PQC | UCS

Two papers accepted at ISC 2025

Wed, 03 Sep 2025 00:00:00 +0000

Two papers from our working group have been accepted at ISC 2025.

Our first paper “Simulation-based Software Leakage Evaluation for the RISC-V Platform” by Nicolai Schmitt, Jannik Zeitschner (Ruhr Universität Bochum) and Andreas Heinemann extends a tool (PROLEAD_SW) for the RISC-V platform in order to detect leakage.

Our second paper “A Lot of Data and Added Complexity. How Does PQC Affect the Performance of My TLS Connection?” by Johanna Henrich, Nicolai Schmitt, Nouri Alnahawi and Andreas Heinemann investigates the TLS handshake performance when using PQC schemes.

Nationale Konferenz IT-Sicherheitsforschung 2025

Sun, 16 Mar 2025 00:00:00 +0000

UCS will present the results of the DemoQuanDT research project in a poster session at the “National Conference IT Security Research 2025 - IT Security and Democracy” in Berlin, which is being hosted by the German Federal Ministry of Education and Research (BMBF).

The presentation will be based on a poster entitled “Confidential and authenticated key forwarding in QKD networks,” which has been accepted for the poster pitch on March 18, 2025. The central inquiry concerns the extent to which security and performance can be assured for key forwarding in extensive, interconnected QKD networks. The technology is poised to facilitate secure transmission of messages, that is, confidentiality and authentication. In contradistinction to the asymmetric cryptographic approaches currently employed, the security of the QKD system is expected to withstand the threat posed by quantum computers.

The poster was authored by Johanna Henrich. Her research focuses on key establishment in QKD networks and the potential for integrating QKD and PQC to ensure quantum-safe and high-performance communication. The research is conducted in close collaboration with the danet research group led by Prof. Dr Martin Stiemerling.

Image ©: National Conference IT Security Research 2025

SATURN

Wed, 01 Jan 2025 00:00:00 +0000

The SATURN project addresses critical security challenges in Quantum Key Distribution Networks (QKDN). With the development of quantum computers, the threat to classical cryptography is growing, making quantum-safe alternatives essential. Particularly critical are ‘harvest now, decrypt later’ attacks, where encrypted data is stored today to be decrypted later by quantum computers. While QKD enables secure key exchange from an information-theoretic point of view, its practical implementation in networks poses major challenges. Current QKD modules over optical fibre are limited to distances of about 150 km. For longer distances, intermediate nodes must be used, which raises new security issues.

The SATURN project will develop secure and efficient protocols for key forwarding in QKDNs. A hybrid approach will be pursued, combining QKD with post-quantum cryptography (PQC). Existing protocols will be formally analysed, new security models will be developed, and practical implementation guidelines will be produced. The results should provide an informed decision-making framework for the use of QKDNs, taking into account both security and practical aspects such as performance, scalability and crypto-agility.

Contact

Johanna Henrich

IETF Meeting 121 in Dublin

Thu, 24 Oct 2024 00:00:00 +0000

UCS took part in the 121st meeting of the Internet Engineering Task Force (IETF) in Dublin from 2.-8. November 2024. The IETF develops standards and best practices for the Internet and thus has a significant influence on its design.

Among other things, Johanna Henrich led a project group together with the danet research group of Prof. Dr. Martin Stiemerling. The project was part of the Hackathon, which took place from 2.-3. November. The aim was to find out how the interfaces in Quantum Key Distribution Networks (QKDN) can be designed and how quantum-resistant protection of their communication can be achieved. Read more in our final presentation.

In addition, Johanna Henrich participated in various IETF and IRTF working group sessions throughout the week to answer questions such as how post-quantum cryptography (PQC) and QKD, individually and in hybrid form, can be integrated into the existing Internet infrastructure.

Image ©: Johanna Henrich

Rump Session at ECOC 2024

Thu, 24 Oct 2024 00:00:00 +0000

On 24 September 2024, Johanna Henrich accepted an invitation to take part in a rump session at the European Conference on Optical Communication (ECOC) 2024. The session dealt with the pros and cons of post-quantum cryptography and quantum key distribution, and the extent to which they can be used in combination to reliably protect us from future attacks by quantum computers.

ECOC is Europe’s leading conference on optical communications with representatives from science and research. It consists of a broad exhibition and a parallel conference and took place this year from 22 to 26 September in Frankfurt am Main.

Image ©: ECOC 2024 IMPRESSIONS

Paper accepted at ISC 2023

Wed, 11 Oct 2023 00:00:00 +0000

Our paper “Performance Impact of PQC KEMs on TLS 1.3 under Varying Network Characteristics” by Johanna Henrich, Andreas Heinemann, Alexander Wiesmaier and Nicolai Schmidt will be presented at the 26th Information Security Conference (ISC) (ISC - 2023) on November 15/16/17th 2023, Groningen, Netherlands.

This work is based on the results of Johanna Henrichs’s Master’s thesis.

Best Poster Award at EICC 2023

Thu, 15 Jun 2023 00:00:00 +0000

Our poster contribution to the EICC2023 titled “Crytpo-agile Design and Testbed for QKD-Networks” by Johanna Henrich, Andreas Heinemann, Martin Stiemerling & Fabian Seidl was honored with the best poster award.

Group photo

Johanna

👏👏

Crypto-Agile Design and Testbed for QKD-Networks

Thu, 15 Jun 2023 00:00:00 +0000

EICC ‘23 Poster

Towards a maturity model for crypto-agility assessment

Sat, 01 Apr 2023 00:00:00 +0000

LEAK

Sun, 01 Jan 2023 00:00:00 +0000

The ATHENE Leak project addresses side-channel-analysis-attacks (SCA) by developing a so-called natural leakage model, that is closer to the hardware than standard leakage models and thereby more precise and effective.

As full electrical simulations of complex hardware are usually to resource-intensive, common leakage models abstract the hardware on the register-transfer-level (RTL) and are thereby much more resource-friendly during simulations.

A natural leakage model combines the resource-friendliness with measured behavior of the hardware. Based on this model, the project aims to further adapt and develop performance-optimized countermeasures against SCA on PQC-Algorithms implemented on the RISC-V platform.

The intended project results (a natural leakage models and optimizations) can be used to support hardware engineers during the development, hardening and testing of hardware-based security solutions. Thereby the number of prototypes before final rollout of new hardware will be reduced, speeding up the development process and saving costs in the development and hardening process.

Contact

Nicolai Schmitt

Paper accepted at FPS - 2022

Wed, 23 Nov 2022 00:00:00 +0000

Our paper “Towards a maturity model for crypto-agility assessment” by Julian Hohm, Andreas Heinemann and Alexander Wiesmaier will be presented at the 15th International Symposium on Foundations & Practice of Security (FPS - 2022) on December 12/13/14th 2022, Ottawa, Canada.

This work is based on the results of Julian Hohm’s Master’s thesis. Check out more details on CAMM.

First Workshop of the EUT+ European Telecommunications and Networks Institute

Wed, 16 Mar 2022 00:00:00 +0000

On 15.03.2022 UCS took part in the first Workshop of the EUT+ European Telecommunications and Networks Institute. The aim of this workshop was to offer an opportunity to all EUT+ partners to present their research activities related to Technologies and Services for Telecommunications.

We contributed our research activities on PQC and network issues, especially the results of Johanna’s master thesis.

Performanz Evaluation von PQC in TLS 1.3 unter variierenden Netzwerkcharakteristiken

Wed, 23 Feb 2022 00:00:00 +0000

Abstract

The used cryptographic primitives rely on the computational difficulty of certain mathematical problems. In the last years there has been much research on quantum computers which could be able to efficiently solve these problems in future years. Especially asymmetric primitives, used for authentication and key exchange could be broken. The affected algorithms are actually used within many internet protocols and applications and quantum-safe alternatives are urgently needed. NIST started a process to find and standardize quantum-safe digital signature schemes and key establishment schemes, but the candidates and alternatives come along with specific characteristics and differ from classical proceedings. So, besides analyzing the security of these new algorithms, it is also necessary to evaluate their performance and integrability into existing infrastructures and applications. Especially the integration into TLS protocol, used within about 90 percent of today’s internet connections, plays an important role. The current version 1.3 uses the threatened asymmetric primitives for both, digital signatures and key establishment.

In this work, NIST candidates and alternatives for quantum-safe key establishment were evaluated while using them within TLS 1.3. The focus was on analyzing the performance trend while changing certain network parameters like rate or packetloss and examining the suitability of the PQC algorithms under different network scenarios and in the entire application context. To achieve this, the framework of Paquin, Stebila, and Tamvada was extended to emulate various network conditions while frequently establishing a TLS 1.3 connection and measuring handshake duration.

Among our key results, we observe that on the one hand the evaluated candidates Kyber, Saber and NTRU as well as the alternative NTRU Prime achieve very good overall performance and partially beat the classical ECDH. Choosing a higher security level or hybrid versions does not have a significant impact to the handshake times. On the other hand the alternatives FrodoKEM, HQC, SIKE and BIKE show individual disadvantages and the performance is linked to the used security level and variant. This applies in particular to FrodoKEM. SIKE seems to be a worthwhile alternative in specific circumstances, like rates less than 2 Mbps, due to its small key and ciphertext sizes. In general, network conditions should be taken into account while choosing the algorithm and parameter set. Furthermore, it becomes clear that the handshake performance dependents on numerous factors, like TCP mechanisms and MTU, which could compensate the disadvantages of PQC or make them obsolete.

Towards a maturity model for crypto-agility assessment

Mon, 14 Feb 2022 00:00:00 +0000

On the State of Crypto Agility

Tue, 01 Feb 2022 00:00:00 +0000

Abstract

Cryptographic primitives and protocols require constant modifications and adaptations in order to maintain the security of IT-systems. Many researchers argue that applying the notion of crypto-agility provides more feasible and practical updating of cryptographic systems, especially in the light of the expected transition to PQC. However, there is no unified definition for this notion, nor a common understanding of the requirements that can enable it. Moreover, it is not entirely clear what measures need to be taken in order to apply crypto-agility in practice, and which aspects and challenges exist towards this endeavor. We compare the various definitions of crypto-agility including its requirements and varying facets, and investigate the state of readiness of crypto-agility by surveying works dealing with general challenges and recommendations in this regard. We present the survey and discuss discovered challenges and solutions and utilize our findings to evaluate the state of readiness for crypto-agility.

DemoQuanDT

Sat, 01 Jan 2022 00:00:00 +0000

DemoQuanDT is an application-oriented research project to demonstrate and investigate quantum communication networks by establishing an entire QKD route within the German telecommunication network. Connecting Berlin and Bonn over a link distance of 923 km, the project includes all necessary components, systems, and processes for carrier-grade quantum key distribution.

The project addresses the growing threat that quantum computers pose to asymmetric cryptography used in everyday internet protocols. It investigates how to profitably combine Post-Quantum Cryptography (PQC) with Quantum Key Distribution (QKD) and how to integrate both into existing communication protocols such as TLS. The overall objective is to develop reliable and usable protection against quantum computers, especially for critical infrastructures.

Partners

Funded by the German Federal Ministry of Education and Research (BMBF).

Reifegradmodell für die Krypto-Agilität

Tue, 26 Oct 2021 00:00:00 +0000

Abstract

Quantum computers threaten to fundamentally endanger the security of cryptography used today. In addition to the development of algorithms that are resistant to attacks by quantum computers, crypto-agility is an important field of research in order to be able to exchange algorithms in time and thus be safer from the impending danger. Since there is no general guideline describing how crypto-agility should be implemented for IT systems, this thesis conducts a literature study and aggregates the requirements from existing research to develop a maturity model. The resulting model fulfills the properties identified as necessary to facilitate a crypto-agile system design. The evaluation and improvement of the crypto-agile properties are successfully tested on the example of a real system. Positive feedback from potential users of the model is collected in an initial expert survey. By gaining popularity and through extensive usage, this model supports further research into crypto-agility and ensures the future security of today’s infrastructure by enabling the simple exchange of existing cryptography with PQC methods.

PQC Integration

Wed, 01 Jan 2020 00:00:00 +0000

Asymmetric cryptography, which is widely used everyday for authentication and key exchange in communication protocols, is threatened by the ongoing development of Quantum-Computers. Quantum Computers have the potential to defeat the security of classical algorithms like RSA or ECDH and break the underlying mathematical problems within the next view years. To further ensure security, the National Institute of Standards and Technology (NIST) started a process in 2016 to find novel, quantum-resistant algorithms (PQC) for execution on classical computers, equivalent to the classical ones. These novel algorithms have to be accessable to software-developers as well as beeing tested and integrated into existing software.

The PQC-Integration-Project develops concepts for easy and safe integration of quantum-safe cryptography with a focus on crypto-agility. Further research aspects are performance in real-world applications, usability – including safe and easy to use API’s, as well as concepts to migrate large infrastructures.