PQC Key Manager

Project information

Project name: PQC Key Manager
Schema: ESA (European Space Agency)
Call for proposals: Fifth Fixed Call for Proposals under the Requesting Party Activity (RPA) in Slovenia
Financier: ESA (European Space Agency)
Project Timeline: 1. 12. 2024 – 30. 11. 2025
Project Budget: 150.000,00 €
Project Budget for UM FERI: 25.000,00 €
Project Coordinator at UM FERI: izr. prof. dr. Marko Hölbl

Participating Organizations:  

• Project coordinator: CREAPLUS d.o.o., Letališka cesta 33f, 1000 Ljubljana, Slovenia 
• Partner: SkyLabs d.o.o., Zagrebška cesta 104, 2000 Maribor, Slovenia 

Project Team UM FERI 

• assoc. prof. dr. Marko Hölbl 
• assist. dr. Marko Kompara  
• Luka Hrgarek  

Project Summary

Recent risk assessments dictate that between the years 2030 and 2035 the probability that somewhere exists a quantum computer capable of breaking both the RSA and the ECC algorithms will become high enough to require migration from RSA/ECC to new post-quantum cryptographic algorithms (PQC). In Q3 2024 NIST released the first official standards for post-quantum cryptography. Some solutions are jet to be selected and/or standardized. 

In light of this, SkyLabs, a Slovenian space-technology-oriented company providing miniaturized on-board data handling solutions and innovative approach to space engineering, has been looking at possible future vulnerabilities in their systems. They primarily see the need to implement PQC algorithms as part of the key management functionality of their Electrical Ground Support Equipment (EGSE). While the communication between the satellite and earth station is protected by preloaded AES256 keys, which are quantum-safe, the loading of AES keys into the hardware is done using traditional asymmetric cryptography, which is susceptible to attacks with a cryptographically relevant quantum computer (CRQC). 

The scope of the project is to create a proof of concept for a solution that can upgrade the existing EGSE key management with PQC algorithms so that neither temporary key storage, nor key exchange algorithms are vulnerable to attacks with a CRQC. It will be accompanied by robust documentation that can offer insight to other companies considering a similar upgrade and facilitate their decision-making.   

UM FERI is responsible for WP220, where we plan to perform systematic research into state-of-the-art postquantum cryptography algorithms. The research will focus on PQC standards and/or (technical) specifications (e.g. IETF drafts), specifically for keyencapsulation mechanisms and PQC public-key infrastructure (PKI). Results will be compiled into a written report and used as guideline in the development phase. 

Project structure

The project is divided into four key work packages, each addressing a crucial aspect of the development process: 

1. Project Management: This work package acts as the project’s central nervous system, overseeing all phases from planning and execution to final closure. The project manager spearheads this critical function, defining project scope, objectives, and requirements. They then translate this vision into a detailed project plan, allocating resources and managing the project timeline. Effective communication with stakeholders is fostered, coupled with proactive risk identification and mitigation strategies. Continuous progress monitoring ensures adherence to budget and project goals.
2. Research: The research work package will delve into three parallel tracks. The first track focuses on meticulously analysing technical requirements specific to the EGSE environment. The second track involves a comprehensive review of scientific publications and official recommendations. This review will identify optimal PQC algorithms, and their implementations, and explore the potential need for X.509 PQC certificates. The third track will evaluate programming libraries, assessing their current and anticipated future support for PQC algorithms. All research findings will be consolidated into software architecture specifications and design. This culmination of research will be delivered in the form of a final report, produced collaboratively by the research and development teams.
3. Development: The development work package focuses on building the proof-of-concept solution. This will be achieved by meticulously translating the design documentation into a functioning software solution. Following implementation, the solution will undergo rigorous testing to identify any issues. Identified issues will be promptly addressed by the development team. This work package also encompasses the creation of a well-defined testing strategy and the delivery of the final software solution with comprehensive documentation.
4. Testing: The testing work package ensures the delivered software solution functions as intended. This involves a thorough evaluation of functionality, usability, performance, and security. Any discovered issues will be reported to the development team for resolution. Finally, this work package will generate a comprehensive testing report, providing a clear picture of the solution’s performance, functionality, and security.