Homepage News Details
US Let's Encrypt Post-Quantum Certificates: Staging in 2026, Production in 2027
2026-06-06 11:26
Favorite

en.Wedoany.com Reported - Let's Encrypt is building a post-quantum secure Web PKI through Merkle Tree Certificates (MTCs), aiming to establish a staging environment capable of issuing MTCs by the end of 2026, and achieving a production-ready environment by 2027.

Network Post-Quantum Identity Authentication

"Over the past few years, discussions about post-quantum cryptography have largely focused on encryption. The reason is simple: attackers who record encrypted traffic today could decrypt it in the future once quantum computers are able to break the underlying mathematics," explained Andrew Gabbitas, a software engineer at Let's Encrypt.

Supporting MTCs requires overhauling Let's Encrypt's entire infrastructure, including certificate issuance, the Automatic Certificate Management Environment (ACME), revocation systems, operational tools, and the transparency infrastructure integrated with MTCs. The organization is participating in the Internet Engineering Task Force (IETF)'s PLANTS and ACME working groups, coordinating progress as standards evolve.

The project is tracking standardization efforts for ML-DSA signatures in X.509 and TLS, as well as ecosystem changes such as ML-DSA support in the Go standard library. The transition of Web PKI to post-quantum security depends on adoption by browsers, libraries, and ACME clients, regardless of whether the final outcome is MTCs or ML-DSA-signed X.509 certificates.

Since 2022, the U.S. National Security Agency (NSA)'s CNSA 2.0 suite has directed National Security Systems to migrate to post-quantum algorithms on a 2030 to 2035 timeline. The U.S. National Institute of Standards and Technology (NIST)'s draft guidance will phase out the use of RSA-2048 and P-256 after 2030, and prohibit them after 2035. The European Union aims to cover high-risk systems by 2030, with widespread migration by 2035. Google announced in 2026 plans to complete service migration by 2029, with Cloudflare making similar commitments. Go 1.27 has added the NIST-standardized ML-DSA signature scheme to its standard library. Post-quantum signatures are entering mainstream infrastructure.

Identity authentication is the part of TLS that verifies a server's identity. To break it, a quantum computer would need to forge a signature in real time. This threat depends on the existence of a cryptographically relevant quantum computer (CRQC). The Web PKI ecosystem should not delay post-quantum identity authentication, as entities with long-term keys—including root certificate authorities, code signing keys, and identity systems—remain high-value targets. Since new technologies take years to be widely adopted, deployment efforts must begin before cryptographically relevant quantum computers arrive.

The scale of Web PKI makes deploying post-quantum signatures challenging. A typical TLS handshake carries five signatures and two public keys; replacing these with ML-DSA would result in a single handshake exceeding 10 KB. MTC certificate authorities issue certificates in batches, using a single signature to cover the entire batch rather than signing each certificate individually. Browsers maintain up-to-date "landmarks" outside of the TLS handshake. The authentication path in an MTC handshake contains one signature, one public key, and one inclusion proof, which is smaller than a traditional TLS handshake even when using post-quantum algorithms. For clients using outdated landmarks, a standalone mode can be employed, using a slightly larger handshake when necessary.

MTCs integrate certificate transparency into the issuance process. Under MTCs, certificates exist only within a Merkle tree. Since 2019, Let's Encrypt has operated Merkle tree-based certificate transparency logs. Cloudflare and Chrome are testing MTCs on live internet traffic, the IETF's PLANTS working group is developing standards, and Chrome has identified MTCs as the preferred method for public web post-quantum certificates.

The transition takes time: standards are still being finalized, root programs are defining requirements, and browsers, libraries, and ACME clients need to add support. ACME client developers and operators of ACME-based certificate pipelines should follow the work of the IETF PLANTS working group and discussions on the mailing list. For the broader internet community, post-quantum encryption remains a more urgent concern. TLS traffic that does not use post-quantum key exchange can be recorded today and decrypted in the future once cryptographically relevant quantum computers are available. "If you operate servers, make sure they support hybrid post-quantum key exchange (X25519MLKEM768). Major browsers and operating systems already support it, and enabling it on the server side is one of the highest-leverage actions you can take this year," Gabbitas concluded.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com

America
Information and CommunicationCommunication Network EngineeringInformation Security and Data Security Engineering
Previous:US Aitech Launches AI Satellite Platform, Products Used in Artemis II
Next:New York City Expands AI Traffic Sensor Network to 100 Locations
Related Products
Negotiable
Single-mode Fiber G.652B
SHENZHEN SDG INFORMATION CO., LTD.
Negotiable
G.652.D Wavelength-extended Non-dispersion Shifted Single-mode Optical Fiber
HONGAN GROUP CO., LTD.
Negotiable
Office Data Leakage Prevention Solution
Sangfor Technologies Inc.
Negotiable
Fiber Optic Connector
Jingye Group Co., Ltd.
Negotiable
Industrial and Commercial Point-Type Gas Detector
Jinan Benan Technology Development Co., Ltd.
Negotiable
Fully Domestic Industrial Switch
Shenzhen Yuhang Communication Technology Co., Ltd.
Negotiable
Conveyor Belt Intelligent Monitoring System
LUO YANG WIRE ROPE INSPECTION TECHNOLOGY CO., LTD.
Negotiable
Intelligent Manufacturing
DONGFANG ELECTRIC CORPORATION
Negotiable
Neolix X3 Autonomous Delivery Vehicle
Neolix Beijing Technology Co., Ltd.
Negotiable
Unmanned Driving FAO
UniTTEC Co., Ltd.
Negotiable
GYTA Type Non-Self-Supporting Aerial/Duct Optical Cable
TONGDING INTERCONNECTION INFORMATION CO., LTD.
Negotiable /Unit
Multi-function Marine Monitoring Low-altitude Detection Radar Sea-air Boundary Ocean Dynamic Environment Measurement
Chengdu Dixin Technology Co., Ltd.
Related Recommendations
Spanish Granite Cluster Launches SmartGranito Market Intelligence Platform
2026-06-06
Mira Murati, founder of US-based Thinking Machines Lab, says interactive model will be launched
2026-06-06
Microsoft VS Code 1.123 Expands Context Window to One Million Tokens
2026-06-06
US Coupa and MIT Predict 2026 Economic Trends Based on $10 Trillion in Data
2026-06-06
Classiq and Pontificia Universidad Católica de Chile Form Latin America's First Computational Pathology Alliance
2026-06-06
BYK-Gardner USA Launches Automatic Color Matching System
2026-06-06
Swiss SEALSQ Acquires Miraex to Advance Quantum Satellite Networks
2026-06-06
Brazil's Padtec Acquires 85% Stake in LEV Brazil, Returns to Submarine Cable Market
2026-06-06
U.S. Government Considers Taking Stakes in AI Companies Like OpenAI
2026-06-06
AWS Launches BYOM Service to Solve SQL Server Cloud Migration Licensing Issues
2026-06-06
Lastest Bulletin