Quantum-Safe TPM

Quantum Computing represents on of the most promising technological revolutions of recent decades, offering computational abilities that can solve complex problems at an exponentially faster rate than classical computers. However, this evolution introduces new challenges for cybersecurity, particularly as conventional cryptographic schemes risk becoming vulnerable to attacks from quantum computers. In particular the most common used asymmetric algorithms, like RSA and Elliptic Curve Cryptography (ECC), are vulnerable to Shor's algorithm and are solvable in polynomial time from quantum computers. This makes crucial the introduction of new kind of algorithms capable to resist quantum attacks. This thesis wants to look into the impact of quantum computing on existing cryptographic systems, focusing its effects on the security of embedded system especially with regard to the Trusted Platform Module (TPM). TPMs are strongly important to perform the basic and essential operations inside modern computers assuring data integrity and data protection. Modern TPM specifications does not consider the future vulnerability of asymmetric algorithms and it makes data vulnerable to store-now-decrypt-later attacks. There is the absolute need to introduce quantum-resistant algorithms inside TPMs. The research in this thesis proposes integrating post-quantum cryptographic (PQC) algorithms into an ARM TrustZone platform. ARM TrustZone is a technology capable of developing a Trusted Execution Environment (TEE) inside mobile systems or all the devices that have an ARM processor. ARM TrustZone, thanks to its division into Normal and Secure World, gives an hardware tool capable to improve trustworthiness of the system. The focus of this thesis is to improve the security of an ARM processor against quantum attacks, inserting a quantum-resistant fTPM inside the Secure World. To ensure security against quantum attacks. this work focuses on integrating the SPHINCS+ signature scheme, one of the most promising candidates in the post-quantum cryptography standardization process, inside the Windows open-source version of fTPM. Integrating SPHINCS+ inside an fTPM running in the Secure World shows that is possible to create new specifications for a quantum-safe TPM. The thesis also talks about the challenges of transitioning to post-quantum cryptography and all pros and cons to use the ARM TrustZone technology.