Quantum computing has the potential to change the technical landscape as we know it. And, while quantum computing — and all of the benefits it brings — is still years away, companies and organisations must be prepared for its unavoidable downside: cryptosystem failure.

Cybercriminals will be ready and able to exploit quantum computers’ ability to crack our current asymmetric cryptosystem. As a result, you’ll need to upgrade your current IT and cryptosystems to quantum-resistant or quantum-safe versions.

Upgrades to post quantum cryptographic (PQC) systems and facilities, on the other hand, require time and money. So, using hybrid digital certificates, such as a hybrid TLS certificate, is one way to help futureproof your cyber protection during this process.

Tim Callahan, Jason Soroko, and Alan Grau discuss the subtle yet critical distinctions to be aware of when it comes to quantum-safe hybrid digital certificates in this podcast.

What Is a Hybrid Digital Certificate?

A hybrid certificate is a standard X.509 digital certificate with quantum-safe components embedded. This form of certificate, also known as a cross-signed hybrid certificate, is a flexible way to allow various clients (web browsers) to communicate regardless of their crypto capabilities.

It’s important to note, however, that hybrid digital certificates are a means to an end, not a solution in and of themselves. Hybrid certificates, in other words, help to bridge the gap between PQC-enabled systems and non-upgraded systems by providing flexibility. This is helpful throughout the transition, but the ultimate aim is for all to use quantum safe cryptography, including clients and businesses.

Cryptographic agility, or crypto agility, is what this form of certificate provides. (We’ll go into more detail about crypto agility later.) In other words, once the company begins the transition to quantum-safe systems and software, you won’t have to worry about supporting two different certificates — a standard digital certificate and a quantum-safe digital certificate — because you’ll already have a two-in-one hybrid certificate in place. During the transition process, this ensures interoperability.

How Secure Connections Work Within Our Current Pre-Quantum Ecosystem

The protection of websites as we know it is based on a concept known as public key infrastructure (PKI). Public key cryptography is supported by a collection of policies, procedures, and technologies. Traditional X.509 certificates contain the following:

  • TLS certificates (transport layer security), formerly known as SSL certificates (secure sockets layer).
  • Code signing certificates.
  • Document signing certificates.
  • Email signing certificates.

These certificates are used in public key cryptography to help authenticate and encrypt data. An SSL/TLS certificate, for example, authenticates the server to which a client connects as well as establishing a stable, encrypted link between the two parties.

How Does a Hybrid TLS Certificate Differ from a Traditional One?

Digital signatures, keys, and algorithms are all used in TLS certificates. The distinction between a conventional TLS certificate and a Sectigo hybrid TLS certificate is that, in addition to the traditional elements, the Sectigo hybrid TLS certificate includes the following:

Extra X.509 certificate fields for quantum-safe keys and signatures will be included in the hybrid certificate.
The encoding for a quantum safe algorithm must be included in the hybrid certificate.

An example of the additional fields that hybrid digital certificates may have.

This means that even if the structure of the X-509 certificate has changed, legacy systems that receive the certificate will not be affected. They’ll see fields on the certificate that they don’t know and ignore them. As a result, legacy systems will be able to communicate right away using the existing public key algorithms that hybrid certificates continue to support, even though PQC algorithms are now supported by those certificates.

This means that, as guest speaker Alan Grau states, you don’t have to start updating your legacy systems right away if you choose to use hybrid certificates. Rather, when you upgrade your computers and servers over time, they can be eventually drawn in.

Jason Soroko, co-host of the podcast, adds a main takeaway:

“What it means, in very plain English, is that somebody could take the toolkit today, start issuing these X-509 certificates with, say, an ECC encryption chosen with the alternate fields and traditional systems and not break a single thing.”

How a Hybrid TLS Certificate Works in Authentication

Tim Callan, a podcast co-host, compares using hybrid digital certificates to being bilingual. Essentially, if you speak both English and French and the person with whom you’re talking does as well, you can communicate in either language. Similarly, if you’re bilingual and communicating with someone who just speaks English or French, you’ll be able to communicate with them just as effectively.

It’s like changing the lock on the front door of a boarding house with many occupants, according to Grau. They’d be able to use the front door if only one of those residents was present to obtain the latest, stronger, and more stable key (quantum safe crypto algorithm). However, if others aren’t present when the lock is replaced, they’ll have to rely on the back door and a less stable key (traditional crypto algorithm).

“[…] so as people access the house and you give them the new key, they start using the new front door lock with the new key that’s stronger and more secure. But even as people trail in through the back door, you can start to see who still needs to be updated. But you’ve got a period of time when both the old key and the new key can be utilized.”

The hybrid credential works in a similar way. Authentication would be possible without problems or delays regardless of whether the users’ clients use quantum systems or older, non-updated systems. In other words, you can represent all audiences without any delays or interruptions before you can fully transition to quantum-safe algorithms. Of course, such a change would not occur immediately. It will take years, according to Grau, “a decade or more” on a global scale. Individual businesses will likely take several years to implement, depending on their scale, capabilities, and the number of internal and third-party systems involved.
How a Hybrid TLS Certificate Factors Into Establishing Secure Connections

A TLS handshake occurs when you connect to a web server via your browser using modern cryptosystems and TLS certificates. A negotiation is part of this method, and it aids in determining which encryption algorithm (such as RSA, ECC, or others) will be used to communicate between the parties.

According to Grau:

“[…] most web servers will support some different options so they can support different versions of clients that support, perhaps, slightly different versions of TLS or keys. So, that sort of negotiation goes on today, but in a very narrow band of known encryption algorithms.”

The concept is very similar in post quantum cryptography. The only exception is if you’re upgrading your systems to use the latest quantum-safe crypto algorithms or if you’re using hybrid certificates. The idea is that these modern PQC algorithms would be used instead of RSA or ECC.

“All of those structures need to be worked on. We’re not going to flip a switch and be at RSA one day and everything on post quantum encryption the next.”

So, Just What Is a Quantum Safe Algorithm?

That is an excellent issue. Those algorithms are still being described by the National Institute of Standards and Technology (NIST). In 2017, NIST started the process by presenting 69 possible algorithms that met particular requirements. They’ve narrowed the list down to only 15 algorithms that have passed NIST’s PQC standardisation process as of July 2020. (so far). The following algorithms are included in the list:

  • Classic McEliece, CRYSTALS-KYBER, NTRU, and SABER are the four third-round finalists for public key encryption and key establishment algorithms.
  • CRYSTALS-DILITHIUM, FALCON, and Rainbow are the three third-round finalists for digital signatures.
  • Bike, FrodoKEM, HQC, NTRU Prime, SIKE, GeMSS, Picnic, and SPHINCS+ are the eight third-round alternate candidate algorithms.

Then why aren’t they reducing it to a single algorithm? Part of this is probably due to the fact that they’d like to use multiple algorithms for different use cases and to have general cryptographic redundancy. After all, you don’t want to limit yourself to only one tool in case it doesn’t work out; it’s better to have a few choices.

Why Crypto Agility Is So Important to a Post Quantum World

It would be a mistake, according to Soroko, to assume that NIST’s final choice is set in stone. Because of the algorithm’s strength, factorability, and rational key sizes, NIST has expressed interest in using a lattice approach. Although, according to Soroko, there are other methods that could be tailored for different applications.

As companies move to quantum-safe environments, being crypto-agile is critical. As standards evolve and algorithms become obsolete, having resources that include crypto agility will help you avoid being caught off guard.

“One of the things we may end up finding is that there’s an ah-ha moment — or, more than likely, an uh-oh moment — which is where cryptographic agility is something we’re going to need long term.” — Jason Soroko

These hybrid certificates will give your company the cryptographic flexibility it needs to transition to PQC algorithms when the time comes. However, as an added bonus, they’ll also allow you to swap between RSA and ECC connections as needed in the meantime.

The Obstacles to Quantum-Safety Preparation for Your Business or Enterprise

As you would expect, planning your company and IT infrastructure for the impending quantum transformation will be a major undertaking. These adjustments would basically touch everything within your IT ecosystem if they are implemented properly.

Alan Grau, a guest speaker, gives a summary of some of the improvements you’ll need to make:

“When you look at migrating your PKI systems from existing traditional algorithms to quantum safe algorithms, that really is a huge undertaking because there’s a number of steps that have to happen. You need to upgrade the PKI system, you need to upgrade the servers, you need to upgrade the clients.”

You’ll also need to update the signing and validation programmes as part of your quantum-safe code signing preparations.

To be quantum stable, you’ll need to ensure that all of your internal and external third-party systems are up to date.

What Makes This Type of Upgrade Difficult At Scale

For decades, RSA encryption has been the de facto norm, and ECC has been gaining popularity as well. However, once quantum cryptography is commercialised, all we currently have in place as an enterprise will become legacy and obsolete systems.

“If you were making a system, you could just safely assume that the presence of RSA would be there. So, everything we have — every piece of software, every piece of firmware, every piece of hardware, every service in the global economy — is built on that compatibility.” — Tim Callahan

But what if RSA or ECC became vulnerable as a result of QC? Grau emphasises that modern crypto algorithms must be implemented across the crypto structure, not only in client and server applications. However, as you would expect, such drastic changes necessitate a significant investment of time, labour, and capital. This is particularly true for businesses that must make these improvements on a large scale.

And, according to Callahan, this also means that businesses can do it piecemeal in order to save money on the transition. As a result, some of these modern quantum-safe systems will have to coexist with legacy systems for the time being, which is why hybrid TLS certificates are needed.

Of course, just because you have hybrid certificates doesn’t mean your IT and network staff can relax. Your sys admins will still need to manage their systems and networks within your company to keep track of which users and applications are still using outdated algorithms and certificates. This way, they’ll know what else needs to be updated before the company becomes completely quantum safe.

Why Quantum Cryptography Is a Concern for Data Security

Quantum computing and the issues it raises, such as quantum cryptography, aren’t exactly new. Since its introduction in the 1980s, the idea of quantum computing has been around for decades. However, it wasn’t until the mid-to-late 1990s that questions about the effects on cryptography became widespread. That’s when mathematician Peter Shor came up with a quantum algorithm (Shor’s Algorithm) to solve the large integer factoring problem.

This raised concerns that quantum computer-based attacks could compromise our existing public key cryptographic resources. And, given how commonly public key cryptography is used to encrypt digital information around the world, this is a legitimate concern.

The good news is that quantum computing isn’t going to be available any time soon. As a result, it isn’t a serious hazard. Quantum computing, on the other hand, is on the horizon, and every company can begin planning for it now.

But, once quantum computing becomes commercially viable, what happens to your stable connections? Is it possible to be insecure if you use a hybrid digital certificate that supports both quantum-safe and vulnerable algorithms like RSA and ECC? If you’re using PQC algorithms for your links, the answer is no.

What the Transition Will Look Like as We Move to PQC Systems Globally

The transition to using post quantum cryptography in the global environment will take time and require some modification, as with any major change. Hybrid certificates are intended to act as a bridge between PQC systems and those using insecure algorithms until everyone’s systems and applications are up to date.

Hybrid certificates, according to Grau, are a means to an end but not the end goal in and of themselves:

“The transition period really is designed as a transition period. Any connections that are using the old encryption algorithms no longer are going to be secure once quantum computers have hit that point that they can crack these encryption algorithms. So, once things are switched over, it’s really critical that we deprecate the ECC and RSA roots and switch them over to pure quantum safe certificates.”

Get to Know the Podcast Hosts and Guest Speaker

Tim Callan, Sectigo’s Senior Fellow, and Jason Soroko, Sectigo’s CTO of PKI, host the podcast, which also features Alan Grau, Sectigo’s VP of IoT and Embedded Solutions.

When it comes to PKI and SSL technologies, Tim Callan is a wealth of knowledge. He has over 20 years of strategy marketing experience for SaaS and B2B tech companies.

Jason Soroko is a security technology pioneer who has worked on complex data structures and GIS technologies as an architect and developer. Climate statistics and spatial mathematics are two of his specialties.

Alan Grau joined the team in May 2019 after his company, Icon Labs, was acquired by Sectigo. He has 30 years of experience in telecommunications and the embedded tech industry and is involved with Sectigo’s Quantum Labs initiatives.

Hybrid Certificates: Final Thoughts

The aim of hybrid digital certificates is to make you crypto-aware. It’s what allows clients with upgraded systems to communicate with the highest level of protection possible without leaving any of the customers in the dark. This way, you will represent customers who have PQC-enabled clients while still serving customers who don’t have PQC-enabled clients.

Categorized in: