Ramping Up the Technology Readiness Levels (TRLs) for PQC Hardware (R30b)
Worldwide, the transition to post-quantum cryptography (PQC) is getting mandated by regulation. This effort has been spearheaded by the NSA with the launch of the NIST PQC competitions. CACR in China, CRYPTREC in Japan, ENISA in Europe followed suit. Algorithms for digital signatures and key encapsulation mechanisms have been standardized, and deployments have started. Indeed, as per the CNSA 2.0 roadmap, a transition is required for embedded systems, particularly regarding firmware management. This prioritization makes sense, in that the security of basic layers shall be ensured in the first place before ensuring that of upper layers. But the transition to PQC entails meeting the requirements of existing cryptography, in terms of end-market requirements. Obviously, the PQC algorithms must be implemented in hardware (HW), as they are used in low-level primitives that check software (SW) before it is executed. Hence the need for a rapid technology readiness levels (TRL) ramp up. In this talk, the speakers account for how the speakers have managed this progress. The first step (TRL 3) is to be able to perform tests, such as ACVP at the hardware level, or attestations of proper functionality. The TRLs 4 to 6 require the application of countermeasures under attack, such as side-channel or fault injection attacks (SCA or FIA). the speakers will explain how countermeasures can be efficiently implemented by leveraging the control plane, for a given data plane. As a byproduct, this allows for a controlled Power Performance Area (PPA), obtained by mutualization of some subfunctions across different algorithms. For instance, lattice-based algorithms (standardized: ML-KEM, ML-DSA, or close to standardization, as per NIST or ISO/IEC: FN-DSA, McEliece, FrodoKEM) are implemented efficiently using a SIMD (Single Instruction Multiple Data) architecture. The last steps of TRLs (TRL 7 to 9) are reached by a standardization of the interfaces. By refactoring the library calls through homogeneous functions across multiple algorithms of same nature (one trait of crypto-agility), memory size is gained. It also enables natural integration into backends (engines / providers) of standard cryptographic libraries, such as mbedTLS or OpenSSL. In practice, in this work, the speakers’ll show the span of PPAs that can be attained, as well the variety of defense-in-depth levels. Also, the speakers’ll describe the use cases of PQC related to provisioning, and how drop-in replacement is ensured in terms of testability, compliance, security, and PPA.