FIDO's, WebAuthn's Post-Quantum Future

Fortunately, in the last 12 months we have seen a massive increase in the popularity and adoption of FIDO and WebAuthn. Now most major websites support this new, convenient and secure authentication method that aims to replace ordinary passwords.

But what happens if one day in the future a quantum computer breaks the underlying cryptography, potentially rendering this authentication method insecure? To mitigate this threat, it is important to have post-quantum (PQ) cryptography in place in time. As one of the first steps, SandboxAQ introduces the first end-to-end post-quantum secure implementation of the FIDO2 protocol.

The aim of this open-source project is to provide a complete implementation that allows post-quantum secure end-to-end registration and authentication in all steps of the protocol and all involved parties, to give developers a starting point to experiment and test the viability of post-quantum cryptography in current hardware devices providing FIDO2 authentication.

This project uses the Trussed framework, which is also powers Nitrokey 3 devices. Nitrokey GmbH supported this project by providing development support and tools. This achievement once again demonstrates the maturity and flexibility of the Trussed framework.

Does this mean that Nitrokey 3 will support post-quantum cryptography? No, at least not in the near future, because the FIDO specification doesn't cover post-quantum algorithms yet. Also, there are many other pieces involved, such as operating systems, web browsers, web sites, that would need to support such a future standard, or at least not conflict with it. Nevertheless, this is a positive first step to evaluate the challenges ahead. We are looking forward to seeing advances in this area and on the standardization front, to be ready to jump into the quantum-secure future.

Read more in SandboxAQ's article.

About: SandboxAQ is an enterprise SaaS company, providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world's most challenging problems. The company's core team and inspiration formed at Alphabet Inc., emerged as an independent, growth-capital-backed company in 2022.