How Cryptosmart Mobile ensures the long-term protection of sensitive data against quantum threats?

 
Discover in this article, how Cryptosmart Mobile ensures the long-terme protection of sensitive data against quantum threats?

The quantum computer represents a major technological advance that could ultimately compromise traditional encryption systems. Asymmetric algorithms such as RSA and ECC, which are widely used today, will be vulnerable to the future computing capabilities of CRQCs (Cryptographically Relevant Quantum Computers). This threat is not just for the future, as attackers are already adopting certain methods to intercept and store encrypted communications, with the intention of decrypting them later.

To counter this threat, it is essential to adopt robust and scalable security solutions that can withstand today’s and tomorrow’s attacks. This is why ERCOM Cryptosmart is positioned as an essential protection for endpoints, data and communications. The solution incorporates hybrid encryption techniques combining proven technologies and robust post-quantum algorithms. Read this article to find out how Cryptosmart Mobile's progressive approach enables organisations to protect their communications now, while ensuring a smooth transition to the security standards of tomorrow.

1. The challenges of post-quantum security for mobile communications

Mobile communications security is facing increasingly sophisticated threats, among which quantum attacks stand at a key position. There are a number of real threats:

• Passive attacks (Harvest Now, Decrypt Later - HNDL): This approach involves intercepting and storing encrypted communications today, pending the arrival of quantum computers capable of decrypting them later. This threat, although passive, is particularly insidious because it can compromise sensitive data over the long term.
• Vulnerability of asymmetric algorithms: Asymmetric encryption algorithms (RSA and ECC) are widely used to secure communications. However, they are vulnerable to quantum attacks, which means that their effectiveness could be compromised in the future.
  Post-quantum risk assessment can be better understood using the XYZ model, to determine when an organisation should make the transition to post-quantum cryptography (PQC). It is based on three variables:
  X: length of time the data must remain protected
  Y: time needed to migrate cryptographic systems to a post-quantum solution
  Z: number of years before quantum computers become capable of breaking current algorithms

If the sum of X + Y is greater than Z, then the organisation is at risk: it could see its data compromised if it does not begin its transition in time. This is why acting now is vital.

2. Cryptosmart Mobile: A hybrid PQC approach for enhanced protection

Cryptosmart Mobile takes a hybrid and crypto-agile post-quantum approach. The solution incorporates techniques to combine several cryptographic building blocks, both conventional and post-quantum. Also, it can be adapted over time as standards, performance, and vulnerabilities evolve.

Crypto-agility is the ability for a system to rapidly integrate new algorithms or replace older ones, without jeopardising the overall architecture or disrupting users. This is an essential approach in a context where post-quantum algorithms, although promising, are still in their infancy and may be called into question in the years to come.

Integrated technologies include:

• ML-KEM-1024, a post-quantum key encapsulation now standardised by NIST under FIPS 203 (formerly CRYSTALS-Kyber)
• A hybrid approach, combining post-quantum and pre-quantum encryption to maximise resilience
• Compatible with cyberSIM and existing infrastructures, ensuring adoption without impacting current endpoints
• Backward compatibility guaranteed with previous versions of Cryptosmart Mobile and Cryptosmart PC
  Since August 2024, the main post-quantum algorithms selected by NIST have been officially included in the FIPS standards:
• FIPS 203: ML-KEM
• FIPS 204: ML-DSA (formerly Dilithium)
• FIPS 205: SLH-DSA (formerly SPHINCS+)

Only Falcon, although selected, remains a draft to this day under the future FIPS 206: FN-DSA.

At the same time, FrodoKEM, an algorithm supported by ANSSI and BSI, is in the process of being standardised at the ISO level. Its mathematical robustness and alignment with certain European requirements make it a strategic alternative, further illustrating the importance of an open, modular, and scalable architecture.

Cryptosmart Mobile is today the only sovereign solution capable of encrypting voice communications using post-quantum cryptography. This unique capability has been demonstrated in a number of trials carried out since 2021, including the first PQC-secured telephone calls. These advances prove that the solution is not prospective, but already operational in the field to meet future requirements.

3. Key requirements for a post-quantum mobile security solution

To ensure effective protection against quantum threats, a post-quantum mobile security solution must meet several key requirements:

• Sovereignty, security, standardisation, accreditation:

o Certification and validation by trusted organisations such as ANSSI ensure compliance with the highest security standards.
o ERCOM is committed to offering security solutions that respect its customers' digital sovereignty.

• Migration, crypto-agility, backward compatibility, operations:
  o The solution must be easy to deploy and manage, to minimise the impact on day-to-day operations.
  o It must be compatible with existing infrastructures to facilitate the transition to PQC.
  o The solution must be designed to evolve with threats and technologies, to ensure lasting protection.
• User experience:
  o The solution must be transparent and easy to use for end-users, to ensure their adoption and satisfaction.
  o It must not have a significant impact on device performance to provide a streamlined user experience.

4. Why choose Cryptosmart Mobile?

With its proven expertise and advanced technological approach, ERCOM offers a three-step migration strategy:
The transition to post-quantum cryptography is based on a controlled approach:

• Step 1: Cryptosmart → Immediate protection against passive attacks with ML-KEM, now FIPS 203.
• Step 2: Secure digital signatures → FIPS 204 (ML-DSA) and FIPS 205 (SLH-DSA) compliant integration of hybrid post-quantum digital signatures.
• Step 3: Complete transition to post-quantum → Adoption of future fully PQC-compatible components, integration of future ANSSI recommendations, European certifications, support for future standards such as FIPS 206 or ISO FrodoKEM.Cryptosmart Mobile is the only immediately available solution that includes post-quantum protection against passive attacks. Unlike others, ERCOM offers a solution that can be deployed today, with long-term support.
• Cryptosmart already incorporates immediately usable PQC protection.
• It is a sovereign solution developed in France, complying with ANSSI and European requirements.
• Cryptosmart Mobile ensures a gradual transition and compatibility with existing infrastructures.
• ERCOM is anticipating future standards to ensure continuity of protection.

Conclusion

Cryptosmart Mobile is the complete solution for protecting your mobile communications against quantum threats, now and in the future. With its features, it offers durable and future-proof protection, evolving with threats and keeping you one step ahead. Don't let quantum threats compromise the security of your communications. Contact ERCOM today and request an appointment to deploy your post-quantum mobile security solution with Cryptosmart Mobile.