December 1, 2022
Emmanuelle Dottax - IDEMIA
As the NIST announced the selection of a first set of Post-Quantum (PQ) algorithms to be standardized, addressing the question of integrating PQ cryptography in real-world protocols is urgent in order to anticipate difficulties and allow a smooth transition. This is especially true for banking applications where the ecosystem composed of a variety of cards and terminals is heterogeneous. Providing solutions to ensure efficiency and some kind of backward compatibility is mandatory. In this work, we provide the first analysis of card-based payments with respect to these questions. We integrate post-quantum algorithms in existing protocols, and propose hybrid versions. We implement them on banking smart-cards and analyse the impacts on various aspects of the product, from production to actual transactions with terminals. Our work shows that such products are possible, but we identify several issues to overcome in the near feature in order to keep the same level of usability.