ISARA Catalyst TLS Testbed

Start seamlessly integrating crypto-agility today

A risk-free, confident step towards quantum-safe security

Protecting against an ever-increasing threat landscape, including the threat quantum computing poses to security, requires flexibility so that you can make changes at the cryptographic level quickly and without affecting your product’s current certifications.

 

Start with crypto-agility

The ISARA Catalyst™ TLS Testbed expands on TLS 1.2 to include agility in the form of hybrid key establishment, supported by a selection of ready-to-use classic and quantum-safe hybrid cipher suites allowing you to begin your migration to quantum-safe security today.

“By 2021, organizations with crypto-agility plans in place will suffer

60% fewer cryptographically related security breaches

and application failures than organizations without a plan.”

Gartner, “Better Safe Than Sorry: Preparing for Crypto-Agility”, Mark Horvath, David Anthony Mahdi, 30 March 2017

Agile & Optimized

Agile key-establishment mechanism allows for the hybridization of two or more key establishment mechanisms using the embedded ISARA Radiate Crypto Library. It’s lightweight, fast, and low consumption—perfect for embedded devices, yet scalable for use in networks and servers.

Fully-compliant

Provably as secure as classic ciphersuites, with long term security provided by quantum-safe cryptography, enabling a risk-free migration. Implements a selection of standards-compliant hybridized classical and quantum-safe cipher suites using the NIST-recommend hybrid approach.

Quantum-safe & Backward Compatible

Provides agile TLS 1.2 support using a curated list of classic ciphersuites ensuring full backward compatibility, as well as a selection of ready-to-use classic-quantum-safe hybrid cryptography.

Frequently Asked Questions

Will using hybrid key establishment impact my current cryptographic compliance policy?

No, hybrid key establishment will not affect your current cryptographic compliance policies. We use the NIST-recommend hybrid approach to maintain the security of classic cipher suites while integrating the strength of quantum-safe cipher suites.

A direct quote from the NIST Post-Quantum Cryptography FAQs page states that “assuming one of the components of the hybrid mode in question is a NIST-approved cryptographic primitive, such hybrid modes can be approved for use for key establishment or digital signatures.”

Read the full FAQ answer on the NIST, Post-Quantum Cryptography FAQs page under “Transition and Migration”.

Why was TLS 1.2 chosen instead of TLS 1.3?

TLS 1.3 is a recently standardized version of TLS and is not widely supported yet.  Future versions of ISARA Catalyst will support it.  Currently, TLS 1.2 is the most supported version of TLS, allowing most TLS protocol users to take advantage of the testbed today.

How did ISARA choose the cipher suites?

The ISARA Catalyst TLS Testbed offers a smart, curated selection of classic and classic-quantum-safe hybrid cypher suites. The classic cipher suites are currently the most secure and widely supported, allowing for backward compatibility with legacy systems. Classic-quantum-safe hybrid cipher suites are based on the Diffie-Hellman variation of two of the most promising, yet mathematically unrelated, NIST submissions for key-exchange. The Diffie-Hellman variations were chosen to allow for a simple hybridization with classic Elliptic Curve Diffie-Hellman. Future versions of ISARA Catalyst TLS Testbed will include hybrid cipher suites based on the most promising NIST, Key Encapsulation Mechanisms (KEMs) and support quantum-safe ISARA Catalyst™ Agile Digital Certificate Technology.

 

Start with agility

Learn more about ISARA’s TLS Testbed

ARE YOU A DEVELOPER?

We’ve created these materials just for you.

Technical Specifications

  • TLS 1.2
  • Client and server modes
  • Client and server authentication
  • CRL support
  • Suite B cipher suites:
    • TLS_ECDHE_ECDSA_ WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_ECDSA_ WITH_AES_128_GCM_SHA256
  • Quantum-safe hybrid key establishment cipher suites:
    • TLS_ECDHE_NHDH_ECDSA_ WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_SIDH_ECDSA_ WITH_AES_256_GCM_SHA384
    • TLS_ECDHE_NHDH_SIDH_ECDSA_ WITH_AES_256_GCM_SHA384
  • Platforms:
    • Windows (x86)
    • macOS (x86)
    • Linux (x86, ARM)