Call for Proposals: Transition to Post-Quantum Public Key Infrastructures

Objectives

• The overarching aim of this call is to tackle the challenges of an effective integration of PQC algorithms in Public Key Infrastructures (PKIs), which offers efficient migration strategies and strong business continuity guarantees.
• The call targets the different actors involved in the PKI ecosystems and supply and value chains, who all have a unique set of diverse needs and interdependencies, such as Certificate Authorities (CAs), intermediate CAs, researchers, end-users in different domains, and vendors.

Scope

• Proposals shall target activities on the following subjects:
  • design of digital signature combiners and key encapsulation mechanism combiners.
  • the testing of deployment of certificates in protocols that use those certificates.
  • the development of novel protocols for Automatic Certificate Management and revocation and of novel protocols for (privacy-friendly) certificate-transparency.
  • the development of methods and tools that can be used by experts across various PKI domains, including all aspects of key management of asymmetric systems.
• Proposals should carefully consider the requirements and constraints, such as security level, performance and business continuity, in a broad range of applications relevant for critical societal sectors and processes (such as governmental services, telecom, banking, smart homes, e-Health, automotive, and other sectors).
• Proposals should safeguard compatibility with existing legacy systems. To achieve this, a transition to PKIs that support both pre-quantum and post-quantum cryptography should be addressed. The proposed systems should be able to seamlessly interact with legacy systems by disabling the post-quantum component as needed while preventing downgrade attacks. Relying solely on PQC solutions in this intermediate transition phase could introduce security risks given that the security analysis of the cryptosystems and of their implementations is not as mature as for their pre-quantum counterparts. Proposals should therefore use combinations of PQC solutions and established pre-quantum solutions, making sure to provide strongest-link security, meaning that the system remains secure as long as at least one of the components of the combination is secure.
• For certificates for protocols that support negotiation, such as X.509 certificates for the Transport Layer (TLS), the use of post-quantum key exchange has already been demonstrated and can be implemented in a decentralised manner. Many other protocols need to be migrated, and this process will be more complex when old and new configurations must coexist. Moreover, for applications in IoT, smartcards, identity documents and others, the migration strategies defined for the core use cases of X.509 may well not work.
• Proposals should develop clear procedures to effectively guide the various stakeholders involved in PKIs across different usage domains through the transition process.
• Effective consortia should comprise a diverse range of actors along the entire PKI chain, encompassing expertise in areas such as software development, hardware implementation, cryptographic research, standardisation, policy, and application deployment, as well as organisations that can provide user case studies and real-world applications.
• Activities should include some or all of the following:
  • Identification of requirements necessary to implement hybrid certificates.
  • Development of approaches and techniques for constructing cryptographic combiners for different protocols.
  • Testing of the combiners for issuance of new certificates for the different applications, taking into consideration the need to balance the growth of key, signature, and ciphertext sizes, which can lead to compatibility issues with standards, such as PKI certificates, revocation mechanisms, (privacy-friendly) certificate transparency mechanisms, the use of different cryptographic protocols across certificate chains, the applications requirements, such as security level, time-constraints in signing and verification steps, communication/computational and storage overhead, and hardware optimisation requirements.
  • Development of and/or further improvement of open-source libraries.
  • Development of novel protocols for Automatic Certificate Management and revocation, and of novel protocols for (privacy-friendly) certificate-transparency. Support to standardisation activities.
  • Development of recipes for the design and deployment of the new PKIs, with analysis that depends on each component of a given PKI.
  • Tests on specialised uses of X.509 certificates other than the core cases using TLS, such as roots of trust, device integrity, firmware signing, and others.
  • Design, improvement and testing of X.509 alternatives, such as, among others, Merkle tree ladders, the GNU Name System, older proposals such as SPKI and SDSI and the use of key encapsulation mechanisms for on-demand authentication in place of signatures.
  • Awareness and training activities for stakeholders with different profiles, emphasising the interdependencies in the transition and facilitating a broader understanding of the technical standards amongst PKI users.

Funding Information

• Budget (EUR) – Year 2025: 15 000 000

Expected Outcomes

• New combiners ensuring that cryptographic schemes provide at least 128-bit security against quantum adversaries.
• Experimental evaluation on hybrid certificates in several standard protocols that use those certificates, also considering options for different cryptographic algorithms at the root Certification Authority level and at the other levels, in terms of security, performance, and backward compatibility. The impact of such certificates in protocols should be tested via open-source libraries.
• New and/or improved open-source libraries for certificate requests, issuance, validation, revocation and (privacy-friendly) certificate transparency.
• Clear procedures taking into account all aspects of key management: requirements for signature generation, in terms of the software and hardware used to create signatures as well as the secure storage and handling of private keys to maintain their authenticity and confidentiality, signature validation, with specification of the data required for verifying signatures and outlining the conditions necessary for a successful signature verification process, signature life-cycle process, and validity status of signatures.
• Test and evaluation of uses of X.509 certificates other than their core uses.
• Tests and evaluation of alternatives to X.509 certificates.
• Awareness activities and training courses.

Outcomes and Deliverables

• Applicants should provide KPI’s and metrics relevant for the action to measure progress and performance. Proposals may include the indicators listed below or those of their choice.
• When applicable, baseline and target values must be provided.
  • Number of cybersecurity and/or tools deployed;
  • Number of digital signature combiners and key encapsulation mechanism combiners designed;
  • Number of novel protocols for Automatic Certificate Management developed;
  • Number of new and/or improved open-source libraries for certificate;
  • Number of tests and evaluation of uses of X.509 certificates other than their core uses;
  • Number of awareness activities and training courses;
  • Number and type of standardisation activities and contributions to them.

Eligibility Criteria

• Applications will only be considered eligible if their content corresponds wholly (or at least in part) to the topic description for which they are submitted.
• Eligible participants (eligible countries):
  • In order to be eligible, the applicants (beneficiaries and affiliated entities) must:
    • be legal entities (public or private bodies)
    • be established in one of the eligible countries, i.e.:
      • EU Member States (including overseas countries and territories (OCTs))
      • EEA countries (Norway, Iceland, Liechtenstein)

For more information, visit EC.