PQC standardization: The benefits of competition

PQC standardization: The benefits of competition

by | Aug 12, 2025 | Magazine#02

Author: Klaus Schmeh, cryptovision GmbH

Post-Quantum Cryptography (PQC) has been a major research focus for over a decade. As quantum computing steadily advances, so does the urgency to protect our digital infrastructure against future quantum threats. In response, the cryptographic community has developed more than a hundred PQC algorithms—ranging from digital signatures to key encapsulation methods. But only in recent years has the field matured, with standards emerging and a clearer picture forming of which algorithms are likely to play a critical role in securing the post-quantum era.
A pivotal factor in this development has been the ongoing standardization efforts led by the U.S. National Institute of Standards and Technology (NIST), which launched two major algorithm competitions.

NIST PQC competition – round 1

The first NIST competition, open to both signature and key encapsulation mechanisms (KEMs), began in 2016. Out of 69 submissions, four primary winners were announced in 2022, with a fifth selected in 2025.

These five algorithms represent the future standard portfolio:

  • CRYSTALS-Kyber (standardized as ML-KEM): Key encapsulation mechanism
  • CRYSTALS-Dilithium (standardized as ML-DSA): Digital signature scheme
  • SPHINCS+ (standardized as SLH-DSA): Stateless hash-based signature scheme
  • FALCON: Digital signature scheme
  • HQC: Key encapsulation mechanism

Unless significant weaknesses are found, no further algorithms from the first competition are expected to be standardized.

NIST PQC competition – round 2

While three digital signature schemes emerged successfully from the first round, NIST sought greater algorithmic diversity. This led to a second, ongoing competition launched in 2023, this time exclusively for signature algorithms.

From the 40 submissions, 14 candidates advanced to the second round. The competition is still underway, and the final selection is expected to add further options for post-quantum digital signatures

IETF standards

Parallel to NIST’s work, the Internet Engineering Task Force (IETF) has also contributed to PQC standardization. As early as 2018 and 2019, the IETF published two relevant standards:

  • XMSS – eXtended Merkle Signature Scheme (RFC 8391)
  • Leighton-Micali Signature Scheme (RFC 8554)

Both are stateful signature schemes, which disqualified them from participating in the NIST competitions, where only stateless schemes were permitted. Nevertheless, these algorithms remain viable options in specific contexts and are already standardized.

German BSI recommendations

In Germany, the Federal Office for Information Security (BSI) has included two additional PQC algorithms in its cryptographic recommendations (TR-02102):

  • FrodoKEM – Key encapsulation mechanism
  • Classic McEliece – Key encapsulation mechanism

Both are currently undergoing standardization by the International Organization for Standardization (ISO), further reflecting their importance in the global cryptographic landscape.

From standards to deployment

With a growing list of standardized and soon-to-be-standardized algorithms, the focus is now shifting toward practical deployment. Cryptographic libraries, protocols, and file formats are being updated to support the new schemes. Vendors are actively upgrading their products to support post-quantum cryptography. For example, Eviden Digital Identity has integrated post-quantum algorithms into its cryptovision GreenShield software (see Figure 1). Many organizations are already preparing for a migration to PQC technologies.

Figure 1: Eviden Digital Identity’s cryptovision GreenShield already supports the post-quantum algorithms CRYSTALS-Kyber and CRYSTALS-Dilithium.

The transition to post-quantum security will be one of the most critical infrastructure shifts of the coming decade. The groundwork has been laid—now it’s time to put theory into practice.
Blockchain and the future of digital identity: Lessons from decentralized governance

Blockchain and the future of digital identity: Lessons from decentralized governance

by | Aug 12, 2025 | Magazine#02

Author: Adam Ross, cryptovision GmbH
The promise of blockchain technology has long been tied to its ability to decentralize trust — removing the need for centralized intermediaries and enabling direct, transparent, and secure interactions. Initially heralded as a revolution for everything from finance to identity management, blockchain’s journey has been complex and nuanced. Today, as the hype settles, real-world applications like Decentralized Autonomous Organizations (DAOs) offer a glimpse into blockchain’s practical potential as well as its pitfalls.

One compelling example is Copernicus Beer, a DAO-based brewing collective started in the Netherlands. Instead of a traditional management board, the brewery is governed collectively by holders of 24 unique Non-Fungible Tokens (NFTs). These tokens grant voting rights, allowing the community to decide everything from brewing schedules, branding and even recipes. This innovative model blurs the line between digital ownership and tangible products, illustrating how blockchain can transform governance beyond finance.

Decentralization: More than a buzzword

Blockchain’s core strength lies in its decentralized architecture. By distributing data across a network of computers rather than a single central server, blockchain reduces vulnerabilities and the risk of manipulation. This design shifts trust from human intermediaries to cryptographic algorithms and consensus protocols.

However, decentralization is not without trade-offs. While it can increase transparency and fault tolerance, it also introduces complexities in governance, scalability, and regulatory compliance. The Copernicus Beer DAO’s democratic voting system showcases decentralization in action, but also highlights challenges in participation and operational efficiency — issues that many blockchain projects continue to grapple with.

Blockchain and digital identity: Complementary, not substitutive

Early discussions envisioned blockchain as a replacement for conventional digital identity systems, potentially ending the era of eID cards and centralized Public Key Infrastructure (PKI). Yet, the reality has proven more collaborative. Blockchain can enhance identity management by enabling self-sovereign identities and immutable audit trails, but it often relies on existing PKI standards and trusted authorities to secure private keys and authenticate identities.

For example, while blockchain wallets require users to safeguard private keys — often a point of vulnerability — integrating secure elements like smart cards or national eID cards can strengthen key protection and providing key insights as to the identity of token holders. This synergy supports blockchain’s security model without discarding established identity frameworks.

The evolving landscape: From hype to practicality

Since the initial mania of blockchain enthusiasm, the ecosystem has matured considerably. Regulatory scrutiny, market volatility, and technical challenges have tempered some of the initial exuberance. Meanwhile, Layer 2 scaling solutions, interoperability standards, and governance innovations have emerged to address these issues.

Projects like Copernicus Beer DAO highlight blockchain’s real-world applications in community governance, collaborative business models, and bridging digital-physical divides. However, widespread adoption remains investigational, requiring ongoing research into governance models, usability, and legal frameworks.

Looking ahead: Blockchain as a building block, not a silver bullet

Blockchain is unlikely to single-handedly replace existing identity systems or business structures. Instead, it should be viewed as a powerful tool that, when combined thoughtfully with established technologies like PKI and secure hardware, can unlock new possibilities for secure, decentralized interactions.

The question remains how deeply blockchain will integrate into everyday digital identity and governance. As DAOs like Copernicus Beer demonstrate, blockchain can enable novel models of ownership and participation, but success depends on balancing decentralization’s ideals with practical needs.

In conclusion: Blockchain continues to evolve from a revolutionary concept to a practical technology with unique strengths and inherent challenges. By learning from pioneering projects and integrating blockchain with existing infrastructures, the future of digital identity and decentralized governance looks promising, but it requires tempering realistic expectations and ongoing innovation.

Secure silicon, strategic vision

Secure silicon, strategic vision

by | Aug 12, 2025 | Magazine#02

AdvanIDe’s CEO on innovation, ownership, and the future of identity tech

AdvanIDe is a long-standing partner of Eviden and cryptovision, known for its global role in secure ID and semiconductor distribution. Holger Roessner, CEO of AdvanIDe Holdings and Managing Partner at IDentivest Partners, shared his insights with TRUST Magazine on strategy, innovation, and the evolving identity technology landscape.

Holger Roessner | CEO of AdvanIDe

“We’re not just a distribution channel; we’re a trusted advisor, systems partner, and enabler of secure digital transformation.”

Holger, AdvanIDe operates with a leadership and team that hold majority ownership. How has this structure shaped the company’s culture and direction?

HR: “Having the leadership team and employees as significant stakeholders creates a strong sense of shared purpose and long-term accountability. It deepens our commitment not only to the company’s success but also to the success of our partners and clients.
This structure strengthens collaboration, encourages innovation, and helps us attract people who are genuinely invested—both literally and figuratively—in building lasting value.”

How would you describe the evolution of AdvanIDe’s vision since its inception?

HR: “Now in our 30th year, we are continually re-inventing ourselves. The market dynamics are constantly changing with emerging players, both on the supply side as well as the demand side. Besides, we see a fair bit of consolidation via M&A, which creates disruption but also opens new opportunities. The foundation of AdvanIDe was built on the ability to connect semiconductor innovation with real-world identification and authentication needs. While technology and markets have evolved, that core idea has remained constant.

We continue to adapt by anticipating what our partners and clients need, whether that’s support for emerging security standards, integration services, or solutions that enable secure identities in increasingly digital environments.”

What role does AdvanIDe play in today’s identification and authentication ecosystem?

HR: “We serve as a strategic platform—linking world-class semiconductor providers with solution developers across smart card, RFID, secure ID documents, access control, and IoT applications. Our position allows us to provide both technical value and market insight, helping our partners succeed across complex, global environments.
We’re not just a distribution channel; we’re a trusted advisor, systems partner, and enabler of secure digital transformation. Together with partners, we create an ecosystem of outsourced production where we match the needs of semiconductor partners and our clients from a product perspective.”

AdvanIDe has been steadily expanding its capabilities, particularly in modules and inlays, and is focusing on proprietary inductive-coupling technology. What’s driving this move, and how do you see it shaping your product and service offering in the coming years?

HR: “Today, AdvanIDe owns 19 trademarks and several patents while outsourcing all assembly as far as hardware products are concerned. We do this to provide options for our clients who are particularly tied into a proprietary supply chain and often depend on suppliers from countries that are not geopolitically neutral. AdvanIDe being headquartered in Singapore and its shares controlled by the employees and the management will always provide a neutral platform with innovative value-added products to serve the needs of our clients as well as our semiconductor partners for their go-to-market strategy.
Especially in the market of electronic government documents, we see a drive towards localization where the state printers are moving up the supply chain from being an importer of the whole document focusing only on personalization, towards producing most elements of the document in-house with the need of importing packaged semiconductors or inlays. We will continue to grow with the direction of our clients, increasing our share of wallet with them and innovate with new inlay offerings such as our idLAM™, winLAM™ and icoLAM™.”

What strategic priorities guide your long-term roadmap?

HR: “We built our focus on three core pillars:

  • Enhancing value-added services, such as IC module programming, neutral and compliant module packaging services and inlays made in geopolitically neutral geographies
  • Investing in innovation, particularly in inlay security features, cost-optimized and durable IC packages and thin packages and inlays for even thinner ePassport data pages
  • Expanding globally, by growing our presence in emerging markets and addressing region-specific demands and hiring the best talent in the market with vast experience and connections

We also place strong emphasis on sustainability across our operations and how we select and deliver products. The identification industry is increasingly shaped by regulation, environmental expectations, and technological convergence—and we’re well-positioned to lead in that environment.”

How does AdvanIDe maintain agility in a rapidly changing technology landscape?

HR: “Our organizational structure is lean, decentralized, and digitally enabled. Decision-making is based on a clear, transparent matrix that empowers local teams while ensuring strategic alignment.
This allows us to respond quickly to changes in supply chains, regulations, or customer requirements. Our ability to combine technical depth with operational speed is a key differentiator in our industry.”

What drives your motivation as a leader within the secure identification space?

HR: “I’m deeply committed to building long-term relationships—internally and externally. Working closely with our team, clients, and partners keeps me connected to the real challenges and opportunities in our sector. Being in the business for 30 years is a strong testament that our company as well as our team members are committed to this business in the long run.
What excites me most is the impact our work has: enabling secure identities, supporting trust in digital transactions, and helping build infrastructure for a safer, more connected world. That purpose keeps the energy high and the goals clear.”

Looking ahead, where do you see the biggest growth opportunities for AdvanIDe?

HR: “The market is still impacted by the semiconductor shortage that we experienced in 2022 and 2023, which was followed by an oversupply and subsequent overstock situation. While AdvanIDe and our clients are working through this even today, among our biggest growth opportunities is scaling our team of trusted employees who are key to our success. We have been fortunate to welcome world-class talent to our team in recent months, which will strengthen our sales ability and extending our reach to more clients.”

Biometrics and the future of digital identity: SCinterface eID meets ID3 technologies

Biometrics and the future of digital identity: SCinterface eID meets ID3 technologies

by | Aug 12, 2025 | Magazine#02

Author: Atefeh Mokallahi, Eviden Digital ID
Passwords can be forgotten. PINs get lost. But your fingerprint? That’s always with you — simple, secure, and uniquely yours. In the fast-moving world of digital identity, biometrics has become a cornerstone technology, offering a unique balance between security and user convenience.

Biometric authentication works by using physical traits — fingerprints, facial features, iris patterns — to verify identity. But while biometrics are powerful, they also raise privacy questions: where is this sensitive data stored? Who can access it? That’s where match-on-card technology comes in.

Match-on-card ensures that biometric data never leaves the smart card itself. The fingerprint is stored securely on the chip, and matching happens directly on the card — meaning it can’t be intercepted or misused. This approach eliminates PIN fatigue while making identity theft dramatically harder.

With cryptovision SCinterface, Eviden Digital Identity already delivers one of the most versatile eID middleware platforms on the market. It connects eID cards seamlessly to client applications, supports over 100 cards, profiles and operating systems, and enables secure authentication, digital signatures, and encrypted communication for governments worldwide.

Now, through a strategic partnership with id3 Technologies, Eviden integrates state-of-the-art fingerprint verification directly into its middleware; cryptovision SCinterface. id3, an expert in AI-driven biometric solutions, brings expertise in high-accuracy, high-speed recognition — enhancing SCinterface’s security profile without sacrificing usability.

The result:

  • Stronger protection against unauthorized access and identity theft
  • Faster authentication with easier PIN entry
  • Privacy-first security thanks to match-on-card processing
  • Future-ready flexibility across multiple platforms and card types

As digital services expand, the ability to authenticate securely and effortlessly is becoming a critical success factor — not just for governments, but for banking, healthcare, and enterprise environments. cryptovision SCinterface eID with biometric support represents a decisive step toward secure, sovereign, and user-friendly digital identities.

In the future of authentication, your identity will be something you are, not something you remember.

Sovereign and resilient digital identities: Why they matter now

Sovereign and resilient digital identities: Why they matter now

by | Aug 12, 2025 | Magazine#02

Authors: Ralf König & Julia Zimmermann, Eviden Digital Identity

The accelerating pace of digital transformation is forcing organizations to rethink more than just efficiency and scalability — it’s about digital sovereignty. At the heart of this shift lie digital identities: the secure credentials that enable trusted communication, controlled access, auditability, and compliance in a connected world.

But in complex IT landscapes — especially those handling sensitive or classified information — managing these identities isn’t straightforward. Proprietary solutions, legacy systems, and fragmented infrastructures often lock organizations into rigid setups, making adaptation slow and costly.

Our new white paper, “Sovereign and resilient digital Identities,” provides a strategic roadmap for CIOs, CISOs, and IT leaders to build identity infrastructures that are secure, interoperable, and future-ready.
Inside, you’ll find:

  • Dynamic access management strategies that replace static key ownership with real-time rights allocation.
  • Governance models such as four-eyes approval and full audit logging for high-assurance environments.
  • Automation-driven workflows for onboarding, certificate renewal, and key lifecycle management — because usability is a security factor.
  • Standards-based architectures that avoid vendor lock-in and pave the way for post-quantum readiness.

Whether it’s ensuring secure classified communication, enabling role-based access across distributed teams, or integrating with multiple certification authorities, the principles outlined in this guide help you scale securely without sacrificing control.

In an era where regulatory requirements and technological change are constant, resilient digital identities are not optional — they’re a strategic necessity.

Download the white paper to explore how modular, standards-based solutions can strengthen your security posture, reduce operational complexity, and protect your organization’s technological sovereignty.

Download Area

Cryptovision SCinterface integrates credentials from smartcards, tokens, remote tokens and virtual smartcards into common IT environments

With increasing security concerns, using only usernames and passwords for login is no longer considered secure. Better options like smart cards and security tokens provide stronger security measures. Smart cards, extensively used in banking and electronic IDs, demonstrate reliable security technology, with recent improvements like VSC and RSC making them even more effective.

The cryptovision SCinterface middleware provides a robust solution that is platform-independent and supports over 100 different chip types, operating systems and profiles. Additionally, it employs standardized protocols and high-quality cryptographic procedures. With RSA and ECC algorithms, cryptovision SCinterface supports procedures recommended by IT security authorities worldwide, facilitating the utilization of credentials across a wide variety of security devices.

Supported crypto interfaces:

  • Microsoft CSP and Minidriver (for Windows)
  • Apple Crypto Token Driver (for macOS)
  • PKCS#11 (for Linux derivatives, Windows and macOS)

Product features such as platform independence, a modular architecture, the implementation of all major standards, support for (Microsoft) Virtual Smart Card and biometrics make cryptovision SCinterface one of the most diverse and innovative solutions of its domain.
www.cryptovision.com/en/scinterface-new