FIDO Alliance ensures long-term value of its specifications in post quantum era

Cryptography plays a fundamental role in securing data within computer systems, particularly those involving biometric technologies. It ensures that confidentiality, integrity and authenticity of sensitive data, whether it’s processed locally at the edge or sent to cloud servers for further analysis and storage.

However, with the introduction of quantum computing, which has rapidly advanced in computational capabilities, present a significant threat to these cryptographic methods. Large-scale quantum computers have the potential to break several established cryptographic algorithms, including RSA and ECC, by solving the complex mathematical problems upon which their security relies.

In response to the threats, the cryptographic community and various organizations are actively developing post-quantum cryptographic (PQC) algorithms. These algorithms are designed to withstand quantum computing attacks, offering a replacement for existing algorithms and ensuring continued security in the quantum era.

In a parallel effort, the FIDO Alliance is working to address the impact of quantum computing on its specifications, aiming to preserve the long-term value efficacy of products and services built on these specifications. The specifications are expected to rely on standards developed by other organizations such as NIST and ISO, which are monitoring the process of PQC algorithms and their implications for existing specifications.

FIDO Alliance has outlined a strategy for integrating post-quantum cryptography into its standards. The Alliance aims to facilitate a smooth transition from current cryotpgraphic algorithms to post-quantum croyptographic algorithms. Despite the fact that the timeline for availability of quantum computers capable of breaking a classical cryptographic algorithm is debatable, but experts believe this can happen within 10 years. However, FIDO Alliance believes that the migration of security strategies take time, and a post-quantum strategy for migration is necessary.

As part of its strategy, the Alliance will monitor the development of various PQC algorithms, including lattice-based systems, coding-based systems, supersingular isogenies, and hash-based signatures. They acknowledge that not every PQC algorithms will be compatible with their specifications, and they plan to assess the recommendations of security agencies such as NIST to determine the effectiveness for integration into FIDO standards.

The FIDO Alliance also intends to form working groups tasked with understanding the implications of transitioning to PQC algorithms and crypto-agility. The crypto-agility here refers to the ability to manage multiple algorithms for the same function. These working groups will be charged with developing strategies for migration.

Furthermore, an additional objective of the FIDO Alliance for post-quantum cryptography is to provide guidance to its members and stakeholders as the development and standardization of PQC algorithms advnace.

Earlier this year, Prove Identity has joined the FIDO Alliance Board of Directors. Prove will be expected to contribute in developing future standards for authentication and identity authentication and identity attestation.

Article Topics

biometrics  |  cryptography  |  cybersecurity  |  data protection  |  FIDO Alliance  |  post-quantum cryptography  |  quantum computing