Research into greater cyber security

How can we safeguard our critical infrastructure from quantum computer attacks in the future? As part of the international project “QUEST”, Professor Fabio Campos from Darmstadt University of Applied Sciences (h_da) is conducting research into new post-quantum cryptography methods that should be able to withstand even the most ingenious side-channel attacks. The project, which the Federal Government’s “Cyberagentur” (Cybersecurity Agency) will fund until 2030, aims to help protect vital social and economic lifelines – such as the financial sector, transport and energy supply – from these new cyber threats.

By Astrid Ludwig, 16.6.2026

When Fabio Campos, cryptography expert and professor for cybersecurity, is asked to describe his research area, he likes to use a practical example from everyday life. His main focus is side-channel resilience in cryptographic processes. As only few people know exactly what this is, he explains his research topic by comparing it to a recipe from a cookery book. “Imagine you’re boiling rice. The recipe is clear, but the end result depends on many factors. Which type of hob am I using, which type of rice or water, what is the energy consumption, and how long does it take to cook?” In other words: it is not always possible to follow the recipe exactly to the letter, and small deviations or irregularities can occur.

In cryptography, what is understood by this is the “side channels” mentioned above. These can be envisaged as cracks or crevices that can serve as entry points for cyberattacks from outside. Here, attackers do not target the algorithms or mathematical flaws of a cryptographic process but instead exploit physical aspects such as power consumption or electromagnetic radiation, or they measure the time needed for a cryptographic operation. “The aim of our research project is to make these attacks far more difficult in the future,” says Campos. Especially once quantum computers become reality in the next years and many of the methods commonly in use today will no longer offer protection.

It was Professor Campos, 51, who successfully secured funding for the research project “Quantum-safe Embedded Systems with Side-channel Tolerance” (QUEST), which is led by h_da, was commissioned by the “Agentur für Innovation in der Cybersicherheit GmbH” – in short “Cyberagentur” (Cyber Agency, a federal institution) and will receive substantial funding until 2029/2030. The aim is to achieve strong side-channel resilience in post-quantum cryptography. Alongside h_da, the project partners are RheinMain University of Applied Sciences, Nanyang Technological University (NTU) in Singapore and Chelpis Quantum Corp, a cybersecurity company from Taiwan specialising in post-quantum cryptography. “This international constellation of partners beyond European borders is highly unusual,” says Campos. It came about because he had already worked with researchers from these institutions during his doctoral studies. The global community of cryptographers working on side-channel resilience and error injection is relatively small.

The project started in 2026 and is one of a whole series of research initiatives, including ones commissioned by the “Cyberagentur”, that are examining aspects of side-channel resilience in post-quantum cryptography. “When the quantum computer arrives, we will have an unfathomable problem,” says Professor Campos. Everything we do today relies on functioning cryptography: banking transactions, communication via mobile phones, email or messaging services, our infrastructure, as well as the digital systems in cars, airplanes and other modes of transport. Quantum computers will be able to decrypt a significant part of today’s security systems within seconds and make them vulnerable to attack.

According to Campos, urgent action is required. “We don’t know exactly when manufacturers will succeed in building quantum computers with a large number of qubits – the computational units required in quantum computers. But it’s only a matter of time,” he is convinced. Major players such as Google and IBM have been working for years to advance their quantum computers, with Google scheduling 2030 for the transition. The multinationals have been fighting a head-to-head qubit race for some time now, says Campos. “Who is faster and better? There’s a lot of money involved.” The big tech companies are happy to disclose their plans. “We cannot, however, rule out the possibility that others are keeping their activities under wraps, which is why our research is extremely urgent. We must be prepared.”

The research project resembles the game of cat and mouse often played in the cyber world between hackers and cryptographers. The one side develops new methods, and the other side attacks them. “In our project, we have two teams: the ‘good guys’ and the ‘bad guys’,” reports Professor Campos. The blue team develops safeguards, while the red team launches attacks against them. In the future, Campos, a doctoral student and researchers from Taiwan will form the blue team; colleagues from RheinMain University of Applied Sciences and Nanyang Technological University in Singapore belong to the red team.

In a first step, they want to gain an overview of all existing post-quantum processes and analyse how well they are protected against side-channel attacks and error injection. “Defining the status quo is very time-consuming,” says Campos. In a second step, the game of cat and mouse begins: the blue team will develop immune systems, and the red team will attempt to crack them. The aim is to examine existing standards and methods as well as identify vulnerabilities – and then develop and propose countermeasures.

Here, the starting point for the researchers is cryptographic primitives – small building blocks and algorithms used in cryptography to construct complex security mechanisms and protocols. These building blocks are generic and versatile. “We want to develop an efficient and secure library of post-quantum computing primitives,” explains Fabio Campos. This would make it possible, he says, to cover a broad spectrum of applications and platforms that require secure PQC primitives to protect against the imminent quantum threat. But the researchers are, of course, setting priorities here. For now, the robot vacuum cleaners and digitally controlled fridges in our homes are of secondary importance. “First, we want to create safeguards against post-quantum attacks for the most critical, high-risk areas – such as financial transactions, public infrastructure and transport,” explains Fabio Campos. So that chaos doesn’t break out when the digital doomsday comes, but instead society, politics and the economy are properly prepared.