In an interview with TimesTech, Amaanie Hakim, VP Innovation at IDEMIA Secure Transactions, discusses the imminent threat of quantum computing to cryptography. She highlights IDEMIA’s pioneering efforts in post-quantum security, including quantum-safe smart cards and SIMs, and the need for crypto-agility. Amaanie emphasizes global collaborations and India’s role in advancing cryptographic research to secure financial transactions, IoT devices, and critical infrastructures.
Read the full interview here :
TimesTech: Quantum computing is expected to disrupt traditional cryptographic security. How imminent is this threat, and what steps should organizations take now to prepare for the post-quantum era?
Amaanie: If we only look at what Quantum Computers can do today, we may think we still have time. But the truth is that even though Quantum Computers cannot break traditional cryptography yet, the threat is already here. The first and most urgent threat relates to “harvest now, decrypt later” type of attacks.
Just imagine that an attacker steals a database containing medical records or personal data, encrypted with traditional cryptography. You may think it is safe, but actually your medical records do not expire, and are still of value 10 years from now. When the Quantum Computers are ready, the attackers can decrypt that data harvested today and exploit these medical records. In India alone, we had more than 6000 cyberattacks per week in the health sector in first semester of 2024, which can give you an idea of the size of the threat.
There is another aspect which is very important for us at IDEMIA Secure Transactions: the security of chips in the field. Today when a car or a smart meter is equipped with a chip to secure its connectivity, that chip is likely to last for at least 10 years, and we cannot imagine recalling or replacing the billions connected devices when Quantum Computers are ready to break current cryptography. Knowing that most experts estimate that they will be ready in less than 10 years, we should already be deploying Quantum-ready chips.
TimesTech: IDEMIA Secure Transactions has proactively developed quantum-resistant solutions, such as the first quantum-safe smart card in 2019 and the quantum-safe 5G SIM in 2021. Can you share insights into the technology behind these innovations and their real-world impact?
Amaanie: Cryptography relies on using very complex maths problems which are very hard to solve. With Quantum Computing, some of our current complex maths problems will become easy to solve.
So what the Crypto researchers are doing is to imagine new complex maths problems that are not easy to solve even for Quantum Computers, that we call Post Quantum Cryptography or PQC. This is what we do when we participate to the NIST standardization efforts for example.
The thing is that our chips are designed to provide cryptographic functions and these maths computations in the most efficient manner, both in terms of processing memory required and in terms of performance. When moving to Post Quantum cryptography, as the underlying math problems are totally rethought, we also need to rethink our hardware, introducing accelerators designed for this new type of crypto, but also our software, to optimize computations. This was our first priority in 2019: implementing these new types of algorithms on our chips to ensure they could run in an acceptable time for end users.
But since then, we have been working on supporting customers and partners in preparing for post-quantum migration at the ecosystem level. We are for instance leading a consortium alongside other French cybersecurity leaders, focused on Post Quantum readiness of end-to-end use cases.
TimesTech: With decades of expertise in cryptography (AES, RSA, ECC) and embedded security software (EAL6), how is IDEMIA Secure Transactions leveraging its experience to future-proof financial transactions and secure communications?
Amaanie: Our cryptography experts actively work on adapting embedded security for the post quantum era, as demonstrated by their multiple research papers published over the past few years, for instance at the Cryptographic Hardware and Embedded Systems conference.
Beyond embedded security, we are putting our expertise and knowledge at the service of our customers and of the ecosystem to anticipate as much as possible, working on clients’ end-to-end implementations.
In the payment ecosystem, we have built in 2022 a proposition to integrate post-quantum cryptography into card payment protocols. In 2024, we demonstrated the first post-quantum resistant offline transaction for CBDC.
Back to the connected devices I was mentioning earlier, we are also actively involved in the migration of these connected edge devices, implementing not only PQ-ready protocols but also embedding crypto-agility. Remember that we have years of hindsight on “traditional” cryptography, which is not the case on PQC. So we do know that the PQC algorithms being standardized will evolve, and we need to have a solution to update cryptography without shutting down systems or replacing the devices. This is what we call crypto-agility.
For our clients to be ready, we need to start working now on real-life implementations and use cases, and we already are!
TimesTech: Governments and enterprises are increasingly concerned about quantum threats. What collaborations or initiatives is IDEMIA Secure Transactions undertaking to help them implement quantum-safe security solutions?
Amaanie: First, we participate to global research and standardization efforts. Beyond the NIST I already mentioned earlier, we contribute for example to GSMA, ETSI, GlobalPlatform and FIDO Alliance working groups, as well as several standardization bodies and organizations in the telecoms and IoT fields in India.
Second, we work hand in hand with our customers and with partners to test the solutions we propose on end-to-end use cases.
For instance, in 2024, we have announced with Telefonica and Quside the launch of our Quantum-Safe Connectivity for IoT devices project.
We have also launched a strategic research partnership with Indian Institute of Technology, Hyderabad (IIT Hyderabad) on Post Quantum Cryptography, sponsoring PHD scholars. We actively contribute to standardization bodies and organizations in India, including TSDSI, TEC, and CDOT, showcasing our commitment to advancing cryptographic research in the region.
TimesTech: What new quantum-safe technologies is IDEMIA Secure Transactions working on, and how do you see the cybersecurity landscape evolving over the next decade?
Amaanie: I have been working in this industry for more than 20 years, and what I can testify is that cybersecurity needs are constantly accelerating, with attackers that are more and more organized.
This migration is going to take years, with “traditional” and post-quantum cryptography co-existing and even combined with what we call hybrid cryptography.
Our duty as a leader in cybersecurity and cryptography technologies is to stay at the forefront of anticipation and innovation in this field, to ensure we build the foundation of crypto-agile systems that we can adapt constantly to security threats arising as mentioned earlier.
