DigiCert and Utimaco work on securing the future of IoT from quantum computing threats through collaboration with Microsoft
February 2019 by Marc Jacob
Today, DigiCert, Inc. and Utimaco, one of the world’s top three Hardware Security Module providers; and Microsoft Research, a leader in quantum-safe cryptography, announced a successful test implementation of the “Picnic” algorithm, with digital certificates used to encrypt, authenticate and provide integrity for connected devices commonly referred to as the Internet of Things (IoT). This proof of concept provides a path toward a full solution, currently in development, that will protect IoT devices from future threats quantum computing could pose to today’s widely used cryptographic algorithms.
Currently, most IoT devices use RSA and ECC to protect confidentiality, integrity and authenticity for device identities and communication. Experts from the security community, including Dr. Brian LaMacchia from Microsoft Research, predict that large-scale quantum computers capable of breaking RSA and ECC public key cryptography will exist within the next 10 to 15 years. Although this might seem like a long time away, many devices such as connected cars, smart homes, connected cities, connected medical devices and other critical infrastructures will either live longer than this or will take longer to update.
The certificates are issued by DigiCert using the Picnic quantum-safe digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco Hardware Security Module. The full solution, in development, would provide quantum-safe digital certificate issuance and secure key management, helping companies future-proof their IoT deployments.
Enterprises will be able to cost-effectively deploy these solutions at any scale. Further, these companies will provide solutions and tools to manufacturers of IoT devices to remain prepared for quantum threats. The goal is to keep the sensitive information and high-value assets safe.