Common Criteria EAL6 certification World's first Common Criteria certification for PQC algorithm on security controller

Related Vendors

Infineon Technologies AG

FAULHABER Drive Systems

Taiwan Machine Tool & Accessory Builders' Association (TMBA)

Infineon became the first company to receive a Common Criteria EAL6 certification for the implementation of a post-quantum cryptography (PQC) algorithm in a security controller. This algorithm is used to secure eSIM, 5G SIM, and smart card applications, such as ID cards, payment cards, and eHealth cards, against threats from high-performance quantum computers.

Within the next 10 to 20 years, quantum computers are expected to become so powerful that they could break current cryptographic algorithms and compromise digital security. Documents like eIDs issued today and valid for many years must be protected against future attacks by quantum computers. This also applies to encrypted messages and emails sent today, which can be stored and later attacked by quantum computers. Post-quantum cryptography algorithms, such as the Module-Lattice-Based Key Encapsulation Mechanism (ML-KEM), are designed to resist these attacks and strengthen the integrity of the digital infrastructure. A secure implementation of these algorithms is crucial to fend off classical security attacks.

The latest success demonstrates Infineon's commitment to offering future-proof security solutions. "With our innovations in post-quantum cryptography and our active participation in algorithm development, Infineon plays an important role in developing future-proof PQC solutions," says Thomas Rosteck, Division President Connected Secure Systems at Infineon. "One thing is certain, quantum computers will become a reality. Therefore, we must drive the transition to post-quantum cryptography decisively. As the first company, we have received the Common Criteria EAL 6 certification for post-quantum security. This proves our commitment to protecting critical infrastructures and contributing to ensuring the security of our customers' data in a post-quantum world. This once again underscores Infineon's leadership claim in the field of security."

"The threats posed by quantum computers are becoming more real and are within reach," says Claudia Plattner, President of the Federal Office for Information Security (BSI). "The BSI consistently supports and advocates for the transition to post-quantum cryptography to make files and applications secure in the long term. The availability of quantum-safe IT products, which can also be found in numerous everyday applications, is therefore a real milestone!"

The international Common Criteria standard establishes guidelines and criteria for the security of IT products and systems and is internationally recognized. With the certification of Infineon's PQC algorithm implementation with Common Criteria EAL 6, the BSI emphasizes the importance of resilience against classical attacks such as fault attacks, as well as quantum computer attacks. The ML-KEM algorithm was implemented on a Tegrion security controller. These latest 28-nm security controllers are based on Infineon's revolutionary security architecture Integrity Guard 32. The Common Criteria standard was developed through collaboration between various governments and is recognized by governments worldwide. The certification itself is conducted by various national institutions. Infineon's Tegrion security controller was evaluated and certified by the German BSI according to the German certification scheme.

EAL6 is a very advanced security level that indicates the product or system has undergone a comprehensive and rigorous evaluation regarding the required security. The certified security controller combines high-performance computing with advanced cryptographic capabilities, providing a robust foundation for post-quantum cryptography. With this certification, Infineon sets a new standard for the industry, paving the way for the widespread adoption of post-quantum cryptography and a more secure digital future. Infineon will continue to work on advanced quantum-resistant solutions that are required due to rapid developments in the field of post-quantum cryptography. (sg)