Quantum computers will change PKI
Within a few short years quantum computers will render valueless the RSA (Rivest–Shamir–Adleman) and ECC (elliptic-curve cryptography) encryption algorithms our digital systems depend on. The potential effects are so severe they're sometimes called the Quantum Apocalypse.
Sectigo is working with technology and industry leaders to help you prepare
The industry identified its first set of new encryption algorithms, that are not vulnerable to quantum computing's extreme advances in calculation speed: CRYSTALS-Kyber as one of the key encryption methods (KEM) and CRYSTALS-Dilithium as the hashing algorithm, with alternate options available. They now need to be incorporated into standards and then into software and hardware solutions. Looking ahead, enterprises will have to adopt entirely new families of quantum-resistant cryptography to remain secure, with great agility. Crypto-agile businesses will be able to react quickly and reliably for any volume of certificates, while manual certificate management is no longer a viable option.
Don't wait to protect yourself. Be proactive in your switch to post quantum cryptography.
Introducing quantum safe hybrid TLS / SSL certificates
This new cryptosystem uses lattice-based mathematical concepts and processes that aren't readily cracked by quantum computers. Traditional computers can still use these algorithms to encrypt and decrypt data, but quantum computers will not easily be able to break them.
NIST has been leading a process to develop and vet a set of quantum-safe cryptographic algorithms. This process began in 2016 and with four winning algorithms picked in July 2022, standardization is expected to be completed by 2024. Companies that are able to automatically adapt hybrid and later quantum-resistant certificates have the advantage of reliably and quickly reacting to changes.
Migrating to quantum-safe algorithms means using quantum-safe certificates
Quantum-safe certificates are X.509 certificates that use quantum-safe encryption algorithms. Implementations of the new algorithms are currently available to introduce in sandbox environments and hybrid certificates bridge traditional and quantum certificates.
Hybrid certificates have both traditional and quantum safe keys and signatures
Cross-signed hybrid certificates enable a migration path for systems with multiple components that cannot all be upgraded or replaced at the same time. This type of hybrid key exchange allows you to transition from traditional public-key cryptography to post-quantum cryptography in a more manageable way. Using hybrid certificates is akin to a house with two doors where each door has its own separate key.
If you install a new front door lock, only people with the new key can open that door. People with the old key can still enter the house, but only via the unchanged back door. Over time, you can swap out keys to users, giving them access through the new door lock. Eventually, once everyone's key is swapped out, you can safely change the back door lock with no loss of access for anyone.
As a trusted third-party CA, Sectigo is investing in developing solutions to enable PKI users' migration to newer quantum-safe algorithms.
Insights from leaders in quantum cryptography
Learn more about the various quantum threats to today’s public key infrastructure (PKI) and what we all can do about it.
