An industry-leading certification level for the implementation of a post-quantum cryptography algorithm in a security controller, it enhances security for eSIM, 5G SIM and smart card applications, including personal IDs, payment cards and eHealth cards, against threats resulting from highly capable quantum computers.
Within the next ten to twenty years, quantum computers are expected to become powerful enough to break current cryptographic algorithms, compromising security. Documents like eIDs that are currently being issued and are valid for many years need to be resistant against future attacks by quantum computers.
The same is true of encrypted messages and emails, because when stored these can be attacked by quantum computers later.
Post-quantum cryptography algorithms such as Module-Lattice-Based Key Encapsulation Mechanisms (ML-KEM) are designed to resist these attacks, improving the integrity of digital infrastructure. A secured implementation of these algorithms is crucial to withstanding classical security attacks.
"With our innovations in post-quantum cryptography and active contribution to algorithm development, Infineon is an integral part in finding future-proof PQC solutions," said Thomas Rosteck, Division President Connected Secure Systems at Infineon. "There is no question that quantum computers will be a reality; therefore, we need to push forward with the migration to post-quantum cryptography decisively.
“Being the first company to receive the Common Criteria EAL 6 certification for post-quantum security is a testament to our dedication in protecting critical infrastructure and helping maintain the security of our customers' data in a post-quantum world."
"The threats posed by quantum computers are becoming more and more real and are within reach," added Claudia Plattner, President of the German Federal Office for Information Security (BSI). "The BSI consistently supports and demands the switch to post-quantum cryptography in order to make files and applications secure in the long term. The availability of quantum-safe IT products, which can also be found in numerous everyday applications, is therefore a real milestone!"
The international Common Criteria standard sets guidelines and criteria for the security of IT products and systems and is internationally recognised. By certifying Infineon's secured implementation of a PQC algorithm with Common Criteria EAL 6, the BSI underlines the importance of resistance against classic attacks, like fault attacks, as well as quantum computer attacks.
The ML-KEM algorithm was implemented on a TEGRION security controller, Infineon's latest brand of 28nm security controllers based on Infineon's security architecture Integrity Guard 32.
The Common Criteria scheme was developed in collaboration among various governments and is recognised by governments around the globe. The certification itself takes place through various national institutions. Infineon's TEGRION security controller has been evaluated and certified by the German BSI under the German Certification scheme.
EAL6 is a highly advanced level of assurance, indicating that the product or system has undergone a comprehensive and rigorous evaluation to confirm its security claims. The certified security controller combines high-performance processing with advanced cryptographic capabilities, providing a robust foundation for post-quantum cryptography.
According to Infineon, with this certification, it is setting a new standard for the industry, paving the way for widespread adoption of post-quantum cryptography.
