Finnish company Xiphera, a designer and implementer of cryptographic Intellectual Property (IP) cores, has beaten out the competition to win the annual startup award from the European Cyber Security Organisation (ECSO). With other finalists focusing on innovative software solutions and Artificial Intelligence (AI), this choice reflects the foundational impact of cryptography hardware on the security landscape, and reminds us that it’s by no means a solved problem—as threats evolve and market requirements shift, the cryptography hardware market must keep innovating.
Quantum Acceleration
|
IMPACT
|
Xiphera’s focus on designing for Field Programmable Gate Arrays (FPGAs) and Application Specific Integrated Circuits (ASICs) with “no hidden Central Processing Unit (CPU) or software components” reflects the growing need for real-time or near-real-time cryptography at the edge. ASICs offer unbeatable speed, but of particular long-term strategic interest is the FPGA offering. Some dismiss crypto-agility as a buzzword, but in the face of accelerated threat evolution and the ever-closer specter of attack-capable quantum computing, the question of how to guarantee the security of cryptographic hardware across device life spans is not easily dismissed. It’s not just a case of implementing the current suite of quantum-safe algorithms, optimizing the processing speed for those algorithms, and calling it a day.
Long-term strategists will recognize that the ability to completely redesign hardware, implementing and optimizing for new algorithms, offers the ultimate long-term insurance against cryptographic change—of particular importance given the uncertainty in the research, with a team at Google Quantum AI this month publishing a research paper that elaborated on methods for breaking 2048-bit RSA with under a million noisy qubits. The fact that the volume of qubits has dropped so substantially from the same team’s 2019 estimate of 20 million qubits is an arresting example of the fact that our timelines are estimates, and our current quantum safety measures are subject to change, with error correction and fault tolerance techniques in constant development and threatening to slash the timelines until “Y2Q.”
Meeting the Challenge
|
RECOMMENDATIONS
|
Robust cryptography is at the heart of all security, from the most basic to the most advanced techniques, tools, and infrastructure. Many are eyeing virtualized solutions in the face of agility and integration challenges, but for high-speed, high-security use cases, FPGAs offer a better balance of long-term flexibility and current performance, with options available should the algorithms be undermined within a device’s life span—far from impossible given the constant evolution of research, as demonstrated by the Google team.
Agility isn’t just a security and compliance issue. Regional preferences are still evolving, with some nations pursuing quantum sovereignty over unified adoption of the National Institute of Standards and Technology’s (NIST) recommendations, and those delivering solutions internationally will need to be able to accommodate this—especially if the sentiment is accelerated by increasing geopolitical tensions. FPGA integration allows device makers to deploy solutions such as Xiphera’s NIST-compliant xQlave IP core in supporting markets, while retaining the option to deploy alternative cores in non-supporting markets.
Compliance with Post-Quantum Cryptography (PQC) standards and regulation is a design burden that many teams can’t, or don’t want to, support—integrating components that are already compliant cuts the time to market and enables long-term protection to be implemented early, with the burden offset to expert partners. A good cryptographic IP core partner should guide customers through integration, and then evolutions, and the rapidity of response to any changes in the landscape over the next 10 years will differentiate the leaders.
Quantum attack is, of course, not the only driver for agility in security. Quantum attack aside, flaws that open up vulnerabilities have always been found in cryptographic implementations, and increasingly sophisticated techniques will keep exposing new ones. Improvements to the standards of overall cybersecurity, driven by broad-reaching regulation, will inevitably remove some “low-hanging fruit” options for attackers and drive them to more advanced techniques, supported with proliferating AI tools to improve and accelerate the attack lifecycle. Maximizing the capacity for a design to be rapidly and effectively modified in response to new attack vectors is an essential value for anyone targeting confidence in the security of their product years into deployment.
