Automated Issuance of Post-Quantum Certificates: a New Challenge

Alexandre Augusto Giron; Frederico Schardong; Lucas Pandolfo Perin; Ricardo Custódio; Victor Valle; Víctor Mateu

Paper 2023/1921

Automated Issuance of Post-Quantum Certificates: a New Challenge

Alexandre Augusto Giron

, Universidade Tecnológica Federal do Paraná

Frederico Schardong

, Instituto Federal do Rio Grande do Sul (IFRS), Universidade Federal de Santa Catarina

Lucas Pandolfo Perin

, Technology Innovation Institute

Ricardo Custódio, Universidade Federal de Santa Catarina

Victor Valle, Universidade Federal de Santa Catarina

Víctor Mateu

, Technology Innovation Institute

Abstract

The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME's PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let's Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size.

Metadata

Available format(s): PDF
Publication info: Published elsewhere. Minor revision. Accepted at ACNS2024
Keywords: Post-Quantum Cryptography ACME Protocol Certificate Management
Contact author(s): alexandregiron @ utfpr edu br
lucas perin @ tii ae
History: 2023-12-18: approved; 2023-12-15: received; See all versions
Short URL: https://ia.cr/2023/1921
License: CC BY

BibTeX

@misc{cryptoeprint:2023/1921,
      author = {Alexandre Augusto Giron and Frederico Schardong and Lucas Pandolfo Perin and Ricardo Custódio and Victor Valle and Víctor Mateu},
      title = {Automated Issuance of Post-Quantum Certificates: a New Challenge},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1921},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1921}
}