Advances Post-Quantum PKI: Defining Requirements for Secure X.509 Certificate Transition

Securing classical cryptographic protocols is now paramount as the advent of quantum computing looms! Grazia D’Onghia, Diana Gratiela Berbecaru, and Antonio Lioy, all from Politecnico di Torino, detail crucial strategies for fortifying Public Key Infrastructure (PKI) against this emerging threat in their new research! Public key cryptography, vital for secure digital signatures and key exchange, faces particular vulnerability, demanding a proactive shift towards quantum-resistant alternatives! This work investigates the selection and application of robust post-quantum algorithms within the PKI framework, defining essential requirements for a secure transition and exploring adaptations for the widely used X.509 certificate format, alongside quantum-resistant updates to Certificate Revocation Lists and Online Certificate Status Protocol , ultimately illuminating the complex path towards a future-proofed PKI.

Quantum threats to PKI and post-quantum solutions

DeScientists are actively addressing the impending threat to classical cryptographic protocols posed by the approaching era of quantum computing. Public key cryptography, essential for secure signature and key exchange, is particularly vulnerable to attacks from quantum computers, necessitating a swift transition to quantum-resistant alternatives. This vulnerability extends to public-key certificates, signed data structures that themselves require robust security against quantum threats, both for the certified keys and the signatures they contain0.509 certificate format. This work establishes a crucial roadmap for adapting current systems to withstand future quantum attacks, acknowledging the urgent need for proactive measures given the potential for a “store-now-decrypt-later” strategy employed by malicious actors. The research highlights that while symmetric encryption, such as AES-256, can be made Quantum-Safe by increasing key lengths, asymmetric cryptography requires a more fundamental overhaul.

Classical cryptosystems have revolutionized security protocols and remote transactions over the past two decades, but preparing for quantum-safe systems demands immediate action, as the process of transitioning and implementing these solutions into real-world systems will inevitably take time. Given the pervasive use of digital certificates within PKI, intensive research is vital to define and standardize Post-Quantum-enabled X0.509 certificates and integrate PQC into core PKI protocols. Experiments show that while some initial guidelines have been proposed, a clear definition of future quantum-resistant certificates remains elusive. The ITU-T published an update to the X0.509v3 standard in October 2019, acknowledging the need for new signature schemes but stopping short of establishing a firm migration deadline, recognising that a simultaneous change of cryptographic algorithms across an entire PKI is unlikely. The team proposes a gradual approach, initially utilising certificate extensions to accommodate alternative public keys, marked as “non-critical” for backward compatibility, as a temporary solution before ultimately migrating to pure quantum-safe signature schemes. This study aims to bridge the gap between expectations and concrete definitions of PQ-based certificates, providing a detailed roadmap for the transition to a PQ PKI, focusing on adapting the certificate format and reviewing existing implementations.

Post-Quantum PKI Transition with X0.509 certificate format and associated revocation mechanisms! This work defines specific requirements for a secure transition to a -resistant PKI, providing a roadmap for future implementation. The study pioneered a comparative analysis of several PQ algorithm categories, including lattice-based cryptography, such as NTRU and ring-LWE, code-based cryptography, like McEliece and CFS, hash-based cryptography, Merkle and XMSS, multivariate cryptography, Rainbow, and isogeny-based cryptography, SIKE.

Researchers assessed these algorithms based on key size, efficiency, security robustness, and intended use cases, recognising that lattice-based algorithms generally offer security with longer keys than RSA! NIST’s selection criteria, ranging from security level 1 (equivalent to AES-128) to level 5 (equivalent to AES-256), served as the benchmark for quantum robustness, with the goal of achieving level 5 security with PQ algorithms for digital signatures. Experiments employed a detailed examination of the current X. Furthermore, the study meticulously reviewed the mechanisms for CRLs and OCSP, acknowledging that many applications currently bypass revocation verification or employ custom methods! The team’s analysis highlights the challenges of integrating PQ algorithms, which typically require larger key sizes and produce bigger signatures, into the current PKI infrastructure while maintaining existing efficiency levels! This innovative work establishes general requirements for transitioning to PQ PKI, discussing design considerations for PQ-based X0.509 certificates, CRLs, and OCSP, ultimately paving the way for a secure and resilient cryptographic future.

PKI transition to post-quantum cryptography is a complex

Scientists are addressing the critical need to secure classical cryptographic protocols as the computing era advances! Public key cryptography, widely used for signatures and key exchange, faces increasing threats from quantum computing, necessitating a robust transition to post-quantum (PQ) algorithms. Experiments revealed that lattice-based cryptography, such as NTRU and ring-LWE, offers security but necessitates longer keys compared to RSA.

Code-based cryptography, including McEliece and Courtois-Finiasz-Sendrier (CFS), also requires large key sizes, while hash-based cryptography, like Merkle and XMSS, delivers robustness but produces significantly larger signatures. Multivariate cryptography, exemplified by the Rainbow algorithm, provides smaller signatures but exhibits reduced efficiency, and isogeny-based cryptography, specifically SIKE, offers smaller key sizes for Diffie-Hellman-like key exchange. Data shows the US National Institute of Standards and Technology (NIST) has been leading the standardization process for PQ algorithms since 2016, emphasizing security levels ranging from 1, equivalent to AES-128, to 5, equivalent to AES-256, which is currently considered quantum-safe. Results demonstrate that NIST announced the standardization of four algorithms in 2023: Kyber, a lattice-based KEM; Dilithium and Falcon, lattice-based digital signatures; and SPHINCS+, a hash-based signature scheme.

Measurements confirm that Kyber provides a balance of security and efficiency with relatively smaller key sizes, while Dilithium and Falcon offer high security and efficient verification. SPHINCS+ delivers robust security but generates larger signatures, and SLH-DSA, a stateless hash-based digital signature algorithm, exists in schemas including SLH-DSA-128, SLH-DSA-192, and SLH-DSA-256. Tests prove that integrating these algorithms into current PKI systems presents challenges due to their larger key sizes and signature lengths. The team measured the impact of PQ algorithms on the X0.509v3 certificate format, identifying key fields like Version, Signature, Validity, and Subject Public Key Info as areas requiring adaptation.

Analysis of the certificate structure revealed that the Authority Key Identifier (AKI), calculated with SHA-1, will also be affected by the transition. The study highlights the need to issue public-key certificates without extensions, utilizing the new set of cryptographic algorithms and placing the digital signature in the base part of the certificate, streamlining the process and enhancing security. This research delivers a roadmap for transitioning to PQ PKI, addressing both general and specific requirements for adapting the certificate format and providing an overview of existing implementations and previously reported results.