PNNL

Abstract

Electric vehicles (EVs) and charging infrastructure are networked systems, which employ high-level communications in support of charging and grid service decisions. Public key cryptography (PKC) underlies much of the security and privacy protections of the information exchange. We are entering a new epoch where quantum computing threats must be seriously considered. A sufficiently large quantum computer, so named Cryptographically Relevant Quantum Computer (QRQC), will be able to perform the mathematical operations to efficiently attack the underpinnings of traditional PKC, thus jeopardizing the digital foundations for trust, communications security, and data security. Estimates suggest a QRQC can break public key encryption and digital signatures in the manner of tens to hundreds of hours, compared to traditional computing that would demand more than 10^18 years in a brute force-style attack. A consensus belief of quantum theorists, quantum experimenters, and cryptographers suggest that the quantum threat will be likely realized in the next twenty years. To address the threat, post-quantum cryptography, which is cryptosystems that are designed to be secure against both traditional and quantum computing threats, must be adopted. Migration from traditional PKC to quantum-resilient cryptography is a global undertaking and likely represents the largest transition in computing history. The nascent state of EV public key infrastructure, combined with limited adoption of the vehicle secure charging features, presents an opportunity to establish a preference for quantum-resistant cryptography as a step on the migration path. Delays will stunt the efforts as rapidly accelerating EVs sales and huge infrastructure investments will create large growing bases of long-lived vehicles and infrastructure. Migration preparations can commence while NIST continues the process to standardize post-quantum cryptography (PQC), which are quantum-resilient algorithms designed to be secure against traditional and quantum computing threats. The first step in preparing EV charging is to identify the presence of traditional public key cryptography algorithms and applications. With this objective in mind, this report is intended to advise the vehicle manufacturers, charging station manufacturers, charging station operators, charge network providers and other EV charging stakeholders with information on traditional PKC application and the potential risks when PKC becomes insecure. This report, the first in a series of reports discussing the topics existing at the confluence of post-quantum cryptography adoption and EV charging, identifies traditional public key applications employed and identifies potential consequences of leaving EV charging infrastructure vulnerable to quantum computing. The focus remains squarely on the of EV charging and infrastructure with respect to PKC and is believed by the authors to complement the NIST SP 1800-38 Migration to Post-Quantum Cryptography. While the report is centered on infrastructure, there are implications to vehicles.