Quantum computers will compromise the security of identity documents

Quantum computers will compromise the security of identity documents

In this new publication, Eurosmart explains that the advent of quantum computers would be a significant threat to the security of identity documents. Such an advent might seem distant, but current research shows that progress is taking place at a fast pace. The question is not anymore about “if” but when quantum computers will arise.

This paper takes the specific angle of identity documents, in particular eMRTDs*, i.e. documents equipped with a secure chip containing the information of the holder (biographic data but also biometric data: portrait and potentially fingerprint). The security of eMRTDs largely relies on asymmetric cryptography. Quantum computers with sufficient capabilities could revert back to the private key from the public key, hence breaking asymmetric cryptography. Thus, with quantum computers, a fundamental pillar of digital security is at risk of falling apart.

Identity documents contain sensitive information, such as biometric data. Such data is used for identity checks and travel. Although data is communicated in an encrypted manner, an attacker could capture and store the encrypted data today, waiting for the advent of quantum computing to decrypt the data. This attack would be particularly problematic for biometric data that remain static over time, such as fingerprints. In addition, all mechanisms put in place to demonstrate the authenticity of the identity information stored in the eMRTD, and the eMRTD itself, rely on asymmetric cryptography. Quantum computing would ruin all these security features. Thus, the advent of quantum computers would entail worrying risks of document forgery and identity theft.

Therefore, Eurosmart urges the EU and the eMRTD community, including ICAO, to consider this problem as soon as possible. The migration towards quantum-safe eMRTDs will take decades; therefore, it is essential to organise it now. More precisely, there is considerable work to do in the standardisation field.

For further information, please consult below our full paper.