Description
The necessity of deploying post-quantum cryptography to secure services and applications is now well established, thanks in particular (thanks) to ANSSI’s recommendations and the normative and regulatory processes currently being drafted (NIST, ETSI, …).
Following the cycle of conferences in 2021 and 2022, DGA - Maîtrise de l’information organizes in collaboration with CREACH LABS and with the support of Pôle d’excellence cyber, ANSSI, IRISA and IRMAR, this 3rd edition of PQC by DGA as part of the European Cyber Week 2024.
The goal of the workshop consists in measuring the impact of the deployment of post-quantum cryptography on large scale communication infrastructures.
Agenda includes :
- Institutional presentations
- Presentations by industrials on recent advances and feedback on the deployment of post-quantum solutions
- Presentations of ongoing research and development work
Scientific committee
- Marie-Thérèse André, DGA MI
- Pierre-Alain Fouque, Université de Rennes - IRISA
- Gabriel Gallin, DGA MI
- Benoît Gérard, ANSSI
- Antonin Leroux, DGA MI - IRMAR
- Pierre Loidreau, DGA MI - IRMAR (chair)
- Tuong-Huy Nguyen, DGA MI - IRISA
- Guénaël Renault, ANSSI
Organisation
- Karine Chatel, Université de Rennes - CREACH LABS
- Pierre Loidreau, DGA MI - IRMAR
Practical infos
Program for Tuesday, November 19
-
09:00 - 09:10
Introduction
-
09:10 - 10:00
Post-Quantum Policy and Activities of the BSI
Speaker : Kaveh BASHIRI (BSI)
Abstract : In the point of view of the Federal Office for Information Security in Germany (BSI), the question of “if” or “when” there will be quantum computers is no longer paramount. First post-quantum algorithms have been standardised by NIST and post-quantum cryptography will be used by default. Therefore, the migration to post-quantum cryptography should be pushed forward.
In this presentation, the BSI will expound upon its post-quantum cryptography policy. Moreover, it will elucidate the BSI’s approach and highlight some of its activities. In particular, first steps of the PQC-migration project for Germany's public administration Public Key Infrastructure are discussed. Moreover, an ongoing study is presented, which is aimed to assess the state of development of current technologies for the realisation of a cryptographically relevant quantum computer and cryptographically relevant quantum algorithms.
-
10:00 - 10:30
ANSSI plans for the certification of products using PQC
Speaker : Nicolas GUREL (ANSSI)
-
10:30 - 11:00
BREAK
-
11:00 - 11:20
Industrial issues and market for post-quantum cryptography
Speaker : Geoffroy Hermann (ANSSI)
-
11:20 - 12:00
Industrial strategy for post-quantum cryptography
Speaker : Ludovic PERRET (EPITA, LRE)
-
12:00 - 13:30
LUNCH
-
13:30 - 14:00
Post quantum extension of IPSEC/IKEv2 and TLS
Speaker : Cédric TAVERNIER (Hensoldt France)
Abstract : IPSec VPN is recognized as a secure technology to protect the transmission of the information. However, the level of security depends of the quality of the architecture and the quality of the implementation. In the same time the post quantum resilience is emerging and almost standardized making the quasi obligation to implement it. Taking in account the advises coming from different authorities (ANSSI, BSI…) concerning the hybrid cryptography, we propose to show how the project X7-PQC contributes to elaborate a post quantum resilient IPSec VPN in the most standardized environment as possible. In particular we describe different strategy of hardening starting from full software solution and ending with hardware red/black architecture.
-
14:00 - 14:30
Agile PQC Navigation through the shallow waters of the Internet
Speaker : Philipp MEYER (Genua)
Abstract : After navigating the waters of secure communication on the sea (Internet), a new storm in the form of the quantum computer is brewing. We present the preparations for our ship (VPN) for this coming hurricane, starting with showing the first steps already done regarding PQ-secure software updates and secure key exchange. After that we take a look at our current and future activities. We conclude with presenting the impact of the adjustments to the performance of the ship in transferring data over the sea.
-
14:30 - 15:00
Panorama des projets
Speaker : Zoé AMBLARD (Thales SIX)
Abstract : Secure and efficient integration of post-quantum cryptography into products is a challenging topic for THALES that must be anticipated in order to preserve security in a quantum world. In this talk, we illustrate the THALES cryptography team contribution to tackle this necessary evolution through several completed and ongoing projects. We consider not only how to integrate post-quantum primitives into more complex protocols such as AKE or anonymous credentials, but also how to protect these primitives against side-channels attacks and how hardware acceleration can be used to improve performances.
-
15:00 - 15:30
BREAK
-
15:30 - 16:00
Hardware implementation of PQC Algorithms
Speaker : Frédéric SAUVAYRE (Infineon)
Abstract : The speech address the HW implementation possibilities and the HW design methods, included HW-/SW co-design and show possible influences of the PQC migration on the performance and on the real-time requirements. The speech highlights public funding projects in a wide range of applications, in which Infineon is involved.
-
16:00 - 16:30
Use of asynchronous logic to improve Standard and Post-Quantum Cryptography security
Speaker : Yannick MONNET (Tiempo Secure)
Abstract : After the first post-quantum cryptography algorithms have been standardized, the development of hardware accelerators has become imperative to support their future use in secure embedded chips.
However, similar to traditional cryptographic systems, the hardware implementations of these algorithms can be vulnerable to side-channel attacks (SCA), which exploit unintentional information leakage during computation. In the context of post-quantum algorithms, the importance of protecting sensitive polynomial coefficients becomes crucial.
This presentation explores the potential of asynchronous logic as a robust solution to improve the security of post-quantum algorithms hardware accelerators against such attacks. Asynchronous logic provides a panel of countermeasures against side-channel attacks, such as design robust masking, random delay insertion, which efficiency has been proven on standard algorithms. We show how they can be efficiently adapted and used in the implementation of post quantum algorithms such as - but not limited to- CRYTALS-Kyber. -
16:30 - 17:00
Transitioning embedded systems to post quantum cryptography
Speaker : Sylvain GUILLEY (Secure-IC)
Abstract : In this talk I'll share a return on experiment about transitioning embedded systems to PQC. First aspect concerns the scope of PQC usage; a proper transition is not limited to firmware manangement and security services while in mission mode: indeed, for consistency reasons, the provisioning steps shall also be PQC: this entails transitioning of authentication, authorization, and secure channel functions as well. Second aspect regards cryptoagility: how to address choices such as support of all or part of key sizes, stateful vs. stateless, PQC vs. hybrid classical/PQC, etc.? Eventually, comes the question of compliance, to NIST CAVP/CMVP, to secure composition of hybrid modes of operation (leveraging ISO/IEC 29128), and to implementation security (Common Criteria).
-
17:00 - 17:30
Practical performance of the CKKS fully homomorphic encryption scheme
Speaker : Damien STEHLE (Cryptolab)
Abstract : Fully Homomorphic Encryption (FHE) enables arbitrary computations on data provided in encrypted format. Among many others, it notably enables delegating computations without compromising confidentiality, such as privacy-preserving machine learning. Compared to other privacy enhancing technologies, FHE provides high accuracy and strong mathematical security, including against quantum adversaries. However, it is sometimes discarded for being computationally too heavy for practical deployment.
In this presentation, I will focus on the concrete performance of the
CKKS fully homomorphic encryption scheme (Cheon, Kim, Kim and Song, Asiacrypt ‘17). CKKS natively enables approximate computations on complex and real numbers, although it may also be used for exact computations. I will provide numerous performance data, for CPU and GPU implementations. I will illustrate the performance by giving examples in privacy-preserving machine learning, including large language model inference.
Program for Wednesday, November 20
-
09:00 - 09:30
Quantum-secure capabilities for defence and critical system environments
Speaker : Johanna SEPULVEDA (Airbus)
Abstract : As quantum computing grows in power and practicality, traditional cryptographic methods are becoming vulnerable to attacks. To address this issue, post-quantum cryptography (PQC) and quantum key distribution (QKD) have emerged as potential solutions to provide quantum-resistant security. These security technologies have different security properties that fulfill the requirements of different applications and are currently in different maturity states. PQC is considered in TRL (Technology Readiness Level) 4 to 5 and it is the target of discussion of this talk. While PQC provides a mathematical foundation for encryption that is resistant to quantum attacks and NIST has already selected PQC algorithms for standardization, the integration of PQC for defense-relevant environments is still a challenge. Defence environments are characterized by the heterogeneous computation, storage and communication resources, different levels of criticality and constraints as well as the demand of long term security.
Airbus is pioneer of the secure implementation of PQC in ultra-constrained environments, co-design and hardware, being designer of the first European chip with PQC capabilities. In addition, Airbus is pioneer in the integration of PQC in defence environments. In this talk the different experiences, demonstrators and developments of OQC of Airbus will be presented and lessons learnt as well as the future capabilities will be discussed.
-
09:30 - 10:00
Overview of side-channel and fault injection attacks on ML-KEM CRYSTALS-KYBER implementations
Speaker : Simon PONTIE (CEA)
Abstract : The key establishment standard Module-Lattice-Based Key-Encapsulation Mechanism (ML-KEM) is derivated from CRYSTALS-KYBER. It was designed to resist future attacks by quantum computers. While this scheme is today “mathematically” secure, their implementations can be vulnerable to physical attacks.
After a brief introduction to this algorithm, we will provide an overview of existing side-channel and fault injection attacks in the state of the art. We will also cover some protections that were proposed in the literature to secure implementations of the ML-KEM. -
10:00 - 10:30
Continuous integration side channel testing for ML-KEM
Speaker : Timo ZIJLSTRA (PQShield)
Abstract : Development of secure PQC accelerators requires continuous testing to ensure that new code modifications do not introduce leakage of information through side channels such as power consumption. Fully automated tests using TVLA can detect such leakage, but fail to accurately estimate the security against attack paths specific to PQC, such as the Plaintext Checking or Decryption Failure Oracle attacks. We developed a semi-automated machine learning based approach to overcome this shortcoming.
-
10:30 - 11:00
BREAK
-
11:00 - 11:30
Implementing SCA Countermeasures for Frodo-KEM is not trivial
Speaker : Cedric MURDICA & Jérémy METAIRIE (DGA MI)
Abstract : In this talk, we are interested in a post-quantum cryptographic mechanism, FrodoKEM, and in side-channel attacks. We present an implementation that is secure against a known powerful horizontal attack against implementations of FrodoKEM and other lattice-based cryptography mechanisms.
Several countermeasures have been studied. One in particular seems efficient: the shuffling method during matrix operations.One must be careful when implementing side-channel countermeasures, particularly in the details. We present how naive implementation choices or optimizations could reduce security or even make a countermeasure ineffective.
Some original attacks are presented, such as a horizontal attack on an AES implementation to recover the message (not the key). AES is used in FrodoKEM during the generation of a matrix. -
11:30 - 12:00
Addressing the Challenges of Post-Quantum Cryptography in Embedded Systems
Speaker : Rina ZEITOUN (IDEMIA)
Abstract : As the quantum era approaches, the security of embedded systems faces unprecedented challenges. These systems are typically constrained by limited memory, restricted computational performance, and increased vulnerability to side-channel attacks. Traditional security countermeasures often fall short in this transition requiring new approaches tailored for the post-quantum era.
This talk will explore masking techniques specifically designed to protect post-quantum algorithms like ML-KEM and ML-DSA. Furthermore, we will showcase proof-of-concept (PoC) projects developed by IDEMIA, demonstrating the successful integration of post-quantum algorithms into real-world embedded systems, balancing security, performance, and practicality.
Part of the European Cyber Week 2024
The 3rd edition of the Post-Quantum Cryptography Conference is featured on the program of the European Cyber Week 2024.