Root Causes 483: Introducing the PQC Sandbox

Hosted by

Tim Callan

Chief Compliance Officer

Jason Soroko

Fellow

Original broadcast date

April 7, 2025

We are joined by repeat guest Bruno Coulliard of Crypto4A to introduce Sectigo's new post quantum cryptography (PQC) sandbox. The PQC sandbox allows you to get quantum resistant certificates in your hands to understand how they work with your systems.

Podcast Transcript

Lightly edited for flow and brevity.

Jason SorokoI'm glad to be here with our guest.

Tim CallanWith our guest – Bruno Couillard. Bruno, you have been on with us a number of times. We have heard your voice. Now we also get to see your smiling face. Bruno, of course, is CEO and Founder of Crypto4A and is an expert in post-quantum cryptography (PQC), and has really helped us dive into various topics. And the reason you're joining us today, Bruno, is that we are talking about our new post-quantum cryptography sandbox that Sectigo has made available. Crypto4A was an essential partner - the essential partner - in putting this together, and I was thinking that we could talk about it today.

Bruno CouillardAbsolutely. First of all, thank you guys for having me as a guest so many times. That's a topic I would love to talk to you guys about and see how it elevates, and it helps promote the readiness and the ability for people to start really looking at real solutions, not fluffy things, in essence.

Tim CallanSo, gentlemen, both of you, let's start with this. What is the post-quantum cryptography sandbox that we're now offering?

Jason SorokoI can start it. Bruno, you can take it away. Basically, this is a way for people who are interested to actually put a post-quantum certificate in their hands. And there's a lot of reasons why you might want to do this. The ability to look at the certificate itself, evaluate the x.509 format, evaluate the latency in the amount of time it would, it took to produce, evaluating the size of the file, the signature size, etc. All of these things are of great interest to people who are wanting to get their hands dirty in preparing for PQC, and there's an enormous amount of detail behind that. I think what's most important is that as a CA and as an HSM vendor like Bruno is it's important for us to come together and show the industry end-to-end key generation all the way to a certificate that's in your hand, and so that you understand that the basic building blocks of what are available to you now, as we start to think about productizing private trust systems that will utilize these types of certificates, understanding what the underlying architecture is, understanding what the integrations look like, and then obviously, understanding what the effect of that cryptographic algorithm has, are all things that are important for us to demonstrate as vendors, and very important for our customers to be able to look at so that they can actually tangibly sense what these things are look like, and ask and see things that are real, not just PowerPoint presentations with architectural diagrams. That's, I think, is what's most important. But Bruno, you've got a lot of the details behind this.

Bruno CouillardWell, yes. The one aspect of this lab and this sandbox, which is unique, I think, is the fact that it rests on an actual physical device, an HSM, which itself produces the cryptography, the operation, it connects through proper API with real hardware, which is right now fully FIPS or ACVP validated. So all of the algorithms we produce have all been vetted against the NS or NIST standards, and all of this is real. So you're looking at a lab where you've got a real kit, a real software PKI that talks to a real HSM that is currently the most advanced HSM, pretty close to being in MIP or M-I-P stage under FIPS 140-3, and in essence, what you have is something that's tangible. It's concrete, and you can realize your PKI deployment with that system between the Sectigo PKI and what we offer through that API and that connectivity. You can do a lot of demonstration and experimentation, but the day you need to transition from the experimentation to actual deployment, this is where that lab has all the deployable assets today, and it's not months or years of waiting before you can put that together. That's the biggest difference, I think.

Tim CallanThat just gives you a head start. Like one of the things we've heard from everybody who has kind of poked at this is that once you start taking these algorithms, these primitives, and putting them in anything that represents a real computing environment, you find all kinds of stuff that just won't work. And the sooner we find this stuff, the better.

Jason SorokoTim, we had a podcast not that long ago that really spelled out the fact that in order to move forward, we can't be scared by things that we don't expect. There's a lot of unknown unknown still that we need to work ourselves through and the euphemism for that is getting your hands dirty. And that's why I say that is because precisely what you just said – learning what will break. Learning what will work. I an evolution, Bruno, of the sandbox will be hybrid certificates. Therefore, right now, people who are interested in pure PQC certificates can start to look at that, and pretty soon you'll start to be able to address systems that might need a legacy wrapper around what is ultimately a PQC certificate. So this thing will evolve, and you'll be able to test other use cases to see if something breaks now with pure PQC, maybe it'll work with a hybrid cert. And those are the things you'll have to learn as time goes on.

Bruno CouillardCorrect. The other thing that we were chatting just before we went into recording, there is a massive amount of efforts in the different standardization bodies, IETF, the Oasis, they're focused on APIs between applications and HSMs, the CA/Browser Forum, which is trying to collect together the set of protocols and rules and standards to move forward. There's a lot right now as we speak. The forums are just lit. There's emails after emails. I'm sure, if you, between the time we started recording to the end, it's probably 10 to 15 emails sitting there with different people, with different opinions, different trying, attempting to move this entire body of knowledge we built for 30 years across this magical line that's called quantum readiness. As we're doing that, there will be a lot of churn. We're familiar with that. There's a theme that you need to keep in mind, which is called crypto agility. The idea here is that you need to have in your build ups, in your building blocks, the ability to migrate with times what's going on. As an HSM vendor, we've built everything from absolute day one to be crypto agile. One thing that we did, and I've never really talked to people about that, but in the world of cryptography and cryptographic post-quantum cryptography, not all candidates are on equal footing in terms of the gut feel from the experts, which of these is the most likely to resist quantum computers and we're hoping they're going to be fine, but lots of questions. Like, we've been fortunate for the past 30 years to have single solution answer to everything - RSA, RSA, RSA. Everything was RSA. Now we're having to go, oops. It doesn't work. But I would suggest, and I'm happy to be challenged, and if someone gives me a better solution, I'll take it. But I would suggest that the absolute best backstop, the absolute best final, final barrier of security is if you can start building from hash-based signatures. We for all our software, firmware updates, we stick into our HSMs, HSS Root of Trust, and all firmware is signed with it.

In essence, we're we've added an assurance layer to suggest that we don't know if MLDSA is going to be there in five years. We don't know if FNDSA, which is about to come out, will be valid for the next five years. There will be more. NIST is working on a new set of signature, digital signature, with different characteristics. So at some point, we will have to update. We talked about hybrid certificates. There's composite certificates. There's pure. All of these things are going to have impact into these devices, and they better be agile and easy to update and update and update and in a secure fashion.

This lab that we've been working with you is built on this foundational box that allows anyone that deploys today to pretty much go - They call that no regrets buy. You can go to sleep at night, and that your base box will be there in the next few years and years and years to come, because it can adapt to the times that will come out. I'm not predicting what's going to come out, but I can guarantee it will be a constant change for years to come.

So I think this is what makes this lab so unique, because it's real, it's concrete, and it's ready to go, and you can start and it moves forward, and you don't have to think, I'm gonna have to keep replacing these boxes and these hardware devices. None of that. It's just now you've got a building block that you can firmware update the same way you update the rest of your stack, and you can move at speed and keep up with the world. The world is changing really, really rapidly.

Jason SorokoThat's huge, Bruno. A huge change in thinking from the way that these systems were architected in the past. Tim and I have talked a lot about the fact that we have been so spoiled with past cryptographic algorithms. They never changed. Most people aren't even thinking about them. We are going to have to start thinking about it. If you go back to Dr. Dustin Moody's podcast with us, it was stated without any question, that the age of static cryptographic algorithms is going to end with the end of RSA and ECC. Therefore we have to think about all of our systems like that. So, really glad, to know that you're certainly thinking about it, and it permeates what we did with PQC Labs, which I'm very proud of.

Bruno CouillardI think this is the beauty of this lab. We can talk about the roadmap at some point between us. One interesting topic that pops up every once in a while is our future certificate chain and is it going to be homogeneous or heterogeneous? The way the distinction I've heard many times is, if we're not certain that MLDSA is here to stay, as an example, or if we're not certain we want to keep MLDSA instead to potentially switch over to FNDSA, like the Falcon variant, there are people today that are suggesting, let's make the root of trust of our PKI architectures of tomorrow, let's make that the absolute strongest possible, most likely to resist all the timelines in the future and let's use HSS or XMSS or SLH-GSA, if we can suffer the size of these signatures. That way there's always a final piece of security you can go back to. It might collapse underneath, but you can always replace and move forward. That's something that I've heard many people reflecting on as a possible idea to in the future, our future PKI, as in our future certificate path, may no longer have a nice RSA signed with RSA signed with RSA self-signed certs. It may change. Every layers may end up using a different type of crypto for all sorts of reasons.

Jason SorokoBruno, we have something very similar in the CA world, as a thought, where we have proposals that are going on right now, as you've talked about earlier, before they started recording that are going on in IETF right now. Which Merkle tree certificates, for example. The Merkle tree itself, the base signing, which is an attempt to get rid of this large signature problem, you sign the Merkle tree itself, and then every subsequent certificate that's issued off of it is hashed, rather than having to sign each certificate. Therefore, what's the algorithm that you do the original signing with? If it doesn't matter, then all of a sudden, all that NIST argument about we need performance, we need smaller signatures, well, in that case, you can go with the larger signature. You can go with less performance, because you only have to do it once. So that's some of the thinking that's going on. That may or may not be how things go to pass, but what you're saying echoes exactly what's going on in our part of the world as well.

Bruno CouillardI think we're going to be in the next a renaissance, I guess, of the cryptography key management concept. Many, many super smart people are going back and back to the basics and reassessing how can we? Maybe we need to shift in terms of our thinking. We did not have the ability to think in terms of chain, like a blockchain, before. We didn't have any storage of certificate transparencies before. But now we build those tools. Maybe we could use some of these techniques to improve the PKI construct, and sometimes, if you've got to deal with offline device, it just won't work. But it's interesting. Kind of there's a lot of interesting ideas popping back up, and I love it. I love to see what's the flourishing of brain power being applied to such interesting problems at a time when we need the best brains available in the planet to try and make this work. Because we're the one thing that I think we all agree is we cannot pull the plug on the internet. The internet and all the digital security we've built for the last 30 years is ultimately responsible for a third of the global economy today. This is not something you unplug anymore.

Jason SorokoWe're not going back.

Bruno CouillardWe need to keep it going.

Jason SorokoNot only are we not going back, Bruno, but this is a topic that I don't think people have brought up enough, and I think that this is where you're going. That's a lot of people think that PQC is a rip and replace of like for like, and the systems we had before will be the same as later. It's just that you had to pay for it twice. That's a bad investment from a CISO or CIO standpoint.

I think the argument that our industry is not making enough of and that's why perhaps the uptake of PQC technology is not what it should be right now, in my opinion. I think it's that CIOs, CSOs, don't see the return on investment in terms of innovation. What you're saying is the opportunity to do things way better, like radically better, I don't even think we have the full scope of just how much we could change the game in terms of security technology and making - let's face it - this, this technology we're talking about is kind of like that's the apex predator of credential form factors. It just is. If somebody has something better, call us up and let us know, but this is it. The buck stops here. This is what the internet is based off of. This is what all of our transactions are based off of. As you’re saying. But being able to cast the net of trust wider, being able to do complex trust models in the future, the ability to even do things such as achieve cryptographic agility so that we can swap out our algorithms, the ability to not suffer from the fact that we have large signatures, slower performance, take advantage of the difficulty that actually those things do produce, make them an advantage instead of a disadvantage.

I don't think we've thought through all of that opportunity yet, but that's where the return on investment is going to come in terms of innovation.

Bruno CouillardI do think, I believe, right now, the field of cryptography and key management is starting to become attractive again for the young generation. The young, passionate engineer, technicians, doctors, people that want to find a very complicated challenge and latch on it and make a career of being the expert. I believe there's a phenomenal amount of these challenges spread around this Internet of Things, and the internet at large, and all this digital economy and the transition to PQC. Name it. This field is absolutely phenomenal if you want to be putting your brains on high activity. There's a lot of challenges. We're experts. We've been at this for many, many cycles. We're sitting here. I'm sitting here, for sure, and I'm looking at all this activity, and I'm trying to keep up. I'm not even keeping up. It's amazing the amount of smart and passion that you can see in those emails. I'm not agreeing with all of it, but there's passion. There's people going, no, it needs to be this way. No, it needs to be this way. Here’s the reason why. Wow! I just sit back and go, man, this is awesome, because the field is gaining its passion again. I think that's certainly a positive. The world is filled with hugely smart people, and I think there's a whole lot of them that are kind of getting back in the game here, and I'm really, really happy to see that. There's a lot of work to be done, and I'm seeing a lot of passionate people getting in that space to do the work. Kudos on everyone, because we have a lot of things to do.

Jason SorokoSo, Tim, to close the circuit. What Bruno just said, I think, maybe highlights the most important reason why we got together with Crypto4A and put up PQC Labs. Because I think for a lot of people who want to do the learning, people who want to actually see this, people who don't want to just look at diagrams or talk, people who actually want to see it happening for real, they now have an opportunity to do that.

Tim CallanExactly. Before this, you kind of couldn't. It was really, how did you?

Bruno CouillardYes. The beauty of it is, when they show up at the lab and they get their results back. They know that this behind the scene, all of it is real. All of it is built on actual, real software, real hardware, real APIs, real functionality. So that at least they leave with here's a sample of the answer, and I know that I could go from this answer and turn that answer into my solution in a fairly reasonable amount of time. I'm not sitting here with an answer that's never going to be available in two or three years from now. That is also important. I think this is why we're so excited to see this collaboration. I'm jazzed to expand this and have more cool things to demonstrate. I'm sure we will have fun.

Tim CallanSo Jason, shameless plug. How does somebody get to the PQC Labs?

Jason SorokoSectigo.com Quatum-Labs. Please go check it out, and there'll be links there. Lots of education. Links back to our podcast. Pretty much everything you need. What - I'm sure that Bruno and his folks at Crypto4A can help you to get to that as well.

Bruno CouillardFor sure. Absolutely.

Tim CallanBruno, thank you, as always, for joining us. Another great conversation. This has been Root Causes.

Stay informed with expert insights

Subscribe to Root Causes for engaging discussions on PKI, digital security, and best practices for protecting your organization's critical assets. Don’t miss an episode!