Paper 2018/063

The Viability of Post-quantum X.509 Certificates

Panos Kampanakis, Peter Panburana, Ellie Daw, and Daniel Van Geest


If quantum computers were built, they would pose concerns for public key cryptography as we know it. Among other cryptographic techniques, they would jeopardize the use of PKI X.509 certificates (RSA, ECDSA) used today for authentication. To overcome the concern, new quantum secure signature schemes have been proposed in the literature. Most of these schemes have significantly larger public key and signature sizes than the ones used today. Even though post-quantum signatures could work well for some usecases like software signing, there are concerns about the effect their size and processing cost would have on technologies using X.509 certificates. In this work, we investigate the viability of post-quantum signatures in X.509 certificates and protocols that use them (e.g. TLS, IKEv2). We prove that, in spite of common concerns, they could work in today's protocols and could be a viable solution to the emergence of quantum computing. We also quantify the overhead they introduce in protocol connection establishment and show that even though it is significant, it is not detrimental. Finally, we formalize the areas of further testing necessary to conclusively establish that the signature schemes standardized in NIST's PQ Project can work with X.509 certs in a post-quantum Internet.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
post-quantum certificateshybrid certificateshash-based certificates
Contact author(s)
panosk @ cisco com
2018-01-27: last of 2 revisions
2018-01-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Panos Kampanakis and Peter Panburana and Ellie Daw and Daniel Van Geest},
      title = {The Viability of Post-quantum X.509 Certificates},
      howpublished = {Cryptology ePrint Archive, Paper 2018/063},
      year = {2018},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.