Editions   North America | Europe | Magazine

WhatTheyThink

TOPPAN Digital, NICT, and ISARA Develop Smart Card System Employing Hybrid Methodology to Support Post-Quantum Cryptography and Current Public-key Cryptography

Press release from the issuing company

Concept for use of the PQC CARD® using hybrid methodology
©TOPPAN Digital Inc?

Facilitating a smooth transition to post-quantum cryptography to ensure the safety and security of social infrastructure

Tokyo – TOPPAN Digital Inc. (TOPPAN Digital), a TOPPAN Group company and wholly owned subsidiary of TOPPAN Holdings Inc., the National Institute of Information and Communications Technology (NICT), and ISARA Corporation (ISARA) have developed SecureBridge™, a smart card system capable of supporting both currently used public-key cryptography and post-quantum cryptography (PQC) that is secure against attacks from quantum computers.

The three organizations have been collaborating on research to equip smart cards with PQC since April 2021. They have now updated the PQC CARD® developed in October 20221 and the private certificate authority2 to support a digital certificate (hybrid certificate) that facilitates authentication via both PQC and current public-key cryptography.

The effectiveness of the system has been confirmed by applying it to user authentication on the Healthcare Long-term INtegrity and Confidentiality protection System (H-LINCOS),3 which is implemented on a quantum cryptography network testbed operated by NICT.

TOPPAN Digital, NICT, and ISARA will harness the technology to propel efforts focused on driving practical use of increasingly advanced quantum-secure cloud technologies that enable the secure communication, storage, and use of highly sensitive information in the future.

A part of this work was performed for Council for Science, Technology and Innovation (CSTI) Cross-ministerial Strategic Innovation Promotion Program (SIP), “Promoting Application of Advanced Quantum Technologies to Social Challenges” (Project management agency: QST).

Background

Current public-key algorithms ensure the security of internet-based services such as online medical consultations and e-commerce. However, widely used current public-key algorithms could be vulnerable to attacks by quantum computers in the future. This is prompting demand for a rapid shift to PQC, which is difficult for quantum computers to crack, particularly for systems that handle important information in areas such as healthcare, finance, and government. With the U.S. National Institute of Standards and Technology (NIST) announcing de facto global standard PQC algorithms in August this year, the transition to PQC is expected to further accelerate.

However, information systems have become large and complex in recent years, meaning that a complete transition to PQC is expected to take some time. In the interim, a situation in which some systems are PQC-ready while others are yet to be migrated will present problems for authentication and encrypted communications because the systems from which access is being attempted and the systems being accessed may not be able to use the same cryptographic technologies.

TOPPAN Digital, NICT, and ISARA have therefore developed SecureBridge™ as a smart card system that employs a hybrid methodology to support both PQC and current public-key cryptography. Functionality of the system has been tested by combining it with H-LINCOS. The aim is to enable a smooth transition to PQC and thus contribute to safe and secure social infrastructure.

Features of SecureBridge™ smart card system

Supports PQC and current public-key cryptography
SecureBridge™ supports both ML-DSA,4 a de facto global standard post-quantum signature algorithm announced by NIST in August 2024, and ECDSA,5 a currently used standard signature algorithm. This makes it possible to perform authentication on systems at various stages of their PQC transition.

Enabling a safe and smooth transition over the long term
The transition to PQC is expected to take a long time due to the large scale and complex nature of many systems that handle important information. However, because the hybrid certificates support systems at various stages of migration, they can contribute to a smooth transition and ensure security over an extended period.

Overview of pilot testing

Objective: To confirm basic functionality such as user authentication using the SecureBridge™ smart card system and identify any technical issues.

Testing period: April to September, 2024

Details of testing: Smart cards supporting current public-key cryptography and cards supporting the hybrid methodology were used as HPKI (Healthcare Public Key Infrastructure) cards, the accreditation carried by healthcare professionals. Testing confirmed that accurate ID authentication and browsing of the electronic health record system were possible with either type of card.

Results: It was confirmed on a server using the hybrid methodology that accurate ID authentication is possible using smart cards that only support current public-key cryptography as well as those equipped with the hybrid methodology. This means that if a hybrid certificate is used, authentication is possible on systems at various stages of their migration to PQC, which is expected to contribute to a secure and smooth transition over the long term.

Roles of the three organizations

TOPPAN Digital: Development of hybrid certificate support for PQC CARD® and other smart card systems in collaboration with ISARA and coordination with H-LINCOS.

NICT: Overall framework for developing and provisioning H-LINCOS, a long-term secure data storage and exchange system for healthcare.

ISARA: Development of hybrid certificate issuance functionality for the private certificate authority in collaboration with TOPPAN Digital, and development of ML-DSA firmware6 for smart cards.

The future
Targeting full-scale deployment of SecureBridge™ in 2030, TOPPAN Digital is planning limited practical implementations in 2025 in fields requiring high levels of security, such as the healthcare and financial sectors.

TOPPAN Digital, NICT, and ISARA will use this technology to propel efforts focused on driving practical implementations and enhancements of quantum-secure cloud technologies to enable the secure communication, storage, and use of highly sensitive information in the future. The three organizations plan to develop use cases and implement pilot tests aimed at applying PQC beyond smart card security to a wide-range of internet-based services, including personal data protection and management in the healthcare, finance, and government sectors.

1. PQC CARD®: A smart card equipped with PQC
https://www.holdings.toppan.com/en/news/2022/10/newsrelease221024_1.html 
2. Private certificate authority: A system with a function for issuing digital certificates that guarantee the legitimacy of a server. Private certificate authorities are operated within limited scopes, such as a company’s internal networks.
3. Healthcare Long-term INtegrity and Confidentiality protection System (H-LINCOS): A long-term secure data storage and exchange system for healthcare. H-LINCOS uses secret sharing, quantum cryptography, and other secure communication and public-key authentication technologies to enable backups and the mutual use of electronic health record data by medical institutions. H-LINCOS achieves high levels of security and availability. A related press release from NICT can be viewed at https://www.nict.go.jp/en/press/2019/12/12-1.html
4. ML-DSA: A next-generation cryptography algorithm selected as a Federal Information Processing Standard (FIPS) by NIST in August 2024. It is derived from CRYSTALS-Dilithium, a digital signature algorithm using lattice-based cryptography.
5. ECDSA: A signature algorithm based on ECC public-key techniques. It provides the same level of security as the RSA public-key cryptosystem but with roughly one tenth the key size.
6. Firmware: Software incorporated into devices to control hardware.

https://www.holdings.toppan.com/en/ 
https://www.linkedin.com/company/toppan/ 

For more information, visit https://www.nict.go.jp/en/