Security Evaluation and Certification of Post-Quantum Cryptography
Miquel Piris (Brightsight, Senior Principal Security Evaluator)
While the standardization and migration to Post-Quantum Cryptography (PQC) are still ongoing, the industry has begun integrating these algorithms into products, including resource-constrained embedded devices. In such devices, where physical access is often possible, adopting PQC algorithms that resist quantum threats alone is insufficient. Implementations must also resist practical attacks, such as side-channel analysis (SCA) and fault injection (FI).
Certification frameworks like FIPS 140-3 and EUCC address both theoretical and practical vulnerabilities. Brightsight, as the first laboratory to evaluate a security IC implementing a PQC algorithm certified at the Common Criteria (CC) EAL5+ level, provides a practical perspective from a security evaluation lab on the current state of certification and assessment for PQC algorithms.