TOPPAN Digital, NICT And ISARA Develop Smart Card System to Support Post-Quantum Cryptography and Current Public-key Cryptography
Insider Brief
- TOPPAN Digital, NICT, and ISARA have developed SecureBridge, a smart card system that supports both current public-key cryptography and post-quantum cryptography (PQC).
- The system successfully passed pilot tests in the healthcare sector, confirming its ability to authenticate users and manage electronic health records securely using either traditional or hybrid cryptographic methods.
- Full-scale deployment of SecureBridge is targeted for 2030, with limited practical implementations planned for 2025, focusing on high-security fields like healthcare and finance to address the growing need for quantum-secure technologies.
PRESS RELEASE — TOPPAN Digital Inc. (TOPPAN Digital), a TOPPAN Group company and wholly owned subsidiary of TOPPAN Holdings Inc. (TYO: 7911), the National Institute of Information and Communications Technology (NICT), and ISARA Corporation (ISARA) have developed SecureBridge, a smart card system capable of supporting both currently used public-key cryptography and post-quantum cryptography (PQC) that is secure against attacks from quantum computers.
The three organizations have been collaborating on research to equip smart cards with PQC since April 2021. They have now updated the PQC CARD® developed in October 2022 and the private certificate authority to support a digital certificate (hybrid certificate) that facilitates authentication via both PQC and current public-key cryptography.
The effectiveness of the system has been confirmed by applying it to user authentication on the Healthcare Long-term INtegrity and Confidentiality protection System (H-LINCOS), which is implemented on a quantum cryptography network testbed operated by NICT.
Current public-key algorithms ensure the security of internet-based services such as online medical consultations and e-commerce. However, widely used current public-key algorithms could be vulnerable to attacks by quantum computers in the future. This is prompting demand for a rapid shift to PQC, which is difficult for quantum computers to crack, particularly for systems that handle important information in areas such as healthcare, finance, and government. With the U.S. National Institute of Standards and Technology (NIST) announcing de facto global standard PQC algorithms in August this year, the transition to PQC is expected to further accelerate.
However, information systems have become large and complex in recent years, meaning that a complete transition to PQC is expected to take some time. In the interim, a situation in which some systems are PQC-ready while others are yet to be migrated will present problems for authentication and encrypted communications because the systems from which access is being attempted and the systems being accessed may not be able to use the same cryptographic technologies.
TOPPAN Digital, NICT, and ISARA have therefore developed SecureBridge as a smart card system that employs a hybrid methodology to support both PQC and current public-key cryptography. Functionality of the system has been tested by combining it with H-LINCOS. The aim is to enable a smooth transition to PQC and thus contribute to safe and secure social infrastructure.
Features of SecureBridgeTM smart card system
Supports PQC and current public-key cryptography
SecureBridge supports both ML-DSA, a de facto global standard post-quantum signature algorithm announced by NIST in August 2024, and ECDSA, a currently used standard signature algorithm. This makes it possible to perform authentication on systems at various stages of their PQC transition.
Enabling a safe and smooth transition over the long term
The transition to PQC is expected to take a long time due to the large scale and complex nature of many systems that handle important information. However, because the hybrid certificates support systems at various stages of migration, they can contribute to a smooth transition and ensure security over an extended period.
Overview of pilot testing
Objective: To confirm basic functionality such as user authentication using the SecureBridgeTM smart card system and identify any technical issues.
Details of testing: Smart cards supporting current public-key cryptography and cards supporting the hybrid methodology were used as HPKI (Healthcare Public Key Infrastructure) cards, the accreditation carried by healthcare professionals. Testing confirmed that accurate ID authentication and browsing of the electronic health record system were possible with either type of card.
Results: It was confirmed on a server using the hybrid methodology that accurate ID authentication is possible using smart cards that only support current public-key cryptography as well as those equipped with the hybrid methodology. This means that if a hybrid certificate is used, authentication is possible on systems at various stages of their migration to PQC, which is expected to contribute to a secure and smooth transition over the long term.
Roles of the three organizations
TOPPAN Digital: Development of hybrid certificate support for PQC CARD® and other smart card systems in collaboration with ISARA and coordination with H-LINCOS.
NICT: Overall framework for developing and provisioning H-LINCOS, a long-term secure data storage and exchange system for healthcare.
ISARA: Development of hybrid certificate issuance functionality for the private certificate authority in collaboration with TOPPAN Digital, and development of ML-DSA firmware for smart cards.
The future
Targeting full-scale deployment of SecureBridgeTM in 2030, TOPPAN Digital is planning limited practical implementations in 2025 in fields requiring high levels of security, such as the healthcare and financial sectors.
TOPPAN Digital, NICT, and ISARA will use this technology to propel efforts focused on driving practical implementations and enhancements of quantum-secure cloud technologies to enable the secure communication, storage, and use of highly sensitive information in the future. The three organizations plan to develop use cases and implement pilot tests aimed at applying PQC beyond smart card security to a wide-range of internet-based services, including personal data protection and management in the healthcare, finance, and government sectors.
TOPPAN Digital, NICT, and ISARA will harness the technology to propel efforts focused on driving practical use of increasingly advanced quantum-secure cloud technologies that enable the secure communication, storage, and use of highly sensitive information in the future.
A part of this work was performed for Council for Science, Technology and Innovation (CSTI) Cross-ministerial Strategic Innovation Promotion Program (SIP), “Promoting Application of Advanced Quantum Technologies to Social Challenges” (Project management agency: QST).