Enterprise IT teams and connected device manufacturers increasingly use public key infrastructure (PKI) for authentication and encryption. However, the cryptographic signatures within the certificates used by today’s systems are vulnerable to quantum-enabled attacks.
Makers of long-lived IoT devices and IT teams responsible for large and complex PKIs need solutions today to mitigate their quantum risk and avoid losing control of devices or exposing mission-critical information in the age of cryptographically relevant quantum computers (CRQCs).
The challenge: Traditional digital certificates can only manage one signature algorithm. This limitation makes a timely migration to quantum-safe signature algorithms tricky within large and complex PKIs. Bridging the gap between current and quantum-safe security — without disrupting existing systems and end users, and while maintaining standards compliance — requires a new approach.
Over decades, attacks on classical algorithms, cryptographic primitives (such as hash functions), and implementations thereof have evolved, causing organizations to go through the long and difficult process of upgrading their systems to maintain security. In the same way, we should not expect that quantum-safe algorithms will stay the same forever. Consequently, organizations should expect to perform multiple quantum-safe migrations over time.
Crypto agility provides organizations with an efficient mechanism to switch away from broken or outdated cryptography, and quickly respond to new attacks on currently used algorithms. By integrating crypto agility into PKIs today, organizations enable smoother migrations in the future, saving on time, cost, and effort.
A simplified, cost-effective method of migrating PKIs to different cryptographic algorithms is to utilize a crypto-agile approach by integrating ISARA Catalyst Crypto Agile PKI.
ISARA Catalyst Crypto Agile PKI is a technique for creating an enhanced X.509 digital certificate that simultaneously contains two sets of cryptographic subject public keys and issuer signatures.
This technique provides administrators with maximum flexibility because the crypto agile credentials offer full backward compatibility with current, non-updated, systems. The crypto agility built into this approach makes it entirely seamless to end-users.
Benefits & Advantages