The advent of quantum computing brings risk and reward in equal measure. While it’ll no doubt transform countless industries for the better, vendors will also have to rethink how they safeguard solutions, with quantum challenging the traditional encryption tactics we rely on today. Electronic passports (or ePassports) are one such technology, with the sensitive personal details they contain and the risks should they become compromised.
While preparing for a post-quantum world may seem like a future-looking priority, the scale of the risk is sizeable. Indeed, there are more than 140 states and non-state entities, including the United Nations and European Union, currently issuing ePassports, and over 1 billion in circulation. Needless to say, there’s merit in getting ahead now.
So, what does the future look like when it comes to safeguarding ePassports in the quantum era? Gilles Pauzié, Digital Identity Solution Product Manager at Thales recently discussed this very topic at Java Card Forum. Here’s an overview of what you missed…
ICAO – The Game Changing Standards
As a government-issued document, having standardised regulations for passports is paramount to create a safe, secure, and trusted ecosystem. But before 2004, there were vastly different ways to print passports and limited security features, exposing them to various risks.
This all changed with the introduction of the International Civil Aviation Organization (ICAO) specifications, outlining universal requirements for travel documents. This saw an identical format rolled out, enabling automatic readability across borders. Security was also improved with polycarbonate pages, making documents more difficult to counterfeit, alongside a host of other recommended features, like contactless chips.
Such chips store biometric identifiers and personal details, including the holder’s passport data and picture. These chips – and the sensitive details they contain – are safeguarded by various forms of protection and authentication designed with both the document holders and issuing authorities’ security in mind. Such tactics are as follows:
- Passive authentication: A digital signature on an ePassport is derived from the issuing state’s security certificate, the Country Signing Certification Authority (CSCA) Certificate and the Document Signer Certificate (DSC). The signature and certificates form a trust chain wherein one end is securely anchored in the authority of the issuing state and the other end is securely stored in the chip of the ePassport. This ensures that the contents of the data group are authentic and unchanged by hashing the contents and comparing the result with the corresponding hash value in the document security object.
- Active authentication: An authentication process involving signing a challenge sent by the terminal with a private key known only to the chip, proving it has not been substituted.
- PACE (Password authenticated connection establishment): A password authenticated Diffie-Hellman key agreement protocol that provides secure communication and password-based authentication of the chip and the inspection system. This authentication process takes place at the beginning of the document verification process.
The Quantum Impact
When they reach maturity, cryptographically relevant quantum computers (QRQC) will have a colossal impact on the security mechanisms used by electronic documents. Indeed, the ICAO security mechanisms rely on public-key encryption technology – otherwise known as RSA– and elliptic curve cryptography (ECC) for digital signature and key agreement. However, these will be easily broken by quantum computers deploying quantum algorithms, like Shor’s, to decrypt them.
The impact? A host of security vulnerabilities, potential data privacy breaches, and bad actors forging electronic documents and altering their data. This will be coupled with service providers not being able to make the distinction between what’s real and what’s not.
With legacy systems no longer fit for use, we must start transitioning to new security mechanisms based on PCQ algorithms, necessitating a review of today’s ICAO security mechanisms.
The Hybrid Era
As you may have guessed, it’s not quite as easy as that. With PQC not having yet reached maturity to be the standalone form of protection, we cannot just switch cold turkey from
traditional, legacy systems to PQC. Instead, we need a smooth, gradual transition and a hybrid solution.
Thankfully, Thales’ offering does just that. Its Hybrid Signature PKI implementation combines NIST post-quantum algorithms, with well-known pre-quantum solutions. A new PQC CSCA will exist in parallel with the current CSCA for an extended period.
The chip’s file will therefore require two signatures to enable document verification. However, doing so necessitates thousands of bytes to read and store the volume of data across two signatures. This has considerable impacts for the back-end systems, with chips requiring sufficient memory to store far larger SOD files. High-end chips have subsequently been designed with crypto processors to support RSA, and going forwards suppliers will need to focus on the accelerator to improve the computation of PQC.
Next steps
Starting in January 2025, a two-year long project will commence, focusing on ‘Post-Quantum Cryptography for electronic Machine- Readable Travel Documents’ – or PQC4eMRTD. This will see world leading European players in the field of security solutions in hardware and software as well as PQC experts from academia and industry come together to push PQC research results up in the technology readiness scale towards the international standardisation. With Thales being one such contributing player, the ultimate goal will be facilitating the future deployments of quantum-ready tools in preparation for the eventual maturity of quantum.
The final word
While QRQCs aren’t yet a reality, Thales’ electronic document PQC enabled prototype demonstrates that there are no technical barriers to making electronic documents systems ready for quantum era. It also confirms that existing document verification solutions can accept and are compatible with these new PQC enabled documents, allowing for a smooth migration. Essentially, the technology is already there.
Projects, such as PQC4eMRTD, will therefore be a fundamental step in supporting the ICAO on standardization and the wider roll out of new security mechanisms.
To listen back to Gilles’ presentation at Java Forum, check out the recording here, or the following resources on Thales’ various PQC and passport solutions:
