SECURE POST-QUANTUM CRYPTOGRAPHY

The Passenger Terminal World Magazine published an article about the challenge of Post Quantum Cryptography in terms of seamless traveling. Mühlbauer's head of Information Systems Lutz Richter states how companies can now prepare for the future. Read the full magazine here or find the article on page 76. 

Post-quantum computer cryptography is a challenge when it comes to the verification of digital and mobile travel documents via Entry/Exit Systems, because the data security is based on cryptographic security and implemented by a Public Key Infrastructure (PKI). Currently, there is no known way for a classical computer to recompute the Private Key to break the commonly used Public Key Algorithms. With a sufficiently powerful quantum computer, however, it will be possible.

This will dramatically change the conditions under which we can trust digital travel documents and mobile documents. Which standards need to be considered and which system components need to be adapted to be PQC-ready?

Specialists expect the first attacks, where Quantum Computers are able to calculate private keys of digital and mobile identification documents, in 2030. To prevent the unauthorized access to our documents and systems, we have to upgrade our digital documents with PQC-proven chips. This comes with a long tail, as for example PQC-proven chips need much more storage space to handle much longer Keys. More storage space means bigger chips and bigger chips are more challenging to integrate in the commonly used identity documents like passports and ID cards. “The solution for these issues could lie in focusing on mobile ID documents, which use the high-secure chip of the mobile phone as Secure Element”, states Lutz Richter, Head of Information Systems of the technology specialist Mühlbauer in Roding, Germany. “Cell phones can be adapted to new standards more easily as they are often renewed within around four years, while digital documents such as ePassports are only replaced after ten years.”

After turning the documents PQC-ready, we need to upgrade personalization and inspection systems, for example with more powerful document readers, which are able to manage the longer keys. We should also upgrade the Public Key Infrastructure (PKI) with a new generation of Hardware Security Modules (HSM), which are PQC-proof.

Unfortunately, this threat to our data security is not science fiction, but very real. However, if we prepare for it in good time, we can keep guaranteeing the security of identity documents and their contactless verification. In any case, the German document machine manufacturer and software expert company Mühlbauer does not want to wait for the first attack by quantum computers. "We're already getting PQC-ready!" reveals Lutz Richter.