Operating systems are the base of all computing processes. They contain the links between hardware and software. In the past years, even Unix-based systems, which counted as immaculately secure, were often in the media because of severe security issues. Furthermore, a big part of the hardware and software we use nowadays is developed by non-European firms who signed governmental contracts for possible lawful interceptions under their national law, often incompatible with European privacy regulations and national laws, such as the GDPR and its national implementations.
Besides ensuring to protect the right for privacy of natural persons, critical environments such as hospitals, public administrations, banks etc., require a particular focus. In reality, many devices still run on outdated operating systems or on operating systems being built for quick and easy communication, often at the expense of any consideration for security.
There is an international race in the development of quantum computers which is motivated by fear. Quantum communication, sensors and simulation are already possible. The availability of quantum computers that endanger classical encryption is expected by 2030/35. IBM will release the first commercial quantum computers with 20 qubit processors by the end of 2017. An existing prototype with 50 qubits sets the mark for achieved quantum supremacy.
Adiabatic quantum computers already solve problems, that will break classical encryption too. We don't know when they will be ready for the key sizes we use now. Topological quantum bit technologies are on the rise, which might solve issues, notably with error correcting codes, that have slowed down the development of quantum computers so far.
Post-Quantum-Cryptography resists quantum computer attacks and runs effectively on currently used devices. They don't require new hardware or technologies and can be integrated into existing libraries and systems. Such methods for encryption, key-exchange and signatures are being standardized by the NIST since 2017. Infineon and other firms already integrate those methods into their products.
The NIST'S focus has been on asymmetric cryptography so far, whereas we take into account the need for both symmetric and asymmetric hi-security cryptography in a post-quantum context. This will specifically be required by many EU countries' laws, notably for patient data protection now and in the future (which is to be protected "even after death of the patient", as for example German law puts it.
Our interpretation being that it is beyond the 2030/35 horizon, especially taking into account the development of genetic therapy which can impact not one, but many generations of human beings, likewise make the life of existing human beings longer than ever before).
Post-Quantum-Cryptography can protect us from the following threats:
CEuniX will be developed for
The cryptography library will contain classical and post-quantum cryptography, as well as the possible combination of those, to ensure a smooth transition from classical to post-quantum cryptography. It will be tightly integrated within the system in order to pro vide a safe default library ensuring an excellent level of cryptography.
In the case of systems under "hypervision", such as Windows or Linux, a compatible crypto library will be provided to bring the benefits of post-quantum cryptography to those existing systems.
A workstation version of CeuniX as a main operating system will also be considered for future work, if mobile terminals and related devices do not overtake the workstation market in the meantime. A server version (as a main server OS) will be part of the post-2020 industrialization phase.
Systems embedding CEuniX will be able to respond to
without having to modify the system altogether, nor the cryptography library. Necessary adaptions will be possible by configuration of existing schemes and extension of the cryptography library.
We plan to combine CEuniX with a state-of-the-art, post-quantum cryptography library enabling the fulfillment of strict European and national standards and regulations in terms of long-term privacy, meeting and exceeding worldwide standards such as the Advanced Encryption Standard (AES) and new methods which are currently being standardized by the NIST.
CEuniX will offer the possibility to complement our own crypto library by another one instead of only being extended. This is of particular importance for the ability of CEuniX to be exported to extra-European countries with restrictive regulations for strong cryptography.
"Life is a gift. Never forget to enjoy and bask in every moment you are in."