Software Security

Migration towards Post-Quantum Cryptography (POQ)

The challenge

Quantum computers will sooner or later be powerful enough to efficiently calculate certain mathematical methods that are used in today’s cryptography. This may make it possible, for example, to penetrate systems used to create software and thereby integrate malware into delivered systems without the manufacturer’s knowledge. It is therefore essential to ensure that current IT systems can be migrated towards modern (so-called quantum-resistant) cryptographic methods that cannot be cracked by quantum computers.

How we will help

In AMiQuaSy, the consortium is therefore addressing how to quantum-proof the software supply chain and how to migrate towards quantum-resistant solutions in an agile, i.e. iterative-incremental way. In this way, XITASO and its partners are making an important contribution to ensuring the security of the software infrastructure for decades to come.

Technologies

Asymmetric cryptography Post-Quantum-Cryptography (PQC) Crypto-Agility (CA) Continuous Integration and Continuous Deployment (CI/CD) GitLab CI/CD

The research project in detail

Together with OTH Amberg-Weiden and genua GmbH, XITASO is investigating how the usual infrastructure of build servers, source code repositories and artifact repositories used in software development can be designed quantum-safe. This infrastructure is used in practically all software projects and is therefore particularly vulnerable to attacks.

Based on a demonstration system that replicates such a software supply chain locally and in the cloud, AMiQuaSy is developing techniques to identify, circumvent and exchange insecure cryptographic procedures. Agility, i.e. achieving the greatest possible benefit with as little effort as possible and being able to carry out the migration step by step, plays a major role here.

Publications on the research project

2024
  • Migrating Software Systems towards Post-Quantum-Cryptography – A Systematic Literature Review
    Christian Näther, Daniel Herzinger, Stefan-Lukas Gazdag, Jan-Philipp Steghöfer, Simon Daum, Daniel Loebenberger
    April 2024
    Read more

Project Participants and Funding

Project partners

genua GmbH secures complex IT networks in the public and enterprise sectors, for KRITIS organizations and in the classified industry with scalable IT security solutions. As part of the Bundesdruckerei Group, genua develops firewalls, VPN appliances, remote maintenance systems, remote access solutions and other IT security products with around 400 employees. For over ten years, genua has maintained its own research department, which has successfully carried out a large number of publicly funded projects with university and industrial partners. Securing IT solutions against quantum computers has been an important field of research for just as long. This has already been tackled with the squareUP and QuaSiModO projects. With the help of AMiQuaSy, this work is being continued with the aim of developing practical strategies for a timely migration.

OTH Amberg-Weiden has a distinctive profile in the fields of technology, business and health.

Here, the unity of teaching and research as well as the transfer of knowledge from the results of active research are cultivated in the sense of transfer. The research profile: application-oriented and interdisciplinary – in line with the university’s core competencies.
In the AMiQuaSy project, OTH-AW makes a significant contribution to the scientific underpinning and concept development. It ensures that the necessary threat and requirements analyses are based on the latest research and helps to formulate the requirements for quantum-safe software development. During the subsequent actual safeguarding of the CI/CD platform, OTH-AW contributes to the analysis of system behavior and the transfer of these findings to the overall system.

Funding program

Project management

VDE/VDI Innovation + Technik GmbH

Interested in helping with our research projects?

With research and innovation projects, we explore the potential of tomorrow’s technologies. For this purpose, we are always looking for committed colleagues who would like to continue and shape the XITASO path with us.

Further projects

Are you interested in a project, a service or do you have any other question?

Dr. Jan-Philipp Steghöfer

Tel. +49 821 885882-374
jan-philipp.steghoefer@xitaso.com