Throughout the year, we have been blogging about the quantum computing revolution that is just over the horizon, and its implications for security and cryptography. It’s too early to predict when it will be possible to build a scalable quantum computer, but the latest research from the National Academy of Sciences makes it clear that the time to start transitioning to a quantum-safe future is now. Although RSA and ECC algorithms remain safe for the moment, the National Academy states that a powerful quantum computer could break even a sophisticated 2048-bit RSA key in just a few months. One thing is certain: it will take substantial time to develop, standardize and deploy post-quantum cryptographic techniques.
Fortunately, industry standards groups are actively preparing for a post-quantum future. DigiCert is playing a major part in several initiatives, including the NIST post-quantum cryptography project. To help organizations take advantage of our R&D efforts, DigiCert has introduced a kit designed to allow customers to start testing a PQC algorithm in their network today.
This PQC tool kit is designed for technical users who want to try out the process of installing the hybrid RSA/PQC certificate (TLS or IoT). We believe the kit will be useful for PKI architects and technical solution designers across a variety of industries and use cases, including financial services; government agencies; manufacturers; utilities providers, such as smart meters; and anyone making strategic security or design decisions.
The tool kit was built for experimentation and hands-on research to help customers test and learn more about the technology. It includes a link to documentation that describes how users can set up a Linux box and run all the appropriate commands to generate post-quantum certificates. These hybrid certificates contain the backwards-compatible RSA/ECC keys, as well as future compatible post-quantum keys using the CRYSTALS-Dilithium algorithm.
The certificates are also compliant with today’s cryptography and have within them the ability to support tomorrow’s cryptography as well. Although final standards have not yet been adopted, experimenting with hybrid post-quantum certificates can enable organizations to take a first step toward understanding the security challenges of a post-quantum world, as they begin building a bridge to the future. DigiCert firmly believes that user feedback is key to developing the next generation of cryptographic tools, and we are encouraging users to share feedback about what they have learned, what’s most interesting to them and what challenges remain.
When should an organization start transitioning to quantum-safe algorithms? As we discussed in our last article in this series, the answer will be different for every organization, and even for every system that uses encryption. Utilizing tools such as the Mosca equation, organizations can gain insight into the best time to begin developing a transition plan for their organization. Whether you’re planning to explore quantum-safe algorithms right away or as a future initiative, DigiCert can provide the expertise and support you need to meet your specific business needs.
If you’d like to learn more about how to acquire the PQC tool kit, contact DigiCert sales, as the kit will be available as a zip file download from CertCentral. The tool kits will include instructions on how to correctly build a Post Quantum capable version of OpenSSL (popular SSL/TLS library) and Apache (web server) on a Linux server or workstation and use those programs to run various tests.