By Alexander Truskovsky, Senior Product Manager, ISARA Corporation
Published on Apr. 12, 2018
Crypto-agility is the key to cost-effectively migrate information and communication technology (ICT) systems from legacy to quantum-safe systems.
By using our unique dual-algorithm approach to certificates, ISARA Catalyst Agile Digital Certificate Technology, this is possible for large organizations and governments.
When technology is updated or changed in any way in an existing communications network or system, the owner of such a system incurs a technology switching-cost. For example, replacing certain legacy equipment and/or associated software may also mandate the complete replacement of every other network component with which the replacement equipment needs to communicate. In such a case, the impact of technology switching-costs may be devastating to the business, as there can be serious impacts on labour, scheduling, potential outages, as well as equipment and software costs. This switching-cost may nevertheless be managed in order to limit the associated business liability. One such technique to manage technology switching-cost in the context of cryptographic systems is referred to as “crypto-agility”.
It is the ability for cryptographic protocols and applications to transition to new cryptographic primitives with relative ease, even allowing legacy equipment and software to co-exist with updated software at times. This permits a gradual migration from legacy to updated technology and allows the manager of systems to monitor the incremental impact of the changes.
All these dependent systems need to migrate at once if the PKI is upgraded. This means that many, if not most of an existing system may need to be replaced. These types of forklift upgrades don’t usually work, as they often incur service outages that may have serious impacts on the user’s business. Another solution to updating systems is to duplicate credentials and allow users or applications choose which one to use. This duplicates PKI resources and creates additional support issues and labour costs for already resource-limited IT departments.
What is needed to transition to quantum-safe systems is the ability to essentially negotiate an authentication algorithm without duplicating certificates. We would like to have the ability to migrate to a new authentication mechanism in PKI and dependent systems in a similar manner as key establishment. At ISARA, we developed technology, ISARA Catalyst Agile Digital Certificate Technology, that enables a public-key algorithm certificate that can contain multiple public keys and multiple issuer signatures.
What this allows us to do is update the PKI to use multiple public-key algorithms without any impact on the legacy applications that only understand classic cryptography. In the meantime, applications that are upgraded to support quantum-safe cryptographic algorithms can use the quantum-safe algorithms in the certificates. Simply put, your existing equipment and software can still operate, and will not be disrupted by new certificates.
Along with our partners at Cisco Systems we created a public demo to showcase the use of these certificates to obtain the cryptographic agility in both the EST protocol (RFC7030) and the TLS 1.2 protocol (RFC 5246). Users will be able to download a hybrid root certificate and request a hybrid end entity certificate from the EST server. The users will then be able to connect to the TLS server using the hybrid certificate such that either classic or quantum-safe cipher suite are used for the digital signature. For more information please visit http://test-pqpki.com. We want to thank Cisco Systems for working with us to create this demonstration of a real-world quantum-safe implementation with cryptographic agility.
Together with our collaborators at Cisco Systems and Entrust Datacard we submitted an Internet Draft to IETF outlining the new X.509 certificate format. The new certificate supports multiple public-key algorithms, can be used by both systems upgraded to support quantum-safe cryptographic algorithms and non-upgraded systems that can still rely on classic cryptographic algorithms without any changes to them. The additional public keys and signatures are placed in non-critical extensions that make it possible for non-upgraded applications to process them without failing. Signatures here are layered in such a way that all certificate attributes are covered by both signatures. Classic signature, however, is applied last, which makes the resulting certificates compatible with existing unmodified systems.
The latest revision of this certificate format is available in the OpenSSL connector which is part of ISARA Radiate™ Quantum-safe Toolkit. Learn more about ISARA Radiate.
Thank you to Cisco’s team for their collaboration on this release.
Read Cisco’s Technical Marketing Engineer, Panos Kampanakis’, blog post "Towards Backward-Compatible Post-Quantum Certificate Authentication", to learn more about Cisco’s take on this collaboration.