Paper 2023/1921

Automated Issuance of Post-Quantum Certificates: a New Challenge

Alexandre Augusto Giron, Universidade Tecnológica Federal do Paraná
Frederico Schardong, Instituto Federal do Rio Grande do Sul (IFRS), Universidade Federal de Santa Catarina
Lucas Pandolfo Perin, Technology Innovation Institute
Ricardo Custódio, Universidade Federal de Santa Catarina
Victor Valle, Universidade Federal de Santa Catarina
Víctor Mateu, Technology Innovation Institute
Abstract

The Automatic Certificate Management Environment protocol (ACME) has significantly contributed to the widespread use of digital certificates in safeguarding the authenticity and privacy of Internet data. These certificates are required for implementing the Transport Layer Security (TLS) protocol. However, it is well known that the cryptographic algorithms employed in these certificates will become insecure with the emergence of quantum computers. This study assesses the challenges in transitioning ACME to the post-quantum landscape using Post-Quantum Cryptography (PQC). To evaluate the cost of ACME's PQC migration, we create a simulation environment for issuing PQC-only and hybrid digital certificates. Our experiments reveal performance drawbacks associated with the switch to PQC or hybrid solutions. However, considering the high volume of certificates issued daily by organizations like Let's Encrypt, the performance of ACME is of utmost importance. To address this concern, we propose a novel challenge method for ACME. Compared to the widely used HTTP-01 method, our findings indicate an average PQC certificate issuance time that is 4.22 times faster, along with a potential reduction of up to 35% in communication size.

Metadata
Available format(s)
PDF
Publication info
Published elsewhere. Minor revision. Accepted at ACNS2024
Keywords
Post-Quantum CryptographyACME ProtocolCertificate Management
Contact author(s)
alexandregiron @ utfpr edu br
lucas perin @ tii ae
History
2023-12-18: approved
2023-12-15: received
See all versions
Short URL
https://ia.cr/2023/1921
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2023/1921,
      author = {Alexandre Augusto Giron and Frederico Schardong and Lucas Pandolfo Perin and Ricardo Custódio and Victor Valle and Víctor Mateu},
      title = {Automated Issuance of Post-Quantum Certificates: a New Challenge},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1921},
      year = {2023},
      note = {\url{https://eprint.iacr.org/2023/1921}},
      url = {https://eprint.iacr.org/2023/1921}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.