Post-quantum cryptography (PQC) knocks on MCU doors

An MCU facilitating real-time control in motor control and power conversion applications incorporates post-quantum cryptography (PQC) requirements for firmware protection outlined in the Commercial National Security Algorithm (CNSA) Suite 2.0. These MCUs also support Platform Security Architecture (PSA) Level 3 compliance.

PSA Certified Level 3 is an Internet of Things (IoT) security standard that focuses on robust protection against software and hardware attacks on a chip’s root of trust. It provides an independently evaluated and validated environment that can securely house and execute the PQC algorithms.

Figure 1 PQC encompasses the replacement of Elliptic Curve Cryptography (ECC)-based asymmetric cryptography as well as increasing the size of Advanced Encryption Standard (AES) keys and Secure Hash Algorithm (SHA) sizes. Source: Infineon

“By adopting both PSA Certified Level 3 and PQC compliance with other regulations, companies can proactively address current and future cyber threats,” said Erik Wood, senior director of cryptography and product security at Infineon Technologies. He is responsible for defining the security requirements of Infineon MCUs.

Quantum computers, exponentially faster than classical computers, are still under development. However, cybercriminals can collect encrypted data now and decrypt it later using quantum computers. That calls for futureproofing of current systems to ensure that companies remain secure as quantum computing technologies advance.

Enter PQC, a collection of cryptographic algorithms designed to be secure against attacks from powerful quantum computers. In MCUs, which mainly use cryptography during boot-time and run-time operations, it commands significant changes in security architecture amid evolving regulations.

For instance, MCU’s memory size is a key design consideration. “More memory size is required because encryption keys are longer,” Wood said. “The certificate size is different because the signatures of these certificates are much bigger.”

Figure 2 PSOC Control C3 MCU’s embedded security provides stringent protection against quantum-based attacks on critical systems. Source: Infineon

Next comes the throughput shortfall. “While certificates are currently transferred through an I²C bus, the throughput falls short with QPC use,” he added. “Now you need to have three I³C buses.” Wood said that the industry is even procrastinating about whether every MCU will have a USB port in four years.

In other words, integrating QPC into MCUs will entail a primary upgrade of cryptographic algorithms. Next come memory upgrades, and finally, interface upgrades will follow.

Wood claimed that Infineon is the first MCU supplier to have integrated and ported PQC algorithms. “We offer an integrated library already hooked up to the accelerators for peak optimization and performance in a PSA-3 level device.”

Related Content

• Inside the PQC Overhaul, a Year Later
• Post-Quantum Cryptography: Moving Forward
• An Introduction to Post-Quantum Cryptography Algorithms
• Release of Post-Quantum Cryptographic Standards Is Imminent
• The need for post-quantum cryptography in the quantum decade

The post Post-quantum cryptography (PQC) knocks on MCU doors appeared first on EDN.