It is the first time that a secure integrated circuit (IC) implementing a post-quantum cryptography (PQC) algorithm is certified at the Common Criteria (CC) EAL5+ level. Samsung is the first in the industry to receive this certification (NSCIB-CC-2300085-02) which represents a significant milestone in cybersecurity evaluations.
Bogyeong Kang, Samsung Electronics Semiconductor S.SLI said: "Our System LSI business, a pioneer in advanced security solutions, reaffirmed its standing as a security powerhouse by receiving EAL5+ CC certification for our Post-Quantum Cryptography (PQC) capabilities. Showcasing our commitment to stay ahead of emerging digital threats".
Post-Quantum Cryptography (PQC) algorithms are inherently designed to resist quantum threats, while research has demonstrated that their implementation can still be vulnerable to practical attacks. Consequently, the security of PQC implementations must be underpinned by robust measures, including secure hardware design, secure coding techniques and mitigation strategies against practical attacks.
Xavi Vilarrubla, CEO of Brightsight said: “This milestone underscores Brightsight's unwavering dedication to pioneering innovation in cybersecurity evaluations. Being the first to conduct an evaluation of a Post Quantum Crypto (PQC) algorithm against Common Criteria not only highlights our commitment to maintaining the highest standards of quality assurance, but also solidifies our reputation as a leader in cybersecurity evaluations.”
Ensuring the security of PQC solutions requires a comprehensive approach that addresses both theoretical and practical vulnerabilities. Common Criteria security evaluations provide a rigorous framework for achieving this by encompassing design and code reviews, as well as assessments of resilience against physical attacks like side channel analysis and fault injection. Hence, CC evaluations provide the right methodology to ensure that PQC solutions follow the security standards, while being robust and secure against implementation attacks.
The National Institute of Standards and Technology (NIST) has finalized its first three Post-Quantum Encryption Standards in August 2024. This library implements the Module-Lattice-Based Digital Signature Standard (ML-DSA), as defined in FIPS204 [3]. This standard specifies a set of algorithms that can be used to generate and verify digital signatures. ML-DSA is believed to be secure, even against adversaries in possession of a large-scale quantum computer.
Brightsight leads cybersecurity evaluation for connected products. Brightsight joined the SGS Group – the world’s leading testing, inspection and certification company – in 2021. With 40 years of experience in cybersecurity evaluations and the biggest global network of highly specialized facilities, Brightsight keeps at the forefront of new technology evaluations, ensuring to stay ahead in the ever-evolving cybersecurity landscape.
29/01/2025 Delft, The Netherlands