First Common Criteria Certification for post-quantum cryptography algorithm on a security controller

Infineon Technologies AG has reached a milestone on the way to a quantum-resilient world in collaboration with the German Federal Office for Information Security (BSI). It is the first company ever to receive the Common Criteria EAL6, an industry-leading certification level, for the implementation of a post-quantum cryptography algorithm in a security controller. Such cryptography improves security for eSIM, 5G SIM, and smart card applications, including personal IDs, payment cards, and eHealth cards, and protects against threats from highly capable quantum computers. The world's first certification is a milestone to a quantum-safe future in our daily lives.

Within the next ten to 20 years, quantum computers are expected to become powerful enough to break current cryptographic algorithms, compromising the security of our digital lives. Documents like eIDs that are currently being issued and are valid for many years are required to be resistant to future attacks by quantum computers. The same is true of encrypted messages and emails that are sent now because, when stored, these can be attacked by quantum computers later. Post-quantum cryptography algorithms such as Module-Lattice-Based Key Encapsulation Mechanisms (ML-KEM) are developed to resist these attacks, fortifying the integrity of our digital infrastructure. A secured implementation of these algorithms is crucial to withstanding classical security attacks.

The company's latest achievement demonstrates its commitment to providing future-proof security solutions. "With our innovations in post-quantum cryptography and active contribution to algorithm development, Infineon is an integral part in finding future-proof PQC solutions," said Thomas Rosteck, division president of Connected Secure Systems at Infineon. "There is no question that quantum computers will be a reality; Therefore, we need to push forward with the migration to post-quantum cryptography decisively. Being the first company to receive the Common Criteria EAL 6 certification for post-quantum security is a testament to our dedication in protecting critical infrastructure and helping maintain the security of our customers' data in a post-quantum world. This once again underpins Infineon's leadership in the security industry."

"The threats posed by quantum computers are becoming more and more real and are within reach," said Claudia Plattner, president of the German Federal Office for Information Security (BSI). "The BSI consistently supports and demands the switch to post-quantum cryptography in order to make files and applications secure in the long term. The availability of quantum-safe IT products, which can also be found in numerous everyday applications, is therefore a real milestone!"

The international Common Criteria standard sets guidelines and criteria for the security of IT products and systems and is internationally recognised. By certifying Infineon's secured implementation of a PQC algorithm with Common Criteria EAL 6, the BSI underlines the importance of resistance against classic attacks, like fault attacks and quantum computer attacks. The ML-KEM algorithm was implemented on a TEGRION security controller, Infineon's latest brand of 28nm security controllers based on its revolutionary security architecture Integrity Guard 32. The Common Criteria scheme was developed in collaboration among various governments and is recognised by governments around the globe. The certification itself takes place through various national institutions. Infineon's TEGRION security controller has been evaluated and certified by the German BSI under the German Certification scheme.

EAL6 is a highly advanced level of assurance, signifying that the product or system has undergone a comprehensive and rigorous evaluation to confirm its security claims. The certified security controller combines high-performance processing with advanced cryptographic capabilities, delivering a robust foundation for post-quantum cryptography. With this certification, the company sets a new standard for the industry, paving the way for widespread adoption of post-quantum cryptography and a safer digital future. With the PQC era approaching fast, the company will continue working on further and more advanced quantum-resistant solutions.