Skip to content

PQC for Automotive

The development of quantum computers poses a threat to the security of the cryptographic algorithms currently in use. This development also has an impact on security-relevant areas in automotive electronics: At a time when connected vehicles and autonomous driving are becoming increasingly important, the integration of post-quantum cryptography is becoming a decisive factor for the security of vehicle communication. Due to advances in standardization, quantum-resistant cryptographic solutions are available to market participants such as OEMs and suppliers, enabling them to equip vehicles with the necessary security measures in the future.
In cryptography, two different methods are generally used to encrypt or sign data. These are symmetric and asymmetric methods. Asymmetric cryptosystems base on a private and a public key and refer to as public-key methods. Asymmetric methods are used in vehicle electronics, for example, to establish secure communication channels, for car2cloud services, software over the air updates or secure boot.
With symmetric encryption, both parties have the same key, but this must be exchanged in secret. Public key procedures are used to pass on this secret key. Scientists currently assume that modern symmetric methods can be made quantum-safe relatively easily by increasing the key length. Asymmetric encryption methods such as RSA or ECC, on the other hand, must be replaced by quantum-resistant algorithms.
The planning of the changeover to new post-quantum cryptography methods is derived from the security architecture and the threat model of a vehicle. The focus here is on the communication interfaces. The threat model also determines the urgency of the changeover to PQC for individual functions and interfaces. For example, some interfaces such as the on-board diagnostics port, USB infotainment ports or the charging port of an electric vehicle are only accessible locally, while other interfaces offer remote access. These include Bluetooth, mobile radio, WiFi or NFC interfaces.
One of the biggest challenges for these use cases is to define new protocols or extend existing protocols to support PQC procedures. These protocols must be implemented on often very limited embedded microcontrollers with existing software systems such as Autosar with adequate execution speed. The selection of secure and high-performance algorithms and optimized implementation using hardware accelerators and/or software are necessary. Requirements for sufficient performance, energy efficiency, ease of maintenance as well as resource utilization and therefore costs are important. Hybrid solutions as a combination of classic crypto methods and PQC are preferred by the industry in order to enable future security. Cryptoagility is also being addressed in order to be able to correct potential weaknesses in individual crypto algorithms in the future.
NIST has been conducting a PQC standardization process for several years. The aim is to provide new PQC algorithms for signature and key encapsulation procedures (asymmetric public key procedures). This is expected to have an impact on numerous industry standards and government legislation worldwide. Standards are currently being developed and are available as drafts. These include a lattice based key encapsulation mechanism (KEM) called ML-KEM – FIPS 203 (formerly Crystals-Kyber), a lattice based mechanisms to generate and verify digital signatures called ML-DSA – FIPS 204 (formerly Crystals-Dilithium) and a stateless hash based mechanisms to generate and verify digital signatures called SLH-DSA – FIPS 205 (formerly Sphincs+).

KiviCore offers cryptographic primitives which can be used to create different classic and PQC applications. Those are hash functions as defined by secure hash algorithms (SHA3) from NIST FIPS-202 standard as well as Keccak.