Cryptographic Agility for Control over Hybrid Post-Quantum TLS

Managing the Transition: QuSecure’s Approach to Navigating Hybrid Post-Quantum TLS

As post-quantum cryptography (PQC) becomes more prevalent, the diverse methods for its implementation and evolving government standards highlight the need for cryptographic agility and control. Organizations need to be able to manage changing cryptography standards in alignment with their security posture to ensure data protection. 

At QuSecure, we recognize that PQC migration strategies vary significantly across the networking stack. In the case of Internet web applications, while some browsers have adopted hybrid post-quantum TLS by default, other prominent browsers have not. Furthermore, some organizations remain skeptical about hybrid solutions as a long-term approach. This diversity in PQC adoption underscores the importance of adaptable cryptography management solutions when navigating the transition to PQC. The ongoing National Institute of Science and Technology’s (NIST) PQC process further emphasizes the need for organizations to remain agile, as the landscape of quantum-resistant algorithms continues to evolve.

To date, QuSecure has enabled cryptographic agility for quantum-resistant communications through the QuProtect platform, enabling security administrators to easily change the NIST PQC algorithm in use, symmetric algorithms such as AES, key lengths, and key rotation frequencies.  

QuSecure’s latest release expands these cryptographic agility capabilities by offering control over hybrid post-quantum TLS implementations (hybrid PQ-TLS). This enhancement, available through our Web App Security and Network Security products, allows customers to manage hybrid PQ-TLS alongside the existing quantum-resistant capabilities provided by QuProtect. 

Hybrid PQ-TLS combines classical encryption methods with post-quantum cryptography. Many browsers are implementing an iteration of hybrid PQ-TLS in TLS 1.3 using the hybrid key exchange X25519Kyber768Draft00. Examining the current landscape of hybrid PQ-TLS adoption across browsers that account for over 95% of users in the US reveals the following: 

• Chrome & Chromium (including Edge): Hybrid PQ-TLS implemented by default. 

• Firefox: Hybrid PQ-TLS available but needs to be enabled manually. 

• Safari: No current hybrid PQ-TLS implementation. 

While the adoption of hybrid PQ TLS may be an important intermediate step for some in their migration to quantum-resistant security, it is crucial to recognize its limitations. Though hybrid PQ-TLS represents an important step in the PQC migration story, it is certainly not the end of the story. Importantly, hybrid PQ-TLS does not currently address the vulnerable digital signature schemes used in TLS, meaning there may be additional changes and iterations in the future to support quantum-resistant authentication. Continuing to advance towards and being able to integrate fully quantum-resistant cryptographic solutions is essential to ensure long-term protection against a CRQC. 

Moreover, as businesses expand their security policies to handle emerging technologies and comply with government mandates such as NSM-10, they are also concerned about the end-user experience. Performance impacts when using combinations like hybrid PQ-TLS, with or without additional PQC protections such as those enabled by QuProtect, are a significant consideration.  

At QuSecure, we understand these layered concerns and are dedicated to offering flexible solutions through our cryptographic agility. To enable organizations to manage evolving cryptographic standards and assess performance, customers have the ability to enforce via the UI:  

• Hybrid PQ-TLS + QuProtect 

• No Hybrid PQ-TLS + QuProtect 

• Hybrid PQ-TLS + no QuProtect 

• No Hybrid PQ TLS + no QuProtect 

In addition to securing browser sessions, enabling hybrid PQ-TLS can also enhance the security of customer API gateways. By offering the flexibility to enable or disable hybrid PQ-TLS traffic through these gateways, customers can effectively balance their immediate security requirements while future-proofing their infrastructure. This approach ensures that they can provide robust protection for their API traffic today while being prepared for advancements in quantum computing. 

With our new release, customers can now control whether to permit or mandate hybrid PQ-TLS sessions for their end users. This enhancement adds to the existing QuProtect functionality, which allows control over the implementation of quantum-resistant protection using NIST post-quantum KEMs.

Engage with QuSecure to explore how our solutions can enhance your post-quantum security strategy. Schedule an ideation session or pilot to see how we can support your organization in navigating the evolving cryptographic landscape.