Thales receives security certification for ‘quantum-resistant’ smartcard

Thales says it’s ready for the post-quantum era in which powerful quantum computing will be able to break current encryption methods. The French technology company has received security certification from France’s cybersecurity agency for what it calls Europe’s first quantum-resistant smartcard, which can be used in electronic ID cards, health cards, and driving licenses.

The smartcard, called MultiApp 5.2 Premium PQC, has been certified at the EAL 6+ security level under the Common Criteria framework by ANSSI (Agence nationale de la sécurité des systèmes d’information). It relies on Digital Signature Algorithms standardized by the U.S. National Institute of Standards and Technology (NIST), cryptographic tools designed to verify data or a digital message really comes from the right sender, the company explains.

“The joint work of Thales, CEA-Leti IT Security Evaluation Facility and ANSSI is a strong signal that Europe is ready to lead the way in post-quantum security,” says Franck Sadmi, head of ANSSI’s National Certification Center.

From a user’s perspective, the cards function like existing smartcards. The quantum-resistant certification makes them available for deployment by governments and institutions seeking to implement identity solutions with long-term security considerations.

Thales says it is the first company to receive a high-level Common Criteria certification for a quantum-resistant smartcard. Earlier this year, the firm also joined the PQC4eMRTD (Post-Quantum Cryptography for electronic Machine-Readable Travel Documents) initiative, focused on standardizing and promoting quantum-resistant cryptographic protocols for electronic machine-readable travel documents (eMRTDs).

Already by 2029, advances in quantum computing could make conventional asymmetric cryptography unsafe to use, according to Gartner’s 2024 research on post-quantum cryptography.This has made post-quantum cryptography (PQC) all the more pressing.

NIST has been developing quantum-resistant encryption standards since 2016 to ensure that sensitive data – including internet traffic, financial transactions, and national security communications – remain secure in a post-quantum world.

European organizations such as the European Network and Information Security Agency (ENISA), the European Telecommunications Standards Institute (ETSI), the British Standards Institution (BSI) and ANSSI are adopting NIST’s standards while keeping an eye on additional options if they prove better.

Article Topics

ANSSI  |  certification  |  cybersecurity  |  digital ID  |  encryption  |  identity document  |  post-quantum cryptography  |  smartcard  |  Thales Digital Identity and Security