04/05/2022

The post-quantum challenge

Advances in the development of quantum computers pose a new challenge for automotive security. Conventional vehicles generally have a lifespan of 15 years. Battery-electric vehicles can last even longer. So vehicles that are being developed today must be protected against future cyberattacks from quantum computing. While it’s true that the operation of quantum computers is currently possible only under laboratory conditions, the technology is advancing rapidly. Prototypes are already capable of cracking traditional asymmetrical algorithms. This means measures must be taken when developing vehicle architectures to maintain lifelong cyber resilience and continuous risk management even in the dawning era of quantum computing.

NIST call for proposals for quantum-secure algorithms

Consequently, post-quantum cryptography (PQC) must be factored into today’s vehicle development concepts. This can be done either by using quantum-secure signature and encryption mechanisms along with the appropriate cryptographic algorithms, or by designing security functions capable of being updated at any time to provide adequate resilience to quantum computers.

The US National Institute of Standards and Technology (NIST) is currently conducting a post-quantum project and has published initial findings that serve as a guide for selecting suitable PQC. For several years, NIST has been calling for proposals for suitable public key encryption and signature procedures. This has led to the first post-quantum-ready cryptographic algorithms, the standardization of which is underway. NIST will likely standardize the algorithms into three categories: public key encryption mechanisms, key encapsulation mechanisms (KEM), and digital signatures. Deciding which of these are suitable for implementation in post-quantum-resilient automotive cybersecurity involves asking the following questions:

  • How compatible is the existing structure of the security functions with the new algorithms?
  • What hardware requirements will this entail in the future?
  • What will public key infrastructure (PKI) featuring quantum-secure algorithms look like?
The selected algorithms from NIST’s call for proposals demonstrate major differences in key and signature values. Not all are equally suitable for automotive applications because of system resource limitations and real-time requirements in vehicles.

Quantum-secure algorithms for the automotive crypto library

As part of the FLOQI (Full-Lifecycle Post-Quantum PKI) project, funded by the German Federal Ministry of Education and Research, ETAS evaluated the quantum-secure algorithms arising from NIST’s call for proposals in terms of their suitability for automotive applications. Two lattice-based algorithms on the final shortlist for the NIST projects came out on top as particularly suitable for automotive applications due to their performance and stable resource consumption (figure):

  • CRYSTALS-Dilithium as signature algorithm and
  • CRYSTALS-Kyber as KEM.

To make these post-quantum algorithms directly usable for automotive applications, ETAS incorporated them into its automotive crypto library. This kind of PQC-enabled crypto library allows OEMs and suppliers to make a key first move toward post-quantum-resilient cybersecurity for their vehicles and components by enabling them to evaluate post-quantum algorithms on their target systems today. As part of a proof of concept, they can determine how these algorithms behave in practice and what the hardware requirements are for post-quantum cryptography.

Quantum-resilient hardware security modules

The post-quantum era in cryptography is just dawning, but new vehicle architectures and systems must now ready the protection of connected vehicles and fleets against cyberattacks for this new challenge. Now that the crypto library has been expanded to include the quantum-secure algorithms Dilithium and Kyber, OEMs and suppliers can get to work today. This lets them test the automotive security of the future and call on the latest insights and best practices from the field of post-quantum algorithms at any time.

Most importantly, it means that the quantum-secure security functions can also be carried out in the hardware security module (HSM) and on microcontrollers belonging to future ECUs, DCUs, and vehicle computers. This calls for the HSM to feature high-performance security stacks that support the corresponding hardware accelerators and integrate them into the security-relevant functions and protocols made available in the application software. This results in microcontrollers and microprocessors equipped with HSMs capable of withstanding post-quantum attacks and thus ensures cybersecurity for vehicles in an age of quantum computers.