Cyberagentur starts research on side-channel resistance in post-quantum cryptography
Two new research projects in the SCA4PQC programme of the Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) aim to ensure the secure implementation of cryptographic procedures even in an era of powerful quantum computers. The programme focuses on protection mechanisms for desktop and cloud environments, robust security components for smart cards, and a project currently in the planning stages to secure processors used in IoT platforms.
The Agentur für Innovation in der Cybersicherheit GmbH (Cyberagentur) is driving forward the development of future-proof cryptographic technologies by commissioning two research projects in the “Side-channel resistance in post-quantum cryptology” (SCA4PQC) programme. The aim is to secure implementations of post-quantum cryptography in such a way that they are effectively protected against both classical and mathematical attacks that exploit quantum states and physical side-channel attacks. The latter use various types of “meta-information” such as power consumption, runtime measurements or electromagnetic emissions to indirectly reconstruct cryptographic keys. The programme thus addresses one of the most pressing challenges in the field of applied cryptography: the holistic hardening of cryptographic implementations up to their practical application.
In view of technological advances in quantum computing, the migration to new cryptographic standards that follow the paradigm of post-quantum cryptography has become more important. It has become apparent that theoretically secure algorithms could be vulnerable in their concrete implementation unless physical side channels are systematically closed or secured. The SCA4PQC research programme therefore pursues a dual security approach: on the one hand, it addresses cryptographic robustness against mathematical attacks encompassing quantum algorithms, and on the other hand, it aims to develop side-channel-resistant structures that offer reliable protection in application scenarios.
The LEAP-CSP project, which has now been launched by the company cryptosolutions, focuses on securing cloud and desktop environments. The project is developing AI-supported analysis and protection mechanisms that enable side-channel risks to be automatically identified and mitigated. The combination of machine learning tooling is expected to enable security analyses to be carried out at unprecedented speed and depth.
At the same time, the SPARTAQUS project at the University of the Federal Armed Forces, in cooperation with the French company eShard, is dedicated to the security protection of cryptographic hardware components. The focus here is on smart cards, such as those used in official documents such as German identity cards and electronic passports. The aim here is to develop modular, side-channel-resistant implementations of key encapsulation, in particular based on the ML-KEM, FRODOKEM and HQC algorithms, which have received special attention in the NIST standardisation process.
Dr Matthias Minihold, program lead at the Cyberagentur, emphasises the strategic relevance of the projects. “With the innovative approaches of both contractors, modern cryptography methods can be developed that are robust against a variety of attack vectors. This is a crucial step for the security of digital infrastructures in a future also shaped by quantum computing.” In his view, the combination of automated investigation of countermeasures and resilient hardware is essential for taking the resilience of critical IT systems to a new level.
With the SCA4PQC programme tender, the Cyberagentur specifically invited research institutions and companies to participate in the development of side-channel-resistant post-quantum cryptography with innovative project ideas. In addition to the projects now commissioned, a third project to secure processors in IoT infrastructures is already in preparation. The aim is to create a holistic technological foundation that not only accompanies the transition to a quantum-secure digital society, but also actively shapes it.
Further information: