PQCleanAutomotive is planed as a collection of post-quantum cryptographic algorithms for automotive microcontrollers. The post-quantum cryptographic algorithms are based on the PQClean repository, which is a clean collection of the NIST post-quantum project.
There was no security risk analysis like TARA or similar carried out for QuantumSAR. The post-quantum cryptographic algorithms itself were evaluated by NIST. The required random numbers are calculated using a software solution, which is only intended to serve as an example.
The base of PQCleanAutomotive is the PQClean repository with the latest commit #504. It includes the following post-quantum cryptographic algorithms:
- CRYSTALS-KYBER
- CRYSTALS-DILITHIUM
- SPHINCS+
- FALCON
For the integration of PQCleanAutomotive, the file Crypto.c in the IAV quantumSAR repository contains an example of the use of the CRYSTALS-KYBER, CRYSTALS-DILITHIUM, SPHINCS+ and FALCON algorithm.
The library requires an H-file containing all data types of the respective hardware platform (Platform_Types.h). The implementation from Infineon for the AURIX microcontroller family can be used as an example here: https://github.com/Infineon/AURIX_code_examples/blob/master/code_examples/Blinky_LED_1_KIT_TC397_TFT/Libraries/iLLD/TC39B/Tricore/Cpu/Std/Platform_Types.h
In the SPHINCS+ algorithm, dynamic arrays had to be replaced by static arrays in various functions for the microcontroller implementation.
PQCleanAutomotive includes some third party libraries or modules that are licensed differently. In particular:
- CRYSTALS-KYBER: Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
- CRYSTALS-DILITHIUM: Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
- SPHINCS+: Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
- FALCON: MIT License
- Fips202: Public Domain (https://creativecommons.org/share-your-work/public-domain/cc0/)
- CommonLib: Apache License, Version 2.0
Copyright [2024] [IAV GmbH]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
PQCleanAutomotive and the post-quantum cryptographic algorithms are checked with the 2012 version of MISRA. Not all MISRA findings could be resolved. An explanation has been written in the relevant places.