Redirecting you to

Post Quantum Cryptography

The #1 resource for quantum PKI solutions

Speak to an expert

Introducing post quantum cryptography

Quantum computers will change PKI

Within a few short years quantum computers will render valueless the RSA (Rivest–Shamir–Adleman) and ECC (elliptic-curve cryptography) encryption algorithms our digital systems depend on. The potential effects are so severe they're sometimes called the Quantum Apocalypse.

Play video

Preparing for the Quantum Apocalypse

Sectigo is working with technology and industry leaders to help you prepare

The industry identified its first set of new encryption algorithms, that are not vulnerable to quantum computing's extreme advances in calculation speed: CRYSTALS-Kyber as one of the key encryption methods (KEM) and CRYSTALS-Dilithium as the hashing algorithm, with alternate options available. They now need to be incorporated into standards and then into software and hardware solutions. Looking ahead, enterprises will have to adopt entirely new families of quantum-resistant cryptography to remain secure, with great agility. Crypto-agile businesses will be able to react quickly and reliably for any volume of certificates, while manual certificate management is no longer a viable option.

Estimates say quantum computing will break RSA and ECC as early as 2026.

Don't wait to protect yourself. Be proactive in your switch to post quantum cryptography.

Quantum safe cryptography solutions

Introducing quantum safe hybrid TLS / SSL certificates

This new cryptosystem uses lattice-based mathematical concepts and processes that aren't readily cracked by quantum computers. Traditional computers can still use these algorithms to encrypt and decrypt data, but quantum computers will not easily be able to break them.


NIST has been leading a process to develop and vet a set of quantum-safe cryptographic algorithms. This process began in 2016 and with four winning algorithms picked in July 2022, standardization is expected to be completed by 2024. Companies that are able to automatically adapt hybrid and later quantum-resistant certificates have the advantage of reliably and quickly reacting to changes.

Quantum safe certificates

Migrating to quantum-safe algorithms means using quantum-safe certificates

Quantum-safe certificates are X.509 certificates that use quantum-safe encryption algorithms. Implementations of the new algorithms are currently available to introduce in sandbox environments and hybrid certificates bridge traditional and quantum certificates.

Play video

Hybrid certificates

Hybrid certificates have both traditional and quantum safe keys and signatures

Cross-signed hybrid certificates enable a migration path for systems with multiple components that cannot all be upgraded or replaced at the same time. This type of hybrid key exchange allows you to transition from traditional public-key cryptography to post-quantum cryptography in a more manageable way. Using hybrid certificates is akin to a house with two doors where each door has its own separate key.

If you install a new front door lock, only people with the new key can open that door. People with the old key can still enter the house, but only via the unchanged back door. Over time, you can swap out keys to users, giving them access through the new door lock. Eventually, once everyone's key is swapped out, you can safely change the back door lock with no loss of access for anyone.

IT professionals everywhere need to be thinking about this change in cybersecurity

As a trusted third-party CA, Sectigo is investing in developing solutions to enable PKI users' migration to newer quantum-safe algorithms.