Quantum-safe SIM cards and eSIM

Mobile ecosystems rely on secure identities. SIM-based security plays a growing role in digital identity management to enhance authentication and data protection. Mobile devices are widespread and become central to both consumer applications and IoT deployments and strongly benefit from their built-in cryptographic capabilities.

SIMs use cryptography and various encryption algorithms to protect data. They rely on both symmetric and asymmetric cryptography for different use cases.

Symmetric cryptography is used to secure communication and authenticate mobile subscribers towards mobile networks. Asymmetric cryptography, RSA and ECC, comes into play in the context of 5G SUCI calculation and eSIM download.

Quantum computers pose a serious threat to asymmetric cryptography especially because they could efficiently break widely used algorithms like RSA and ECC, rendering current public-key systems insecure.

In contrast, symmetric cryptography is only moderately affected. According to the US government agency NIST (National Institute of Standards and Technology) symmetric algorithms such as AES or SHA-3 are significantly less vulnerable to known quantum attacks than the public-key cryptography standards. A migration to larger key sizes renders private key cryptography like AES secure also in the quantum area.

Recognizing the quantum threat, G+D’s cryptography and telecommunication experts are actively engaged in research and standardization efforts. Given the importance of protecting subscriber identity and data, and managing (e)UICCs securely, we are working to shape a quantum-safe future and safeguarding digital credentials in the post-quantum era.

Our R&D departments are actively developing quantum-resistant solutions for various sectors, including secure infrastructures, identity documents, payment systems, and SIM/eSIM connectivity.

G+D is your trusted partner for PQC in mobile:

• crypto‑agile SIM OS upgrades available today,
• implementing hybrid architectures for continuity, and
• active participation in 3GPP/GSMA finalizing the protocols for the mobile ecosystem.

To make symmetric encryption PQC ready, the focus is on ensuring that symmetric algorithms remain secure against quantum adversaries. To be quantum-resistant, it is recommended to increase the key length and use AES-256 instead of AES-128.

New public key algorithms for smart SIM cards

Achieving PQC readiness in asymmetric cryptography requires the adoption of new algorithms. This requires developing new algorithms based on mathematical problems that remain hard even for quantum computers. Several new cryptographic algorithms have been identified as suitable, particularly those standardized by NIST. Only some of them meet the specific requirements of smart cards, which have strict constraints in terms of memory, processing power, and energy consumption.

NIST regulated PQC resistant algorithms

The following PQC resistant algorithms defined by NIST are suitable for the use in dedicated high end smart cards: 

• FIPS 203 – ML-KEM
• FIPS 204 – ML-DSA

ML-KEM handles key exchange between client and server. ML-DSA provides digital signatures for authentication and integrity. 

Required protocol updates

On top of PQC ready algorithms, protocols have to be redesigned to fit the new algos. Different standardization bodies, such as the 3GPP, GSMA or Java Card Forum, are currently working on the definition of these protocols, but have not finished yet. G+D is actively involved and aligning products to these various tracks. 

To make a SIM PQC ready, several technical and strategic steps are required due to the resource constraints and security demands of smart card environments. 

• Selection of a smart card chip that supports the increased demand in terms of memory, computing power and energy efficiency
• Implementation of NIST PQC algorithms (when protocolized)
• Ensure certification and compliance

Additionally, it is recommended to:

• Design for hybrid crypto (classical + PQC algorithms) to ensure backward compatibility
• Enable Over-the-Air SIM OS upgrades to ensure crypto-agility for future PQC updates without a hardware swap

Some of the prerequisites, e.g. specification of protocols and product certifications, are not yet finalized and hence a fully PQC enabled SIM is not available today.

To be able to quickly adapt to future challenges and flexibly upgrade algorithms and protocols as needed, we offer the capability to upgrade the SIM OS Over-the-Air.

What is crypto agility?

Crypto agility is the ability of a system to adapt quickly and securely to changes in cryptographic algorithms or protocols - especially when current ones become obsolete or vulnerable.

For IoT fleets, vehicles and devices with soldered (e)SIM, OTA-supported crypto agility avoids service disruptions and reduces lifecycle costs when algorithms change.