For companies that need to protect their data and information, a critical time is approaching. Within the next decade, the fundamental cryptographic algorithms widely used to protect every facet of digital communications, business, and industry, will be easily defeated by quantum computers. 

These at-risk algorithms connect to every aspect of our daily lives. Critical information is constantly flowing through data centers — from credit card transactions to passport validation and even electrical grid operation.

The “Quantum Cryptographic Apocalypse” is an imminent point when quantum computing will render existing de facto cryptographic techniques obsolete. Specifically, the RSA and ECC encryption algorithms that are fundamental to our modern security, communication, and identification systems will be vulnerable to attacks from quantum computers. At first, the quantum computers required to execute these attacks will be large, expensive systems only affordable to nation states and international organizations. However, as we have experienced with all types of technologies and computers, these machines will get more efficient, smaller, and affordable, and will be used by everyday hackers and cybercriminals.

However, it is not too late to avert this crisis. The Quantum Cryptographic Apocalypse will require a complete retooling of cybersecurity systems throughout all aspects of industry to use these new crypto algorithms. Doing so will keep our digital systems safe and functional. 

For their part, enterprises will need to migrate their computing systems and security infrastructure to use new, quantum-safe cryptographic algorithms — a process requiring significant engineering work and extensive system updates.

For many companies, a (seemingly) simple “rip-and-replace” approach to upgrading their encryption systems is simply not viable. To avoid having to update all systems at once, enterprises will need a gradual and low-risk migration plan for deploying these new crypto algorithms. And, once updated, all systems will need to be thoroughly tested to ensure they are working properly. That way, the enterprise is ready in tandem with the National Institute of Standards and Technology’s (NIST’s) standardization initiative for developing these new algorithms.

So what can you do today, to prepare for tomorrow?

There are several steps companies can take now to prepare for the migration to quantum-safe crypto algorithms.

  • Implement automation solutions for certificate management and certificate renewal
  • Develop a plan for migrating to quantum-safe public key infrastructure (PKI) solutions
  • Select security partners who have a quantum-safe roadmap

Four Types of Certificates

Quantum-safe crypto requires certificates that support quantum-safe algorithms. A new breed of digital certificates solve the challenges of migrating to quantum-safe crypto algorithms, with different certificate types serving different use cases.

There are four different classes of certificates that are relevant to any discussion about quantum-safe cryptography — each having distinct purposes, uses, and tradeoffs. 

All four types are based upon well-established X.509 digital certificates technology and vary according to the purpose of the certificate and the encryption algorithms used to create the certificate.

There are four different classes of certificates that are relevant to any discussion about quantum-safe cryptography — each having distinct purposes, uses, and tradeoffs. 


Traditional PKI certificates

Traditional PKI certificates are the certificates commonly being used in today’s PKI systems. “Traditional” refers to the fact that these certificates utilize traditional ECC or RSA encryption algorithms. The good news is that the majority of PKI systems will continue to use traditional PKI certificates for some time to come. They provide effective protection against existing computing attacks. But what comes next?

Quantum-safe certificates

Quantum-safe certificates are X.509 certificates that use quantum-safe encryption algorithms. Even though NIST is still in the process of standardizing quantum-safe encryption algorithms, they have already identified 15 candidate algorithms that are currently available. 

There are four different classes of certificates that are relevant to any discussion about quantum-safe cryptography — each having distinct purposes, uses, and tradeoffs. 


Hybrid certificates

Hybrid certificates are cross-signed certificates that contain both a traditional (RSA or ECC) key and signature and a quantum-safe key and signature. For systems with multiple components that cannot all be upgraded or replaced at the same time, hybrid certificates provide a reasonable migration path.  

Using hybrid certificates is similar to having a house with two doors, and each door has its own separate key. 

If I install a new front door lock, only people with the new key can open that door. People with the old key can still enter the house, but only via the unchanged back door. Over time, I can swap out keys to users, giving them access through the new door lock. After a transition period, I can switch out the backdoor lock so that it uses the same new key as the front door.

Companies will need to update the main pieces of their IT infrastructure to utilize quantum-safe algorithms and hybrid certificates. And as other systems and devices access the newly updated system, they can continue to utilize classic encryption algorithms. 

The quantum-safe key and signature are stored as an alternative signature algorithm, alternative key, and alternative signature algorithm. Applications that do not use the quantum-safe fields in the hybrid certificates will ignore these additional fields. Over time, security teams can update applications and systems to use the new quantum-safe algorithms. Once the transition is complete, they can deprecate hybrid certificates, and replace them with pure quantum-safe certificates.

Composite Certificates

Composite certificates are similar to hybrid certificates in that they contain multiple keys and signatures but were created to solve a different problem. 

The goal of composite keys is to address the concern that individual encryption algorithms available now may later prove to be insecure. Many new encryption algorithms are being developed to address quantum-safe cryptographic use cases. While NIST is coordinating a process to vet and select quantum-safe crypto algorithms, they have not yet been thoroughly vetted and battle-hardened. At some point in the future, it is very possible that security researchers or hackers will discover vulnerabilities in one or more of these algorithms.

With the trustworthiness of individual post-quantum algorithms still in question, a multi-key (or “composite”) cryptographic solution can provide enhanced levels of security by requiring crypto operations to utilize multiple keys. Breaking a properly implemented composite key encryption scheme requires individually breaking each of the various component algorithms. This is not easy.

Composite certs are akin to having a single door with multiple locks. Someone must have ALL the keys to open the door. If one of the encryption algorithms proves to have an exploitable vulnerability, the entire system is still secure.

Even though NIST is currently conducting a process to attempt to prove the efficacy of the candidate algorithms before certifying the algorithms as quantum-safe, actually proving the crypto algorithms are secure is a difficult and unreliable process. 

Algorithms that appear safe today may later be found to be vulnerable to new and novel attacks. Composite certificates provide a strong defense against such longer-term concerns, making them ideal for environments with high security requirements. However, creating and utilizing these certificates requires additional computational power, as all data needs to be encrypted with multiple keys.


Migrating PKI cybersecurity systems and related applications to quantum-safe crypto algorithms requires updating each system. The encryption libraries and all applications using certificates must be upgraded to support the new algorithms. For many enterprise systems, this will be a major effort with multiple systems requiring updates.

Companies have the option of replacing all systems simultaneously, making a hard switch to using quantum-safe certificates. However, for many companies, that simply is not possible. For these enterprises, hybrid certificates provide a workable alternative and allow a gradual migration to quantum-safe crypto algorithms.

For those with extremely high security requirements, composite certificates provide an alternative that hedges against concerns that some of the new quantum-safe crypto algorithms may later be shown to have vulnerabilities. The paths to averting the quantum apocalypse are already apparent, and the organizations that start their migration today will have much higher peace of mind tomorrow.