In an exclusive interview with APAC Media and CXO Media, Amaanie HAKIM, VP Innovation at IDEMIA Secure Transactions, discusses how the company is preparing businesses and government agencies for the transition to post-quantum cryptography (PQC). She highlights the challenges of securing critical infrastructure, the role of hybrid cryptographic approaches, and IDEMIA’s collaboration with global standards bodies to ensure a smooth and secure migration.
How is IDEMIA Secure Transactions helping clients transition to post-quantum cryptography while addressing system disruptions and long-term planning for private companies and government agencies?
We truly believe that the transition to post-quantum cryptography (PQC) is not just a technological upgrade but a fundamental shift in security infrastructure. We are actively supporting our clients, including mobile operators, financial institutions, government agencies and critical infrastructure providers, in navigating this transition smoothly. Our priority is to ensure they have a clear view of the threat and how imminent the risk is, depending on the cryptography they use.
With more than 40 years of expertise in cryptography and security solutions, we are here to help them map their risks and create a pragmatic and realistic transition plan. To secure a smooth transition, we have identified three key pillars. First, Post-Quantum Cryptography requires a fundamental rethinking of algorithm design. We recognize that achieving full readiness will take time and multiple iterations, which is why it is crucial to begin testing algorithms, adapting protocols and optimizing hardware and software solutions to ensure secure usability.
Given the novelty of these algorithms, we advocate for hybrid approaches that integrate traditional cryptography with post-quantum cryptography. Second, we strongly believe that such a migration is a global effort and that all actors of the ecosystem must work jointly to secure interoperability and phased migration. Finally, collaboration with global standards bodies is essential to ensure that the collective research effort benefits all.
We have been working on quantum-safe cryptography for years, launching initiatives like the world’s first quantum-resistant 5G SIM or the first quantum-resistant CBDC offline payment demonstration. We work closely with organizations like the NIST and ETSI to ensure that our solutions align with internationally recognized security standards, helping clients future-proof their infrastructures.
How does IDEMIA Secure Transactions assess the potential risks and benefits of quantum key distribution (QKD) technologies?
QKD is a promising application of quantum technologies for inherently secure key distribution. This is a technology that we have on our radar so that we can support our customers and integrate it into our solutions if they have use cases for which it could be beneficial.
Today, this technology is still nascent and works at rather short distances due to signal loss issues and is very costly. Investments in these fields will be key to making it practical to use in real-life use cases, and the good news is that this is a very active research field.
What are the key challenges in developing and deploying quantum-resistant algorithms, and how is IDEMIA Secure Transactions working with government agencies like NIST to ensure the security and interoperability of these algorithms?
The key challenge about these algorithms is that they are new. Traditional cryptography benefits from years of experience and a proven track record of robustness. In developing quantum-resistant algorithms, we work today on mathematical proofs to assess their robustness against attacks.
However, we acknowledge that initial security challenges may arise. Therefore, contributing to the cryptographic community to establish unified standards is essential to prevent industry fragmentation and ensure a diverse set of algorithmic options.
Thus, IDEMIA Secure Transactions actively contributes to the NIST PQC standardization process and collaborates with agencies and institutions worldwide to ensure that quantum-resistant security solutions are both robust and practical.
But this is only one part of the journey. Many PQC algorithms require higher computational resources, which can impact latency-sensitive applications like payments and secure authentication.
Ensuring that PQC algorithms integrate seamlessly with existing physical and digital infrastructures is critical for adoption. Maintaining a high level of security and an acceptable time in terms of user experience requires us to rethink our chip design, as well as existing processes and protocols. Our recent announcement on our first Hardware Accelerator designed for Post-Quantum Cryptography is a key step towards this.
To maintain the highest security levels, we also need to identify new methods to make post-quantum cryptography implementation resistant to side-channel and fault injection attacks. With years of experience in this field, our cryptography experts contribute to rebuilding these models and the associated end-to-end trust in post-quantum cryptography through publications at top-tier conferences in the field of embedded cryptography.
Last but not least, due to the potential for security vulnerabilities in newly developed algorithms, it is crucial to incorporate crypto agility into protocol design. This ensures the ability to remotely update or replace all or part of a deployed cryptographic solution as needed. Our post-quantum crypto-agility solution, unveiled in 2024, is designed to help organizations gradually migrate to PQC without compromising security or operational efficiency.
How can governments incentivize the development and adoption of quantum-ready infrastructure and technologies, particularly in critical sectors like finance, healthcare and national security?
Governments play a crucial role in accelerating the adoption of quantum-ready solutions by providing funding for research and development, establishing regulatory frameworks, and fostering industry-wide transition roadmaps. For critical infrastructures, we advocate strict migration plans and deadlines to safeguard the most sensitive assets.
Investments in public-private partnerships can also help bridge the gap between academic research and real-world applications. IDEMIA Secure Transactions actively collaborates with government agencies and regulatory bodies to ensure that the transition to post-quantum security is both seamless and secure.
What is IDEMIA Secure Transactions’ perspective on the ethical considerations surrounding the development and use of quantum computing technologies, and how can governments ensure responsible innovation in this field?
Quantum computers are powerful tools that can greatly benefit society. However, like any tool, they can also cause significant harm if misused by those with malicious intent. This is actually why working on post-quantum cryptography is essential. With a quantum computer, breaking traditional asymmetric cryptographic algorithms such as RSA would go down from trillions of years to only a few hours, hence raising immense ethical concerns related to data privacy and security.
Quantum computers could also further accelerate AI capabilities and increase already existing ethical considerations in this field. Some governments have established ethical guidelines for AI usage to promote transparency, like the AI Act in the European Union, and IDEMIA supports these regulations.
A similar approach, with a regulated usage of Quantum Computing, ensuring that quantum advancements enhance trust rather than introduce new vulnerabilities, is key to guaranteeing that quantum computing is developed and deployed to benefit society.
How is IDEMIA Secure Transactions working to educate and train the next generation of quantum security professionals, and what role can government initiatives or educational institutions play in building a skilled quantum workforce?
The emergence of quantum security requires a new generation of experts with knowledge in cryptography, cybersecurity and an understanding of quantum technologies.
At IDEMIA Secure Transactions, we actively support this transformation through academic collaboration, for instance, with our doctoral students as well as through strategic research partnerships on post-quantum cryptography, such as with the Indian Institute of Technology, Hyderabad (IIT Hyderabad).
These initiatives are part of our commitment to advancing technology and safeguarding security in the post-quantum era. By empowering the next generation and developing collaborations with renowned educational institutions, we’re paving the way towards a secure digital future.
Discussion about this post