed promising techniques for implementing them into microdevices, such as hardware chips and Smartcards.
“As yet, we have mostly excluded hash-based cryptography from our studies, because implementation techniques have been thoroughly analysed to date,” says Güneysu. Cryptography via multivariate-quadratic equation systems are not a main aspect of the research, either. The reason is: “The security status of some of the proposed systems has not yet been fully understood. Therefore, we consider it difficult to raise acceptance for several of these systems in practical applications,” explains Güneysu.
Some of the multivariate-quadratic techniques had been introduced as quickly as they were subsequently broken. Accordingly, it is a risk to invest a lot of effort into optimising methods of this category for microdevices.
Techniques with high potential
The IT security expert considers lattice-based and code-based cryptography promising. Not only do those techniques offer the potential to protect from quantum computer attacks, the team has also demonstrated that they can be efficiently implemented in microdevices.
The challenge: to an extent, the new techniques demand for complicated algorithmic computations and large keys, which increase system costs significantly – a major problem if the technology is supposed to be deployed in small and cost-efficient computational systems.
In order to tackle this problem, the researchers deploy alternative representations of those cryptographic techniques, which introduce, for example, structures in the codes aiming at reducing the overall key size. They also optimise algorithmic computations by tailoring them to the target platform. Depending on which technique they used, the researchers were able to consolidate complex steps with other computations or even omitted some of them without reducing the security margin offered by the cryptographic technique.
This is how the team from Bochum has demonstrated that a first step is taken so that today’s microdevices with constrained processor technology can securely communicate, anticipating the upcoming threats in the era of quantum computers.
17 December 2015