In some respects, the threat of Y2Q (the time when a powerful quantum computer able to break RSA encryption becomes available) is more imminent for embedded Internet-of-Things (IoT) devices than it is for the PC’s and smartphones used by all of us.  The reason has to do with installed lifetime.  Whereas many of us will replace a PC or smartphone every 2-3 years, many IoT devices have typical installed lifetimes of 10 years or more.  So anyone installing an IoT device that uses public key cryptography in 2018 needs to worry now about the state-sponsored adversary who might get their hands on a quantum computer in 2028.

To provide a solution for customers wanting to start working on this soon, DigiCert, Gemalto, and Isara have gotten together to provide a full infrastructure with all the pieces to provide the complete solution including digital certificates and secure key management for IoT devices.  In this partnership, Isara will provide the post-quantum encryption software which will run on a Hardware Security Module (HSM) supplied by Gemalto that will interface to the Gemalto digital certificate infrastructure to provide automated credential issuing for connected devices.

A key capability of their solution is that it is designed to be crypto-agile.  This means the hardware and infrastructure will be flexible enough to accommodate a variety of both classical and post-quantum cryptography algorithms and can be updated as the post-quantum algorithms become updated or standardized.  An important capability is that the solution will support hybrid approaches where the hardware can use both classical and quantum encryption together for extra safety while the Gemalto server can provide both classical and quantum compatible certificates that can use a new hybrid certificate capability being put into the X.509 standard and expected to be finalized early next year.

For more details on this partnership, you can view the press release here.