Close-up of a RISC-V board. A RISC-V board as a target for side-channel analysis. © h_da / Markus Schmidt

They can become entry points for attackers. This is because modern cyberattacks are by no means always aimed at weaknesses in algorithms or mathematical methods. Instead, they exploit physical properties—such as a system’s power consumption, electromagnetic emissions, or the time required for a cryptographic operation.

"With our research project, we want to make these attacks much more difficult in the future," says Campos.

"When the quantum computer arrives, we'll face an unimaginable problem."

Together with international partners, he is therefore working on new methods of post-quantum cryptography. The research project is called “Quantum-safe Embedded Systems with Side-channel Tolerance” (QUEST). It is funded by the Federal Agency for Innovation in Cybersecurity, or Cyberagentur for short. The project will receive substantial funding through 2029/2030. The goal is to achieve strong side-channel resilience in post-quantum cryptography and thereby provide greater protection for the social and economic lifelines of society, such as finance, transportation, and energy supply.

Small but effective: Analyzing side channels using an oscilloscope and the ChipWhisperer platform. © h_da / Markus Schmidt

For Campos, however, the challenge lies not only in the technology companies' publicly known activities.

"However, we cannot rule out the possibility that others are keeping their activities secret. That is why our research is more than urgent. We must be prepared."

The QUEST project follows a principle that has long been established in the cyber world: the constant race between attackers and defenders.

"We have a 'good guy' team and a 'bad guy' team in the project," says Professor Campos.

While one team develops new defense mechanisms, the other attempts to target them specifically. Campos, along with a doctoral student and researchers from Taiwan, forms the blue team. Scientists from RheinMain University of Applied Sciences and Nanyang Technological University in Singapore take on the role of the red team.

First, the project partners intend to identify and analyze all available post-quantum methods. The focus is on determining how well these methods are already protected against side-channel attacks and error injections.

"Defining the status quo is very time-consuming," said the expert.

Only then does the actual cat-and-mouse game begin. The blue team develops new security measures, while the red team tries to break through them. The goal is to identify vulnerabilities in existing standards and procedures and develop appropriate countermeasures.

Side-channel vulnerabilities are specifically detected using the EM probe. © h_da / Markus Schmidt

The researchers rely on what are known as cryptoprimitives. These are fundamental building blocks and algorithms required for complex security mechanisms and cryptographic protocols. These building blocks are universally applicable and form the basis of many applications.

"We want to develop an efficient and secure library of post-quantum computing primitives," says Fabio Campos.

The goal is to ensure security for a wide range of platforms and applications that will require quantum-secure methods in the future. Priority will initially be given to particularly critical areas.

“First, we want to establish safeguards against post-quantum attacks for the most critical, high-risk sectors—such as financial transactions, public infrastructure, and transportation,” explains Fabio Campos.

The smart refrigerator and the robot vacuum can wait for now. From the researchers’ perspective, something else is crucial: that chaos doesn’t break out on Day X. Instead, society, politics, and the economy need to be prepared.