In our previous article, we discussed the impact of Post-Quantum Cryptography (PQC) on mobile connectivity. Now, let’s explore how PQC affects identity documents, and the measures Thales is taking to ensure their security in a post-quantum world. Protecting people’s identities and ensuring citizens’ rights is more important than ever.
Secure, sustainable, and user-centric solutions are essential for safeguarding personal information. This involves designing and implementing identity and biometrics solutions that combine both physical and electronic security measures. Cryptography plays a vital role in this holistic approach to security.
What Threat Does Quantum Computing Pose to Identity Documents?
Quantum computers threaten to break the asymmetric cryptography used today in electronic IDs, health cards, and travel documents such as passports. Quantum attacks, such as Shor’s Algorithm, can efficiently factor large numbers, breaking RSA encryption, while Grover’s Algorithm can speed up the search for keys in symmetric encryption, impacting algorithms like AES. This could severely impact security and privacy if not mitigated in advance. Here are some potential consequences:
PKI-Based Authentication Risks: PKI-based authentication or authorisation to any online or offline system or device could be faked and become insecure. For example, citizens use electronic IDs to access eGovernment services securely, and PKI plays a crucial role in online banking transactions. Rogue terminals could authenticate an ID card or passport and access secret data stored in the chip. An attacker could steal identities and log in to public eGovernment services or private eServices, like banking and eHealth.
Digital Signature Vulnerabilities: Digital signatures would lose their ability to prove authenticity or data integrity. In various sectors, digital signatures are used to authenticate contracts and legal agreements, and ensure the integrity of medical records and prescriptions. Identity data in an ID card or passport could be altered or created from scratch, remaining undetected as the document signing key could be broken.
Legal Equivalence of Electronic Documents: Any electronic document (PDF, web form, etc.) with a qualified signature would lose its legal equivalence with a handwritten signature because the private signing key could be identified from the PKI certificate with the public key.
Encrypted Communication Risks: Encrypted communication would lose confidentiality as attackers could eavesdrop on key exchanges. Protocols such as EAC and SAC protect travel documents and secure specific data. Encrypted communication is also used in corporate environments to protect sensitive information, including VPNs and secure emails. This would affect protocols used in travel documents, ID cards, encrypted emails, web sessions, and VPNs.
Thales’ Solution: MultiApp v5.2
To address these concerns, Thales is introducing MultiApp v5.2, the first post-quantum-ready operating system for electronic documents with premium PQC. This platform is built on a new high-performance chip with ample memory for extended user data. The chip specifications include advanced memory capacity, processing power, and enhanced security features. It complies with the latest JavaCard and GlobalPlatform standards and offers a full suite of JavaCard applets for diverse government use cases. This brand-new product adopts a hybrid cryptographic approach and supports:
- Legacy Cryptographic Features: (RSA, ECC, 3DES, AES)
- Hybrid Quantum-Safe Signature: (RSA up to 4K) and NIST FIPS 204 (ML-DSA) – imbricated or concatenated
- Asymmetric On-Board Key Generation: (RSA, ECC & NIST FIPS 204)
- CRYSTALS-Kyber JavaCard API Services: For future key exchange applications
In line with the latest cybersecurity recommendations issued by European Security Agencies (ANSSI & BSI), the hybrid approach offered by our new products ensures the capitalisation of the well-demonstrated properties already deemed guaranteed by the traditional RSA algorithm, while enhancing it with newer quantum-safe technologies.
Our engineering teams are also involved in several initiatives related to the evolution of Machine Readable Travel Documents (eMRTD) to make them quantum-safe in the near future, and contribute to eMRTD standardisation (ICAO DOC 9303 New Technology Working Group) to release a quantum-safe specification of documents.
The Final Word
As quantum computing continues to evolve, it is crucial to stay ahead of potential threats and ensure the security of our identity documents. Thales is dedicated to pioneering advancements in Post-Quantum Cryptography to safeguard identity documents and beyond.
Stay tuned as we explore quantum-safe solutions across various industries, ensuring a secure future in the quantum era.
