ABOUT FORTRESS

FORTRESS aims to address challenges of modern cybersecurity by developing a scalable and efficient hybrid secure boot architecture. It will design a flexible Root of Trust that integrates both traditional and post-quantum algorithms, while exploring trade-offs between security, performance, and cost. The project will focus on hardware-software co-design principles, enabling diverse platforms – embedded systems, edge devices, and Critical National Infrastructure – to transition to quantum-resistant architectures seamlessly. Additionally, the project will engage industry stakeholders to align with regulatory and standardisation efforts, ensuring practical deployment and maximum impact. By developing a critical building block for a wide range of applications, FORTRESS will safeguard Europe’s digital infrastructure, fostering resilience and leadership in the post-quantum era.

Context and Challenge

The foundation of modern cybersecurity lies in the secure boot process, ensuring only trusted and authenticated software runs on a device. By validating code integrity through cryptographic signatures, secure boot upholds the Confidentiality, Integrity, and Availability triad, acting as the first line of defence against tampering, malware, and unauthorised changes. Currently, secure boot relies on traditional cryptographic algorithms like RSA. However, the advent of quantum computing poses a threat to these systems, as quantum algorithms like Shor’s could compromise them, necessitating a transition to Post-Quantum Cryptography. The European Union and relevant agencies, such as ANSSI and BSI, advocate for a Post-Quantum/Traditional (PQ/T) hybrid cryptographic model, combining quantum-resistant algorithms with traditional cryptography for added resilience. Implementing quantum-safe secure boot remains challenging due to the performance, scalability, and compliance trade-offs of PQ/T solutions. However, to date, there seems to be no significant progress made in this domain.

Ambition and Impact

FORTRESS advances the state of the art by combining post-quantum cryptography with hardware-enforced security to deliver trusted systems that remain secure in the quantum era. The project contributes to EU leadership in PQC standardisation, ensures the resilience of critical infrastructures, and enables a secure digital transition for industries and public services across Europe.