Paper 2021/1447

Mixed Certificate Chains for the Transition to Post-Quantum Authentication in TLS 1.3

Sebastian Paul, Yulia Kuzovkova, Norman Lahr, and Ruben Niederhagen


Large-scale quantum computers will be able to efficiently solve the underlying mathematical problems of widely deployed public key cryptosystems in the near future. This threat has sparked increased interest in the field of Post-Quantum Cryptography (PQC) and standardization bodies like NIST, IETF, and ETSI are in the process of standardizing PQC schemes as a new generation of cryptography. This raises the question of how to ensure a fast, reliable, and secure transition to upcoming PQC standards in today’s highly interconnected world. In this work, we propose and investigate a migration strategy towards post-quantum (PQ) authentication for the network protocol Transport Layer Security (TLS). Our strategy is based on the concept of “mixed certificate chains” which use different signature algorithms within the same certificate chain. In order to demonstrate the feasibility of our migration strategy we combine the well-studied and trusted hash-based signature schemes SPHINCS+ and XMSS with elliptic curve cryptography first and subsequently with lattice-based PQC signature schemes (CRYSTALS-Dilithium and Falcon). Furthermore, we combine authentication based on mixed certificate chains with the lattice-based key encapsulation mechanism (KEM) CRYSTALS-Kyber as representative for PQC KEMs to evaluate a fully post-quantum and mutually authenticated TLS 1.3 handshake. Our results show that mixed certificate chains containing hash-based signature schemes only at the root certificate authority level lead to feasible connection establishment times despite the increase in communication size. By analyzing code size and peak memory usage of our client and server programs we further demonstrate the suitability of our migration strategy even for embedded devices.

Available format(s)
Publication info
Published elsewhere. AsiaCCS 2022
Transport Layer SecurityPost-Quantum CryptographyAuthenticationPublic Key InfrastructureEmbedded Systems
Contact author(s)
sebastian paul2 @ de bosch com
2021-10-27: received
Short URL
Creative Commons Attribution


      author = {Sebastian Paul and Yulia Kuzovkova and Norman Lahr and Ruben Niederhagen},
      title = {Mixed Certificate Chains for the Transition to Post-Quantum Authentication in {TLS} 1.3},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1447},
      year = {2021},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.