Key Takeaways From the PKI Consortium’s Post-Quantum Cryptography Conference

In November, the PKI Consortium hosted its second post-quantum cryptography (PQC) conference in Amsterdam. Following the success of the inaugural event in Ottawa, hundreds of participants gathered to delve into the world of PKI and explore the ever-growing challenge posed by quantum computing to asymmetric cryptography.

The PKI Consortium is a nonprofit organization that aims to facilitate the exchange of ideas, knowledge, and experiences among IT security professionals who have a shared interest in PKI. The consortium actively manages several initiatives, including those related to post-quantum cryptography compatibility and the development of a PKI maturity model. All these efforts are driven by the hard work and dedication of volunteers and consortium members. 

The goal of the second conference was to expand upon the conclusions drawn from the first conference by incorporating key insights and inviting experts from various fields to share their latest research findings. Although each presentation provided valuable insights, several overarching takeaways emerged throughout the two-day conference. Read on for the main takeaways from the conference. 

It’s clear that organizations are facing a massive (and potentially risky) task that will take years to complete. But fear not because the solution lies in the cooperation of various industry segments. During the conference, representatives from Thales, Umatico, and Entrust –three titans in this space– openly discussed how they are working together to ensure this critical piece of PKI continues to operate seamlessly across mixed vendor ecosystems. It’s truly inspiring to see how collaboration will be the key to success — and that was just one of the many great takeaways from this conference. 

The transition towards quantum–ready cryptography standards requires significant changes — this transition brings with it both challenges and risks. Numerous studies have been conducted to assess the impact of key sizes on current candidate algorithms. While this is unlikely to pose a problem for traditional computing devices, a presentation by Qualcomm highlighted the considerable design challenges involved in supporting quantum–ready algorithms on mobile devices. It is encouraging to witness the progress made thus far, although there is still much work to be done to achieve a fully seamless cryptographic experience comparable to what is available today. 

Nearly every speaker emphasized the need for advance planning to ensure a successful migration, and the focus on adopting a risk management approach was prominent throughout. Testing was also a central theme, as it is crucial to assess the risks for organizations. There are still many uncertainties surrounding the implementation of post-quantum cryptography, as everything is constantly evolving. Therefore, it is essential for everyone to consider the impact of PQC on their environment, from factors such as key length on network traffic, hardware compatibility, to battery drain on mobile devices.

Complex ecosystems like eIDAS and the payment industry are no small feat to migrate. With their global reach, involving numerous organizations of varying levels of development and relying on outdated infrastructure, these systems are far from agile. The process of migration will require extensive technical development and the updating of policies, standards, and specifications.   

Fortunately, with forums like the PKI Consortium, we have a space where brilliant minds can unite, exchanging knowledge, discoveries, and valuable lessons. Such collaboration is indispensable for ensuring our future success. Addressing the future threat of quantum computing to our security systems can only be mitigated through standardization and cooperation. Since the migration to new encryption systems is a global endeavor, it is essential for us to foster a community of collaboration, where we can all join forces and work towards a common goal.