Today Letsencrypt announced their plans for PQC migration and, oh boy, it's refreshing! TL;DR, Letsencrypt considers migration to quantum-resistant certificates a priority, and lays down a reasonable path to migrate. In so doing, they take the time to explain how, so far, the security community has been mainly focused on the problem of quantum-resistant secrecy (encryption) rather than authentication (signatures/certificates), and they explain why the sentiment is changing now, and why it is particularly relevant for Letsencrypt.
A Post-Quantum Future for Let's Encrypt
Let’s Encrypt is committed to a post-quantum-safe Web PKI. The path we’re planning to take is Merkle Tree Certificates (“MTCs”), a new approach that adds post-quantum authentication to the web without sacrificing the speed and reliability that have made TLS universal. This post is about these plans and why we believe MTCs are worth pursuing as a key to a post-quantum future. An increasingly urgent problem For much of the last several years, the conversation about post-quantum cryptography has been a conversation about encryption. The reasoning was straightforward: an attacker who records encrypted traffic today might be able to decrypt it years from now once quantum computers can break the underlying math. Authentication, the part of TLS that indicates a server is who it says it is, has been a less urgent problem. A quantum computer needs to forge a signature in real time, not retroactively, so threats to authentication hinge on the existence of a cryptographically relevant quantum computer (CRQC).
(letsencrypt.org)
Not wanting to be the "told you so" guy, I've been saying this for at least 2 years now:
This is not to say that Harvest-Now-Decrypt-Later is a less urgent threat, but it's not as asymmetric as people have been believing so far. Glad to see things are changing!
#cryptography #crypto #security #quantum #pqc #postquantum #quantumsecurity #letsencrypt #ai