Applied Post Quantum Cryptography: A Practical Approach for Generating Certificates in Industrial Environments
- URL: http://arxiv.org/abs/2505.04333v1
- Date: Wed, 07 May 2025 11:28:35 GMT
- Title: Applied Post Quantum Cryptography: A Practical Approach for Generating Certificates in Industrial Environments
- Authors: Nino Ricchizzi, Christian Schwinne, Jan Pelzl,
- Abstract summary: Post-quantum cryptography (PQC) presents significant challenges for certificate-based identity management in industrial environments.<n>This work analyzes the integration of PQC into X.509 certificate structures and compares existing tool support for classical, hybrid, composite, and chameleon certificates.<n>A gap is identified in available open-source solutions, particularly for the generation and validation of hybrid and composite certificates.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The transition to post-quantum cryptography (PQC) presents significant challenges for certificate-based identity management in industrial environments, where secure onboarding of devices relies on long-lived and interoperable credentials. This work analyzes the integration of PQC into X.509 certificate structures and compares existing tool support for classical, hybrid, composite, and chameleon certificates. A gap is identified in available open-source solutions, particularly for the generation and validation of hybrid and composite certificates via command-line interfaces. To address this, a proof-of-concept implementation based on the Bouncy Castle library is developed. The tool supports the creation of classical, hybrid (Catalyst), composite, and partially chameleon certificates using PQC algorithms such as ML-DSA and SLH-DSA. It demonstrates compatibility with standard X.509 workflows and aims to support headless operation and constrained platforms typical of industrial systems. The implementation is modular, publicly available, and intended to facilitate further research and testing of PQC migration strategies in practice. A comparison with OpenSSL-based solutions highlights current limitations in standardization, toolchain support, and algorithm coverage.
Related papers
- Performance and Storage Analysis of CRYSTALS Kyber as a Post Quantum Replacement for RSA and ECC [49.1574468325115]
CRYSTALS-Kyber is a post-quantum cryptographic solution standardized by NIST in 2022.<n>This study evaluates Kyber's practical viability through performance testing across various implementation schemes.
arXiv Detail & Related papers (2025-08-03T09:53:45Z) - A Scalable Framework for Post-Quantum Authentication in Public Key Infrastructures [0.0]
This work explores the performance and scalability of a hierarchical certificate authority framework with automated certificate issuance.<n>The system is designed for compatibility with both classical and PQC algorithms, promoting crypto-agility while ensuring robust security against quantum-based threats.
arXiv Detail & Related papers (2025-04-16T13:18:11Z) - Performance Analysis and Industry Deployment of Post-Quantum Cryptography Algorithms [0.8602553195689513]
The National Institute of Standards and Technology (NIST) has selected CRYSTALS-Kyber and CRYSTALS-Dilithium as standardized PQC algorithms for secure key exchange and digital signatures.<n>This study conducts a comprehensive performance analysis of these algorithms by benchmarking execution times across cryptographic operations.<n>Our findings demonstrate that Kyber and Dilithium achieve efficient execution times, outperforming classical cryptographic schemes such as RSA and ECDSA at equivalent security levels.
arXiv Detail & Related papers (2025-03-17T09:06:03Z) - Hybrid Scheme of Post-Quantum Cryptography and Elliptic-Curve Cryptography for Certificates -- A Case Study of Security Credential Management System in Vehicle-to-Everything Communications [0.0]
This study proposes a hybrid certificate scheme of PQC and ECC to overcome the challenges in V2X communication.<n>PQC is used to establish a security level resistant to quantum computing attacks, while ECC is utilized to establish anonymous certificates.
arXiv Detail & Related papers (2025-01-13T02:59:59Z) - ACRIC: Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
Recent security incidents in safety-critical industries exposed how the lack of proper message authentication enables attackers to inject malicious commands or alter system behavior.<n>These shortcomings have prompted new regulations that emphasize the pressing need to strengthen cybersecurity.<n>We introduce ACRIC, a message authentication solution to secure legacy industrial communications.
arXiv Detail & Related papers (2024-11-21T18:26:05Z) - Evaluating Post-Quantum Cryptography on Embedded Systems: A Performance Analysis [7.142158555793151]
NIST has finalized the selection of post-quantum cryptographic (PQC) algorithms for use in the era of quantum computing.
There is limited study on profiling these newly standardized algorithms in resource-constrained communication systems.
arXiv Detail & Related papers (2024-09-09T03:12:28Z) - X.509 Information Security Certification Based on Post-Quantum Cryptography [0.0]
This study explores X.509 security certificates based on Post-Quantum Cryptography (PQC)
This study compares mainstream asymmetric cryptographic methods with standard PQC methods.
recommendations for a solution based on PQC for X.509 security certificates are proposed.
arXiv Detail & Related papers (2024-08-05T01:38:36Z) - A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure.
This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus.
We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z) - HasTEE+ : Confidential Cloud Computing and Analytics with Haskell [50.994023665559496]
Confidential computing enables the protection of confidential code and data in a co-tenanted cloud deployment using specialized hardware isolation units called Trusted Execution Environments (TEEs)
TEEs offer low-level C/C++-based toolchains that are susceptible to inherent memory safety vulnerabilities and lack language constructs to monitor explicit and implicit information-flow leaks.
We address the above with HasTEE+, a domain-specific language (cla) embedded in Haskell that enables programming TEEs in a high-level language with strong type-safety.
arXiv Detail & Related papers (2024-01-17T00:56:23Z) - A General Framework for Verification and Control of Dynamical Models via Certificate Synthesis [54.959571890098786]
We provide a framework to encode system specifications and define corresponding certificates.
We present an automated approach to formally synthesise controllers and certificates.
Our approach contributes to the broad field of safe learning for control, exploiting the flexibility of neural networks.
arXiv Detail & Related papers (2023-09-12T09:37:26Z) - Practical quantum secure direct communication with squeezed states [55.41644538483948]
We report the first table-top experimental demonstration of a CV-QSDC system and assess its security.
This realization paves the way into future threat-less quantum metropolitan networks, compatible with coexisting advanced wavelength division multiplexing (WDM) systems.
arXiv Detail & Related papers (2023-06-25T19:23:42Z) - When BERT Meets Quantum Temporal Convolution Learning for Text
Classification in Heterogeneous Computing [75.75419308975746]
This work proposes a vertical federated learning architecture based on variational quantum circuits to demonstrate the competitive performance of a quantum-enhanced pre-trained BERT model for text classification.
Our experiments on intent classification show that our proposed BERT-QTC model attains competitive experimental results in the Snips and ATIS spoken language datasets.
arXiv Detail & Related papers (2022-02-17T09:55:21Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.