TryTRY
BuyBUY
  • newsletter
  • contact
  • corporate
  • careers
Utimaco
TRYour free HSM simulator
BUYget a quote
  • home
  • solutions
  • products
  • services
  • blog
  • downloads
  • partners
  • company

Next event

24/Mar - 25/Mar | Webinar

The Path for Cloudifying Payment HSMs

Utimaco Portal

Here you will find everything you need as a partner and customerLogin required

  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research

Home / Blogs / Crypto-agile HSMs by Utimaco used in research for post-quantum cryptography

Crypto-agile HSMs by Utimaco used in research for post-quantum cryptography

November 09, 2020

With every passing day, the need for crypto agility becomes more important. Whether you believe quantum computing is 10 years, 20 years or more away, the inevitability is that it is approaching fast. This is why many leading technology organizations have begun to research the impact of new quantum-safe algorithms on their existing products or infrastructure. This research is facilitated by the use of , Hardware Security Modules (HSMs). It is within the secure parameter of an HSM that existing and quantum-safe algorithms should be executed – but not many HSMs are capable of doing this. This why the flexibility and functionality of HSMs play an important role in in crypto agility.

Crypto agility is the ability for an information security system to switch to an alternative cryptographic primitive and algorithm without significantly altering the system infrastructure. This facilitates and promotes system upgrades and evolution while also acting as an incidence response mechanism of safety measure.

New call-to-action

What is an HSM?

There are many facets to a secure and technically sound cryptography solution.

HSMs play a critical role in

safeguarding and managing digital keys as they provide the secure environment for executing the cryptographic algorithms to generate these keys.

These physical computing devices enable strong authentication measures and provide a secure environment where crypto processing for encryption and decryption takes place. Whether the HSM is designed as an external device or a plug-in card, these devices also feature tamper resistance that can detect when suspicious activity occurs. They are even capable of deleting crypto keys to act as a failsafe against tampering activity.

HSMs and Crypto Agility

New call-to-actionMuch of the initial focus for developing post-quantum, or PQ strategies was focused on developing new algorithms that could resist the increased computing power of quantum computers. Today’s classical computing systems lack the processing power to perform the trillions and trillions of transactions required to effectively factor today’s crypto algorithms.

Quantum computing has already been theoretically proven to be able to crack the code which prompted the crypto industry to scramble its resources to develop safe and secure PQ algorithms.

The development of these algorithms is just the first step in a complex deployment of crypto agile infrastructure solutions. The primary challenge in this is that organizations must begin living in both the pre and post quantum world, especially those:

  • Implementing a PKI to manage IoT devices – including cars Within government or critical infrastructures that needs to keep secrets or access to information for more than 10-15 years

This means that these entities will need to be able to exchange both quantum and non-quantum safe data during what could be a decades-long transition and even operate them in parallel.

How much time an organization has to implement quantum safe algorithms can be expressed by a formula defined by Michele Mosca:

If the security security shelf-life (x years) of your product or the secret you need to keep
PLUS the migration time (y years) you need to move to a new algorithms
is larger than the time left to the availability of quantum computers capable of breaking the algorithm
you are currently using (collapse time in z years)
you have already run out of time.

Or in Michele’s words: If x + y > z, then worry (“Theorem”)

In any case, you may want to start testing the impact of the new algorithms on your products or infrastructure as soon as possible. For this, you will need an HSM that is crypto agile.  You need an HSMs that allows you to effectively and efficiently upgrade firmware and algorithms as the demands for encryption continue to evolve. . This is why many of the major players in the research and development of post-quantum cryptography such as Microsoft Research, evolution Q, Digicert, LG Electronics, Entrust Datacard, and Isara work with Utimaco HSMs.

Choosing the Right HSM for the Job

When major players like these get their vast research resources, including people and money, focused on a goal, they want to ensure they have the right tools for the job. PQC experts work with Utimaco for their tools of choice for HSMs. Their comprehensive line of products includes a range of HSMs that can be deployed as both general purpose and customized solutions. In addition to their family of HSMs, they also offer a pair of integrated Software Development Kits (SDK) that allows their customers to efficiently prepare and implement post-quantum safe solutions.

Microsoft Research works with Utimaco

One of these major researchers, Microsoft Research, has detailed their efforts utilizing the Utimaco HSMs in a project code named “Picnic.” Their detailed white paper describes Picnic as a signature scheme that is designed to be able to withstand attacks from quantum computers. It is built using foundational elements such as symmetric key primitives, post-quantum security measures, and a zero-knowledge proof system. This exhaustive analysis details the process that was undertaken to develop, test, and analyze the security of various forms of the Picnic signature scheme. It also included a wide variety of attack protocols along with various forms of the Picnic signature.

As you can imagine, the combination of signature forms and attack models required a significant amount of customization and adaptation to the underlying infrastructure. This includes Utimaco’s HSMs and their ability to effectively function in both pre and post-quantum states. In addition to the functional effectiveness of the HSMs, the agility afforded by the integrated SDKs contributed to the Utimaco devices being an integral part of the success of the Microsoft research effort.
( #PartnersAreKey ).

The Quantum Future

Many refer to the age of quantum computing as the next major milestone of human existence. Its impacts will be felt in every aspect of life. Similarly, the impacts will be felt within every aspect of your crypto infrastructure. A thorough and methodical deployment of a crypto agile solution, including your HSMs, is the best path forward.

Connect to the Utimaco PQC research network

Be informed about the release of the next post-quantum related blogs and videos. Simply enroll to our info-mail with the subscription button on the top right.

Are you part of a research institute of department and interested in participating in our collaborative research programs, please contact us for additional information.

New call-to-action

Back to overview

Stay on top of our news
Don’t miss out on any Utimaco updates

Subscribe to Utimaco Newsletter

We will keep you posted with news from Utimaco and the industries we protect, as well as information on upcoming events and webinars.

Subscribe now

Partners

Telegrupp AS Real security d.o.o. Nexus - Utimaco Hardware Security Modules Partner Fortiedge Pte Ltd. Thomas-Krenn.AG Komar Consulting Inc. - Utimaco Hardware Security Modules Partner Utimaco HSM - PTESA_profesionales en transacciones electronicas PrimeKey Labs GmbH CREAplus Italia S.r.l Utimaco HSM - InfoGuard Swiss Cyber Security AKEA S.A. - Utimaco Hardware Security Modules Partner Synergy Computers (Pvt.) Ltd. - Utimaco Hardware Security Modules Partner Abrantix AG intarsys AG ESYSCO Sp. z o.o. IQuantics Corp Microexpert Limited Baas Control s.r.o. JJNet International Co., Limited - Utimaco Hardware Security Modules Partner Cryptomathic GmbH Cogito Group Pty Ltd SecureMetric Technology Sdn. Bhd. Encryption Consulting LLC Throughwave (Thailand) Co.,Ltd - Utimaco Hardware Security Modules Partner Versasec Astel (UK) Ltd. - Utimaco Hardware Security Modules Partner Skytech Computing Solutions Limited. - Utimaco Hardware Security Modules Partner EUROPEAN DYNAMICS SA. Cyber Armor Pte Ltd Cryptomathic Inc. Utimaco HSM - QuintessenceLabs cv cryptovision GmbH Secure Source Distribution (M) Sdn Bhd - Utimaco Hardware Security Modules Partner PETA (Thailand) Co., Ltd. Ascertia - Utimaco Hardware Security Modules Partner Macroseguridad Altacom UAB Perceptus-sp.-z-o.-o. CertiSur S.A. MIcrosec Nexus - Utimaco Hardware Security Modules Partner VAR Group SpA - Utimaco Hardware Security Modules Partner Softline Solutions GmbH Envoy Data Corporation - Utimaco Hardware Security Modules Partner CEGA Security Primekey Solutions AB CewTec S.A. Rohde & Schwarz Cybersecurity GmbH Safesoft Kft. Compumatica secure networks GmbH MTG - Utimaco Hardware Security Modules Partner Clearkey Consulting - Utimaco Hardware Security Modules Partner Nexus Technology GmbH Fornetix - Utimaco Hardware Security Modules Partner MALKOM D.Malińska i Wspólnicy s.j. PKI Solutions Inc. CREA plus d.o.o. E-Sign S.A. Cryptomathic A/S Compumatica secure networks B.V.
Find a partner

Share this page

EMEA

Utimaco IS GmbH
Germanusstraße 4
52080 Aachen
Germany
Phone: + 49 241 1696 200

Americas

Utimaco Inc.
900 E Hamilton Ave., Suite 400
Campbell, CA 95008
USA
Phone: +1 844 UTIMACO

APAC

Utimaco IS Pte Limited
80 Raffles Place,
#32-01, UOB Plaza
Singapore 048624
Phone: +65 6622 5347

Utimaco

  • support
  • corporate
  • careers
  • legal
  • terms & conditions
  • privacy
  • cookie-policy
© 2021
to top
  • home
  • solutions
    • industries
      • banking and financial services
        • acquirer
        • card scheme
        • issuer
        • hsm-as-a-service
      • government
        • federal government
      • cloud
        • cloud-based innovation
        • multi-cloud agility
      • connected car (V2V)
      • automotive solutions
      • road infrastructure (V2I), toll collection & ITS
      • industrial IoT & manufacturing
      • energy & utilities
      • lottery & gaming
      • media & entertainment
      • telecommunications
    • applications
      • authentication
      • blockchain
      • code signing
      • database encryption
      • document signing
      • key injection
      • post-quantum crypto agility
      • public key infrastructure (PKI)
        • EJBCA
      • random number generator (RNG)
    • compliance
      • certifications & approvals
        • Common Criteria (CC)
        • FIPS 140-2
      • compliance & standardization
        • FISMA, FedRAMP, and FICAM
        • Certificate Policy of the Smart Metering PKI
        • eIDAS
        • GDPR
        • PCI DSS
        • Privacy Shield
  • products
    • general purpose HSM
      • SecurityServer Se Gen2
      • SecurityServer CSe
      • Block-safe
      • CryptoServer CP5 (eIDAS & CC)
      • CryptoServer Cloud
      • TimestampServer
      • Q-safe
    • payment HSM
      • Atalla AT1000
      • PaymentServer Se Gen2
      • PaymentServer CSe
      • Secure Configuration Assistance (SCA)
      • QuickStart Services
      • u.cloud – Atalla PaymentHSMaaS
      • u.trust 360
    • key management
      • Enterprise Key Management
    • Software Development Kit (SDK)
      • CryptoServer SDK
      • CryptoScript SDK
    • HSM simulators
      • Block-safe HSM simulator
      • CryptoServer CP5 simulator (eIDAS & CC)
      • SecurityServer simulator
      • Q-safe HSM simulator
    • form factor
      • LAN appliance
      • PCIe card
      • cloud, “HSM as a Service”
    • KeyBRIDGE
      • KeyBRIDGE POI
      • KeyBRIDGE RKD
      • KeyBRIDGE eKMS
      • TokenBRIDGE™
    • u.trust Anchor
      • u.trust Anchor CSAR
      • u.trust Anchor High Performance HSM
  • services
    • consultancy
      • PQC consultancy
    • support
    • managed services
      • Key Exchange & Escrow Service (KEES™)
    • professional services
    • Utimaco Academy
  • blog
  • downloads
    • brochures
    • data sheets
    • case studies
    • white papers
    • webinars
    • e-books
      • PQC for Dummies e-book
      • HSM for Dummies e-book
    • Utimaco Portal
      • integration guides
      • knowledge base
  • partners
    • Partner Program
      • technology partner
    • Partner Locator
  • company
    • about Utimaco
      • legal
      • terms & conditions
      • privacy
        • cookie-policy
    • locations
    • news
      • newsletter
    • events
    • contact
    • careers
    • investors
    • utimaco management
    • business ethics
    • memberships and certifications
    • engagement in research