PQC Modules: Requirement Specifications, Integration, and Testing (Q23b)
How do I write a requirement specification for a Post-Quantum Cryptography (PQC) module or its system integration? The new NIST PQC and Hash-Based Signature (HBS) algorithms are not entirely drop-in compatible with current signature or key establishment standards. They are similar but not the same; For example, the traditional hash-and-sign flow of ECDSA does not apply to PQC signature algorithms that require prepending hash inputs with algorithm dependant information. The PQC KEM (Key Encapsulation Mechanism) algorithms do not fully match either the RSA encrypt/decrypt or Diffie-Hellman key exchange paradigms of the older generation of public-key cryptography. Did you know that you can authenticate an endpoint with a PQC KEM without using a PQC digital signature? Such developments necessitate subtle changes in low-level cryptographic APIs, interfaces, and testing processes. We outline some of the high-level changes required for cryptographic module interfaces and suggest ways to describe the basic testing and acceptance criteria of PQC implementations. We also describe current practices for “non-invasive attack mitigation testing” (side-channel countermeasures) of commercial PQC cryptography.