Towards security recommendations for public-key infrastructures for production environments in the post-quantum era

TL;DR

This paper examines the impact of quantum computing on public-key infrastructures, analyzing security challenges and proposing recommendations for transitioning to post-quantum cryptography in production environments.

Contribution

It provides a comprehensive analysis of security issues in PKIs under quantum threats and offers specific security recommendations for a fast transition to post-quantum solutions.

Findings

Identifies vulnerabilities of current PKIs to quantum attacks

Highlights non-cryptographic security issues in PKIs

Recommends strategies for rapid adoption of post-quantum cryptography

Abstract

Quantum computing technologies pose a significant threat to the currently employed public-key cryptography protocols. In this paper, we discuss the impact of the quantum threat on public key infrastructures (PKIs), which are used as a part of security systems for protecting production environments. We analyze security issues of existing models with a focus on requirements for a fast transition to post-quantum solutions. Although our primary focus is on the attacks with quantum computing, we also discuss some security issues that are not directly related to the used cryptographic algorithms but are essential for the overall security of the PKI. We attempt to provide a set of security recommendations regarding the PKI from the viewpoints of attacks with quantum computers.