TLS/SSL and PKI solutions provider DigiCert has been working together with hardware security module provider Utimaco and Microsoft Research on a successful test implementation of their ‘Picnic’ algorithm. This would provide digital certificates with the needed encryption, authentication and integrity for connected devices -commonly referred to as the Internet of Things (IoT).

This proof of concept would provide a path toward a full solution, currently in development, that will protect IoT devices from future threats quantum computing could pose to today’s widely used cryptographic algorithms.

Experts from the security community, including Dr. Brian LaMacchia from Microsoft Research, predict that large-scale quantum computers capable of breaking public key cryptography will exist within the next 10 to 15 years. Although this might seem like a long time away, many devices such as connected cars, smart homes, connected cities, connected medical devices and other critical infrastructures would either live longer than this or will take longer to update.

“DigiCert, Microsoft Research and Utimaco are collaborating today to solve tomorrow’s problem of defending connected devices and their networks against the new security threats that the implementation of quantum computers will unleash,” said Avesta Hojjati, Head of DigiCert Labs, the company’s R&D unit. “Together, we are leading the market with development of hybrid certificates that inject quantum-resistant algorithms alongside RSA and ECC to ensure long-term protection.”

Quantum-Safe Digital Certificate

Certificates to be issued by DigiCert will use the Picnic “quantum-safe” digital signature algorithm developed by Microsoft Research. To implement this algorithm and issue certificates, DigiCert has used an Utimaco ‘Hardware Security Module.’ The full solution, in development, would provide quantum-safe digital certificate issuance and secured key management, helping companies “future-proof” their IoT deployments.

“DigiCert, Utimaco and Microsoft’s successful test implementation provides a fundamental building block for the implementation of quantum-safe solutions,” said Dr. Thorsten Grötker, CTO at Utimaco. “Using these solutions, IoT manufacturers and other large organizations can innovate and develop products that are well prepared against coming quantum threats.”

A global provider of scalable TLS/SSL, PKI solutions for identity and encryption, DigiCert provides its solutions to companies including Fortune 500 enterprises and top global banks. Utimaco is an international provider of IT security solutions based in Aachen, Germany, and Campbell, CA in the US. The company counts over 220 employees.

“The work that Microsoft Research is doing with DigiCert and Utimaco is important to develop quantum-secure cryptographic algorithms, protocols and solutions today so that in the near future enterprises will be able to transition to and deploy quantum-safe cryptography,” said Brian LaMacchia, Distinguished Engineer and Head of the Security and Cryptography Group at Microsoft Research. “Working to ensure that their solutions are cryptographically agile will help companies avoid expensive and unscalable security practices to protect their IoT devices against future security threats.”