Evaluation of Hybrid Post-Quantum Digital Certificates for Integration into Java Platforms
Abstract
Quantum computing threatens classical cryptography, threatenin current and future data. As post-quantum standards mature, hybrid solutions (combining classical and post-quantum algorithms) are critical for security. This paper analyzes hybrid signature algorithms (ECDSA/Ed25519 + Falcon/Dilithium) for Java-based certificate platforms. We benchmark key generation, signing, and verification performance, proposing an integration with CZERTAINLY, an open certificate management system.References
Biage, G. d. C. et al. (2022). Estudo de esquema de assinatura digital dilithium.
Bindel, N., Herath, U., McKague, M., and Stebila, D. (2017). Transitioning to a quantum-resistant public key infrastructure. Cryptology ePrint Archive, Paper 2017/460.
Czertainly Team (2023). Czertainly Documentation. Czertainly.
Hofer, S. et al. (2021). Hybrid post-quantum certificates in the real world: Practical considerations and deployment experiences. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 342–351. IEEE.
Hülsing, A., Rijneveld, J., and Struik, J. (2018). Hybrid digital signature schemes: Practical combinations of pqc and classical signatures. In Post-Quantum Cryptography (PQCrypto), pages 3–24. Springer.
Johnson, D., Menezes, A., and Vanstone, S. (2001). The elliptic curve digital signature algorithm (ecdsa). International journal of information security, 1:36–63.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press, Boca Raton, FL.
National Institute of Standards and Technology (2023). Post-quantum cryptography. [link]. Accessed: 14 de julho de 2025.
Ounsworth, M., Gray, J., Pala, M., and Klaussner, J. (2022). Composite public and private keys for use in internet pki. Internet Draft. Work in Progress.
Pornin, T. (2019). New efficient, constant-time implementations of falcon. Cryptology ePrint Archive.
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science (FOCS), pages 124–134. IEEE.
Teixeira, C. and Henriques, M. (2024). Desafios e oportunidades de pesquisa na adoção de criptografia pós-quântica em redes veiculares. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 780–786, Porto Alegre, RS, Brasil. SBC.
Bindel, N., Herath, U., McKague, M., and Stebila, D. (2017). Transitioning to a quantum-resistant public key infrastructure. Cryptology ePrint Archive, Paper 2017/460.
Czertainly Team (2023). Czertainly Documentation. Czertainly.
Hofer, S. et al. (2021). Hybrid post-quantum certificates in the real world: Practical considerations and deployment experiences. In 2021 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pages 342–351. IEEE.
Hülsing, A., Rijneveld, J., and Struik, J. (2018). Hybrid digital signature schemes: Practical combinations of pqc and classical signatures. In Post-Quantum Cryptography (PQCrypto), pages 3–24. Springer.
Johnson, D., Menezes, A., and Vanstone, S. (2001). The elliptic curve digital signature algorithm (ecdsa). International journal of information security, 1:36–63.
Menezes, A. J., van Oorschot, P. C., and Vanstone, S. A. (1996). Handbook of Applied Cryptography. CRC Press, Boca Raton, FL.
National Institute of Standards and Technology (2023). Post-quantum cryptography. [link]. Accessed: 14 de julho de 2025.
Ounsworth, M., Gray, J., Pala, M., and Klaussner, J. (2022). Composite public and private keys for use in internet pki. Internet Draft. Work in Progress.
Pornin, T. (2019). New efficient, constant-time implementations of falcon. Cryptology ePrint Archive.
Shor, P. W. (1994). Algorithms for quantum computation: Discrete logarithms and factoring. In Proceedings of the 35th Annual Symposium on Foundations of Computer Science (FOCS), pages 124–134. IEEE.
Teixeira, C. and Henriques, M. (2024). Desafios e oportunidades de pesquisa na adoção de criptografia pós-quântica em redes veiculares. In Anais do XXIV Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais, pages 780–786, Porto Alegre, RS, Brasil. SBC.
Published
2025-09-01
How to Cite
FARIAS, Henrique Acacio de Souza; GIRON, Alexandre Augusto.
Evaluation of Hybrid Post-Quantum Digital Certificates for Integration into Java Platforms. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE ONGOING WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 25. , 2025, Foz do Iguaçu/PR.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2025
.
p. 299-304.
DOI: https://doi.org/10.5753/sbseg_estendido.2025.11849.
