Secure-IC obtains the first worldwide CAVP Certification of Post-Quantum Cryptography algorithms, tested by SERMA Safety & Security

Cesson-Sévigné (France) – October 30, 2024 – Secure-IC, the rising leader, and global provider of end-to-end cybersecurity solutions for embedded systems and connected objects, has achieved a historical milestone by becoming the first security IP and software vendor worldwide to receive CAVP (Cryptographic Algorithm Validation Program) Hardware certification for its Post-Quantum Cryptography (PQC) algorithms. This groundbreaking certification has been conducted by SERMA Safety & Security, a globally recognized leader in security evaluation.

Secure-IC PQC solutions, fully already integrated into the recently launched Securyzr™ neo product range, have successfully passed rigorous testing and evaluation based on the newly established standards set forth last summer by the National Institute of Standards and Technology (NIST). This certification covers the critical algorithms ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism, originally known as CRYSTALS-Kyber), ML-DSA (Module-Lattice-Based Digital Signature Standard, originally CRYSTALS-Dilithium) and more upcoming, ensuring these technologies are designed in line with the NIST standards (namely FIPS 203, FIPS 204), developed to resist the quantum computing threats of the future. Secure-IC’s PQC implementations were tested within the frame of a Securyzr™ Crypto Solutions/Crypto-coprocessors neo product, that can be seamlessly integrated within our Securyzr™ iSE neo product range. The official certificate (A6046) can be found on the NIST website.

Preparing for a Post-Quantum Time

The rise of quantum computing presents unprecedented risks to cryptographic systems. NIST planned a PQC transition road map, termed "CNSA 2.0". A major milestone has been reached recently in August 2024 when NIST unveiled a set of Post-Quantum Cryptography standards urging system administrators worldwide to adopt these solutions for robust, future-proof data security. Secure-IC has now taken the lead by becoming the first company to deliver a CAVP-certified, FIPS 140-3 ready solution for hardware protection, allowing organizations to securely transition to PQC.

O_ur CAVP certification marks the culmination of years of pioneering research and advanced PQC­based product development," said Sylvain Guilley, Co-Founder and CTO of Secure-IC. "Our collaboration with SERMA Safety & Security ensures that our PQC algorithms meet the highest standards, providing cutting-edge protection against quantum threats. We're proud to be at the forefront of cryptographic innovation, ensuring that our clients are prepared for the challenges of the Post-Quantum era."

This capability allows Secure-IC customers to speed up their full-fledged FIPS 140-3 (CMVP) certification time and adopt already proven solutions fully integrated within software flows (including required services mandated by CMVP, namely in situ CAVP testing, keypair consistency check and startup / periodic self tests). On top of its standardized algorithms, Secure-IC already implements countermeasures against the higher order of cyber-physical attacks.

A Rigorous Evaluation Process

The CAVP Hardware certification, conferred by SERMA Safety & Security, involved comprehensive evaluation of Secure-IC's PQC IP, with a focus on the development of the core algorithms—ML-KEM and ML-DSA—standardized as part of NISTs recent PQC announcement. The certification was conducted in alignment with FIPS 203 and 204. SERMA Safety & Security validated that Secure-IC's development of these algorithms strictly adhered to the NIST PQC standards.

This successful CAVP certification allows to verify the conformance of the PQC algorithms even in challenging corner cases. This ensures for absence of possible exploitation by cyber-attackers. Besides, it provides evidence for high functional coverage, which also benefits to functional safety certifications. For instance, the level ASIL D as per ISO 26262 requires such reduction of "systematic failures" rate. This is important for the rapidly transforming automotive market, which is an early adopter of PQC technologies.

"We are proud to partner with Secure-IC in achieving this global first," said Pierre-Marie Madec, Director of SERMA Safety & Security Laboratory. "Through our thorough testing and analysis, this certification demonstrates the technical excellence and forward-thinking security approach embodied by Secure-IC's solutions."

PQC Solutions with Unique Form Factors

Secure-IC's PQC solutions are available in a wide variety of form factors, offering unique flexibility to meet diverse customer needs. These include standalone IP, integration in crypto coprocessors, and as part of Securyzr™ iSE (Integrated Secure Element) solutions. Additionally, Secure-IC's Securyzr™ neo products are equipped with built-in physical attack protection, including side-channel attack (SCA) countermeasures, ensuring multi-layered defense against both classical and quantum threats.

Besides, Secure-IC is committed to support regional regulation, through crypto-agility. In particular, Secure-IC readily enables hybrid classical-PQC algorithms for signature and key encapsulation mechanisms, following the recommendations of the French national cyber-security agency (ANSSI). This support can be enabled pre-silicon by static configuration items, and can subsequently be leveraged post-silicon on a case-by-case basis according to the End Customer Software strategy. Such freedom of use allows for future-proofness of Secure-IC offering, which is already acclaimed by several key accounts.

Visit www.secure-ic.com to learn more about how the company's CAVP-certified, FIPS 140-3 pre-certified PQC solutions can help secure your data in the quantum age.

Secure-IC's certified PQC solutions will be showcased at the upcoming European Cyber Week (ECW), held in Rennes, France from November 18t^h to 21st, 2024.

About Secure-IC

With presence and customers across 5 continents, Secure-IC is the rising leader and the only global provider of end-to-end cybersecurity solutions for embedded systems and connected objects.

Driven by a unique approach called PESC (Protect, Evaluate, Service & Certify), Secure-IC positions itself as a partner to support its clients throughout and beyond the IC design process. Relying on innovation and research activities, Secure-IC provides silicon-proven and cutting-edge protection technologies, integrated Secure Elements and security evaluation platforms to reach compliance with the highest level of certification for different markets (such as automotive & smart mobility, defense & space, semiconductors, critical infrastructures, server & cloud, healthcare, consumer electronics).

Secure-IC has an extensive expertise and a unique perspective on the challenges and opportunities presented by the transition to Post-Quantum Cryptography (PQC). This vision is grounded in many years of dedicated research, the creation of innovative PQC algorithms, the development of advanced PQC-based products, and extensive collaboration with customers to seamlessly integrate PQC solutions into their systems. Secure-K's insights are drawn from a rich history of pioneering work in the PQC field, ensuring a comprehensive and informed analysis of this critical evolution in cybersecurity.

For more information, please visit https://www.secure-ic.com  

About SERMA GROUP

SERMA is a leading independent provider of consulting, expertise, and testing services in the fields of electronics and systems security. With over 25 years of experience, SERMA has built a reputation for delivering trusted, high-quality evaluation and certification services for a wide range of industries.

Serma Security Laboratory has one of the broadest scopes in terms of security assessments such as Common Criteria, EMVCo, SESIP, FIPS 140-3 and CAVP (NVLAP Lab code: 200977-0), GSMA eSA and PCI MPoC.

For more information, please visit https://www.serma-safety-security.com/

Click here to read more ...