Cryptology ePrint Archive: Report 2018/063

The Viability of Post-quantum X.509 Certificates

Panos Kampanakis and Peter Panburana and Ellie Daw and Daniel Van Geest

Abstract: If quantum computers were built, they would pose concerns for public key cryptography as we know it. Among other cryptographic techniques, they would jeopardize the use of PKI X.509 certificates (RSA, ECDSA) used today for authentication. To overcome the concern, new quantum secure signature schemes have been proposed in the literature. Most of these schemes have significantly larger public key and signature sizes than the ones used today. Even though post-quantum signatures could work well for some usecases like software signing, there are concerns about the effect their size and processing cost would have on technologies using X.509 certificates. In this work, we investigate the viability of post-quantum signatures in X.509 certificates and protocols that use them (e.g. TLS, IKEv2). We prove that, in spite of common concerns, they could work in today's protocols and could be a viable solution to the emergence of quantum computing. We also quantify the overhead they introduce in protocol connection establishment and show that even though it is significant, it is not detrimental. Finally, we formalize the areas of further testing necessary to conclusively establish that the signature schemes standardized in NIST's PQ Project can work with X.509 certs in a post-quantum Internet.

Category / Keywords: public-key cryptography / post-quantum certificates, hybrid certificates, hash-based certificates

Date: received 11 Jan 2018, last revised 26 Jan 2018

Contact author: panosk at cisco com

Available format(s): PDF | BibTeX Citation

Version: 20180127:042741 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]