authID adds post-quantum cryptography to biometric signature platform

The threat of quantum computing is prompting many companies to boost their defenses. Identity verification company AuthID is the latest, upgrading its biometric digital signature platform with support for quantum-resistant cryptography.

​Unlike conventional biometric systems that store facial templates on servers, the AuthID’s PrivacyKey architecture does not store data at rest. Instead, it generates a biometric digital signature, a cryptographic proof that a specific individual was present during an authorization of a transaction, says the U.S.-based company.

The Privacy Key platform will support three NIST-standardized post-quantum cryptographic algorithms: ML-DSA-65, SLH-DSA-128s and SLH-DSA-256s, the identity verification company has announced. Organizations can select algorithms according to the operation, policy, or risk model.

​“The ability to enforce biometric-bound, quantum-hardened digital signatures at the transaction level is a capability no other platform offers,” says Rhon Daguro, CEO of authID.​

Quantum computing has been threatening to make traditional encryption schemes obsolete, prompting companies to develop new solutions and urge their clients to take necessary precautions. With NIST finalizing its standards and regulators accelerating their work, organizations that rely on legacy biometric architectures are facing a ticking clock, adds Daguro.

“We’re giving enterprises a way to get ahead of the quantum threat without waiting for it to arrive,” he says.

Yubico: Do not rush post-quantum technology

Some experts are warning that the transition towards post-quantum algorithms should be gradual, not overnight.

​“Ultimately, the adoption of post-quantum cryptography will be an evolution rather than a sudden transition,” says Nic Sarginson, principal product manager at Yubico. “It will be critical to ensure digital identities remain secure against future quantum threats without sacrificing the usability and trust that have comprised our foundation from the start.”

Sarginson spoke about the evolution of Yubico’s hardware passkeys, noting that they are playing an increasingly important role in encryption and the protection of digital IDs in a post-quantum, AI-driven world. Moving towards post-quantum cryptography, however, has been a complex and time-consuming endeavor.

“While progress is being made on standards, significant work is needed to implement post-quantum solutions effectively across elements like attestation, PIN protocols and registration user experiences,” he told Cyber Magazine.

In addition, post-quantum algorithms are mathematically complex and can’t simply be retrofitted onto existing hardware, he says. Instead, entirely new devices and mature industry standards will be required.

​This makes “crypto-agility,” or the ability to update cryptographic protocols smoothly, critical to avoiding the security failures that rushed transitions have caused historically, Sarginson concludes.

Article Topics

authID  |  biometrics  |  cybersecurity  |  digital identity  |  post-quantum cryptography  |  Yubico