Sectigo targets quantum threat to PKI (Image Credit: Gerd Altmann from Pixabay)Sectigo has launched Sectigo Quantum Labs. It will provide a range of tools and guidance to allow Sectigo customers, allowing them to prepare for post-quantum cryptography. It is also partnering with the ISARA Corporation to enable companies to issue quantum-safe certificates.

The first solution from that partnership is the Sectigo Quantum-Safe Certificate Toolkit. It is a demo/Proof of Concept (POC) solution that can be downloaded from the Sectigo website (registration required). Sectigo is expected to release more information on this solution in the next few months.

Jason Soroko, CTO of PKI at Sectigo (Image Credit: Sectigo)
Jason Soroko, CTO of PKI at Sectigo

According to Jason Soroko, CTO of PKI at Sectigo: “Our partnership with ISARA provides Sectigo with a wealth of practical understanding of leading quantum-safe candidate algorithms and how to implement them.

“Combining our resources enables enterprises to prove their crypto agility and build concrete plans to roll out quantum-safe certificates as soon as they are commercially available.”

What is the risk from quantum computers?

Quantum computers will solve complex problems that are beyond that ability of today’s computer. One area that this threatens is cryptography. Modern cryptography uses a combination of highly complex algorithms and extremely large numbers. It is becoming increasingly likely that within the next 15 years, quantum computers will become powerful enough to crack most, if not all, of today’s commonly used encryption schemes.

This is not just a future problem. The existing state of quantum computers is capable of breaking some cryptography today. It means that organisations need to begin planning for new solutions to encrypt their data. Doing this is far from simple as it means not only changing the encryption that organisations use but also considering what older data should be re-encrypted.

The National Institute of Standards and Technology (NIST) is currently looking for the next generation of cryptography. It will need to be quantum-resistant, and that means complex enough to resist attempts to use quantum computers to break it. It expects to certify the first of these news encryption schemes by 2024. However, it will still take time to get them used widely. NIST mathematician Dustin Moody says: “It will take 10 to 20 years to get new algorithms selected, standardised and implemented out into the field.

Sectigo Quantum Labs

The Sectigo Quantum Labs brings together all of Sectigo’s work on quantum-safe algorithms and certificates into one place. It aims to provide customers with a route from their current solutions to a post-quantum cryptographically safe world.

Sectigo Quantum Labs logo (Image Credit: Sectigo)

One of the major challenges for customers is that they cannot just rip and replace their PKI infrastructure. The Sectigo approach is a cross-signed hybrid certificate. It combines existing certificates that organisations use with a new certificate that has a quantum-resistant signature. It allows companies to start future-proofing their environment without any disruption.

Once an organisation has replaced its existing digital certificates with hybrid digital certificates, it can begin to deprecate its older certificates. This process will take most organisations several years. The reason for this is that they will not want to move too quickly and risk destabilising their existing security.

Enterprise Times: What does this mean?

The threat of quantum computers to existing cryptography is very real. There is significant work being done to create post-quantum cryptographic solutions by many companies. Enterprise Times has recently covered IBM’s work with Banco Bradesco and the launch of temtum’s solution to protect blockchains.

It makes sense for Sectigo to launch its own quantum-resistant solution. It will make more people aware of the risk to PKI from quantum computers. More importantly, however, it offers a non-disruptive solution that organisations can plan for and deploy. This is critical. Organisations cannot and will not rip and replace existing PKI environments. Many do not have the skills to do so, and the impact on their existing environments would be too disruptive.

It will be interesting to see how long it takes Sectigo to advance its Quantum-Safe Certificate Toolkit from POC to a commercial solution.

 

LEAVE A REPLY

Please enter your comment!
Please enter your name here