Post-quantum secure eID for Austria
eGovernment applications such as FinanzOnline or the "Digitales Amt" app are made possible by the availability of a digital identity management systems (eID). The basis for such eID systems are cryptographic signatures, which on the one hand guarantee the authenticity of certificates, but also enable citizens to authenticate themselves or sign documents. However, signatures and eID systems are confronted with new challenges and requirements.
In the case of digital signatures, currently deployed schemes are threatened by attacks with a powerful quantum computer. For this reason, the US-based NIST has started a standardization process for post-quantum-safe methods that will replace those signature schemes. This process is now in a phase that allows systems to be prepared for the migration to post-quantum cryptography. In PREPARED, we therefore set ourselves the goal of analyzing post-quantum-secure signature methods in the context of eID systems. In particular, a migration plan is being developed, as systems with long-lasting certificates and signatures require appropriate preparation in order to be able to carry out the migration in a reasonable time frame.
Further challenges arise from paradigm shifts that can be observed in eID systems. In particular, the introduction of identity wallets should enable users to present various forms of ID cards, certificates, etc. However, area-specific personal identifiers (bPK), which previously represented a central element for linking data, can no longer be used to the same extent in such wallets. From a cryptographic point of view, zero-knowledge proofs and attribute-based credential systems can serve as a replacement. PREPARED is therefore investigating these cryptographic techniques for linking the data in eID systems so that the functionality of bPKs in identity wallets remains.
Finally, the process of creating PDF signatures is of interest. The current process requires the transfer of the documents to be signed to a trust service provider. Taking into account the increasing requirements regarding data protection, PREPARED sets itself the goal of expanding this process with signatures with extended functionalities - so-called blind signatures - so that this transmission is no longer necessary. In a further step, the process is also to be extended in such a way that the control over the signature process is completely in the hands of the users and a trust service provider and users can only carry out the signature process cooperatively.
The developed solutions are accompanied by security proofs of the cryptographic schemes and security analysis of the developed architectures. The functionality of the designed systems is also demonstrated via software prototypes. Due to the importance of eID systems for eGovernment applications, the developed technical solutions are accompanied by a legal analysis. This is to ensure that the developed architectures and processes meet the legal requirements.
- Partner: AIT Austrian Institute of Technology GmbH (Koordinator), Bundesministerium für Finanzen, Johannes Kepler Universität Linz - LIT Law Lab, PrimeSign GmbH, sproof GmbH, Stiftung Secure Information and Communication Technologies – Sic, Technische Universität Graz Institut für Angewandte Informationsverarbeitung und Kommunikationstechnologie
- Project duration:10/2023-09/2025
- Funding: KIRAS Sicherheitsforschung - Ausschreibung 2022/2023, Schutz kritischer Infrastrukturen allgemein