Efficient and Secure Implementation of Post Quantum Cryptography for Embedded Medical Devices

Quantum computers can efficiently solve mathematical problems that require decades or even centuries of computing time on current supercomputers. A prominent example is the integer factorization problem, which is the foundation of the most widely used asymmetric cryptographic schemes, like RSA. However, Shor proved, that quantum computers can factorize numbers in polynomial time, breaking the security guarantees of these schemes. While building large quantum computers is very difficult on a technical level, their complexity steadily increases, as highlighted by Google's recent "Quantum Supremecy" paper from October 2019. To counteract this threat, industry and researchers have been working on new schemes, that are post-quantum secure, for many years. However, at the moment, there is no scheme, that is standardized or tested in the field at large scale. In 2017, the NIST organization has proclaimed a competition, that is still ongoing, to find a new standard for post-quantum signature schemes.

Medical devices handle sensitive information and interact with the patient's health. They are also used in the field for many years, requiring manufacturers to consider post-quantum  security now, to be guarded against further advances in the quantum technology in the new decade. To aid in this process, the ITS participates in the PQC4MED project, a coalition of researches and industry partners, that aims to evaluate how to implement post-quantum cryptography algorithms securely and efficiently on embedded medical devices. Our focus in the project are side-channel resistance of the implementations and protocols, which need to ensure a smooth transition to new cryptosystems in the field. We are particularly interested in automated detection and prevention of non-constant behaviour in binaries, that could leak cryptographic keys to an attacker. Besides, the PQC4MED project explores update mechanisms to support cryptographic agility, that allows replacing the cryptographic routines of medical devices in the field. This way, manufacturers can react to new developments and attack strategies in the field of post-quantum algorithms.