Post-Quantum Cryptography Conference

January 15 and 16, 2025 - Austin, Texas, US | Online

Conference Details

The PKI Consortium is excited to host its third hybrid Post-Quantum Cryptography (PQC) Conference on Wednesday, January 15, and Thursday, January 16, 2025. The event will take place at the Thompson Conference Center, University of Texas, Austin, Texas, US.

This conference is a premier gathering for decision-makers, technical leaders, and industry influencers from both public and private sectors who are deeply invested in the future of cryptography. Attendees can expect a diverse program featuring keynote speeches, breakout sessions, and panel discussions led by thought leaders in PQC.

The conference is open to all individuals interested in Post-Quantum Cryptography and is not limited to PKI Consortium members.

Date and location

Date: January 15 and 16, 2025
Location: Thompson Conference Center (University of Texas), Austin, Texas, US
Registration: Click here

This event can be attended in-person or remotely, we strongly recommend to attend in person where possible.
There are no costs to register or attend the conference.
Travel, accommodation and living expenses are not covered, all attendees are responsible to cover their own expenses.

Accommodation

To make your stay in Austin as comfortable as possible, we’ve compiled a list of accommodation options near the Thompson Conference Center. Whether you’re looking for a budget-friendly option or a luxurious stay, you’ll find plenty of choices to suit your preferences. Visit the accommodation page for our detailed suggestions and helpful tips on booking your accommodation.

Agenda

The conference features a balanced program with strategic, informational, and educational sessions in the Plenary room, and technical deep dives in the Breakout room. Attendees can look forward to keynote speeches, interactive sessions, and panel discussions led by Post-Quantum Cryptography (PQC) experts. To ensure a focus on education, speakers are not permitted to promote products or services during presentations.

Please note that this is a preliminary agenda and is subject to change. Final details, including topics, abstracts, speakers, panels, and time slots, will be updated here in the coming weeks and months, with more speakers and panels to be announced, we still have limited availability for speakers.
Propose a Talk or Panel

To get a sense of what to expect, you can also check out the agenda, slides, and recordings from our Amsterdam PQC Conference.

Albert de Ruiter
Policy Authority PKI Dutch Government (Logius)

Albert de Ruiter operates the Policy Authority at Logius, the digital government service organization of the Netherlands. He is also a member of the QvC (Quantum Secure Cryptography) working group of the Dutch government, a board member of HAPKIDO, and a member of the PKI Consortium. Albert is known for introducing the idea of a Post-Quantum Cryptography Conference to the PKI Consortium in 2022.

Alexander Löw
CEO at Data-Warehouse

Dr. Alexander Löw is the CEO of Data-Warehouse GmbH and serves as a Senator in the German Senate of Economy. He holds the position of Vice President of the German Cybersecurity Council Association and is the innovative mind behind IQIMS and PCert. With a deep understanding of cybersecurity since the 1980s and 25 years of experience as a Data Protection Officer (DPO), Alexander has a strong focus on Public Key Infrastructure (PKI). He has been involved in the conceptualization, building, and maintenance of industrial and governmental CAs (e.g., Macao, German Airforce, BMW) since 2001. In 2012, following a significant APT attack, he began automating PKI processes to enhance cybersecurity. Since 2014, he has been actively involved in publishing and presenting on PKI and cybersecurity topics, and has been conducting PKI trainings for the German BSI Alliance for Cybersecurity since 2015. In 2024, he joined the NIST Post-Quantum Migration Working Group to contribute to the development of standard 1800-38B.

Axel York Poschmann
VP of Product at PQShield

Dr. Axel York Poschmann is a cryptography expert with over 15 years of experience, blending a strong academic foundation with industry leadership. Formerly an Assistant Professor at Nanyang Technological University, Axel’s research has led to high-impact publications and patents in cryptographic engineering. As VP of Product at PQShield, he drives the development of quantum-safe solutions, collaborating with regulators and industry leaders to advance secure communication systems.

Bill Newhouse
Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence (NCCoE) at NIST

Bill Newhouse is a cybersecurity engineer at the National Cybersecurity Center of Excellence (NCCoE) in the Applied Cybersecurity Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST). His work at the NCCoE, NIST's applied cybersecurity lab, pushes for the adoption of functional cybersecurity reference designs built from commercially available technologies provided by project collaborators. These projects include establishing communities of interest with members from industry, academia, and government to gain insight to define project's that address cybersecurity risk faced by the members of the community of interest. NCCoE projects are documented in NIST SP 1800 series publications known as practices guides. He has completed guides addressing cybersecurity risk in the hospitality and retail sectors as well as an early demonstration of derived credentials. He recently completed a cybersecurity collaboration with the U.S. Department of Energy that resulted in a Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. His responsibilities as the financial services sector lead also include identifying ways to include financial services sector use case scenarios in relevant NCCoE projects/practice guides. He is presently leading projects on Data Classification and Migration to Post-Quantum Cryptography.

Bruno Couillard
Co-Founder & CEO at Crypto4A

Bruno Couillard is the CEO and co-founder of Crypto4A Technologies Inc., where he leads the development of cutting-edge crypto-agile and post-quantum cybersecurity solutions, including the QxHSM and QxEDGE. With over 35 years of experience in cryptography, key management, and quantum-safe technology, Bruno has worked extensively in both commercial and military applications. Previously, he co-founded Chrysalis-ITS and spearheaded the development of the Luna HSM, now a part of Thales. He also contributed to the creation of the PKCS#11 Standard. In addition to his entrepreneurial work, Bruno has served as a cryptographic evaluator for the Canadian Government and played a key role in the Canadian Cryptographic Modernization Program (CCMP). Bruno is an active board member of Quantum Industry Canada (QIC), co-chair of the Quantum Industry Developers and Users Working Group, and a member of the Canadian National Quantum Strategy committee. Through these roles, he continues to promote and shape a quantum-safe cybersecurity ecosystem.

Dustin Moody
Mathematician & Project Lead, Post-Quantum Cryptography at NIST

Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.

Eric Amador
Product Manager at Thales

Eric Amador is Product Market Manager at Thales, spearheading the development of the Luna Hardware Security Module (HSM) product line. He leads diverse teams across engineering, sales, marketing, and support to deliver cutting-edge hardware security solutions. Collaborating closely with R&D, Eric integrates emerging cryptographic technologies, including post-quantum cryptography (PQC), 5G, and crypto assets, to fortify product security. His role involves conducting in-depth market analysis to identify regional trends and customer needs across the Americas, Europe, APAC, and the Middle East. He fosters strategic partnerships with key industry players and ensures products adhere to stringent global and regional security standards, such as FIPS 140-3 Level 3 and Common Criteria EAL4+.

Erik Hieta-aho
Senior Scientist at VTT, Research Center of Finland

Erik Hieta-aho is a senior scientist in the applied cryptography research group at VTT, Finland's research center. He received his PhD in mathematics at Ohio University in 2018 with a focus on error corrected coding theory. He has taken part in projects implementing a self-sovereign identity manager and studying the modern post-quantum cryptographic algorithms. He has interests in various contexts of PQC and the applications of cryptography.

Giuseppe Bruno
Head of Division at Bank of Italy

Giuseppe Bruno is the Head of Division in the Economics and Statistics Department at the Bank of Italy. In his career, he has worked with experts from the Division of Research and Statistics at the Board of Governors of the Federal Reserve System. In 1993, he spent an academic year at the University of Pennsylvania (Philadelphia) for developing algorithms for optimal control of econometric models. In 2000, after a short period at the Statistical Division of the Organisation for Economic Co-operation and Development (OECD), he was appointed Head of the Economic Research Department’s IT unit. In 2022 he has been visiting the Institute of Quantum Computing at the University of Waterloo. Over his career, he has published over 30 papers in different economic and computational economics journals.

Giuseppe Damiano
Vice President of Product Management at Entrust

Giuseppe is currently the Vice President of Product Management for the nShield product portfolio offering at Entrust. Giuseppe is a senior expert in developing and managing PKI solutions and infrastructures, data security, and electronic payment systems with more than 30 years of experience. He has a very strong knowledge of IT architecture security, PKI solutions, HSMs, e-procurement, e-invoicing, digital certificates for electronic signatures, electronic seals, and time stamping. During his professional career, as CTO of a Qualified Trust Service Provider, Giuseppe has successfully deployed large-scale projects for major Italian banks, insurance companies, and certification authorities, managing more than 20 million qualified digital certificates using solutions developed in-house. Notable achievements include setting up one of the biggest Qualified Remote Signature infrastructures in Europe, remote signature server solutions capable of hosting large numbers of certificates independently of the HSM capacity, designing HSM solutions to manage data security for electronic payment instruments. Together with one of the most important smart-card manufacturers, he defined and implemented the first prototype of a digital signature system based on a GSM SIM. The project was nominated in 2005 by the European IST-Prize as one of Europe’s most innovative projects of the year. Giuseppe has actively contributed to writing one of the first technical API standards for Cloud Signature. The standard is defined by the Cloud Signature Consortium and adopted by ETSI. He has also actively contributed to writing one of the first proposals for Distributed Ledger Timestamp based on standard PKI formats and blockchain evidence.

Iñigo Barreira
CA Manager at Sectigo

Iñigo Barreira has been working in PKI and cybersecurity for more than 25 years and has held technical responsibility positions on CAs/TSPs, Browsers and also Certification Bodies as an auditor. He started working with ETSI ESI in the earlies 2000 and has participated in several STFs developing many of the standards used in the past for the issuance of certificates and also on preservation services which were the germen for the current ENs in where he also participated as editor. He has also participated in some other projects with ENISA (European Agency for Cybersecurity) writing several reports, all related to PKI services. Iñigo is an engineer and holds several technical certifications.

Jaime Gómez García
Head of Quantum at Banco Santander

Jaime Gómez García is a recognized expert in telecommunications, blockchain, and quantum technologies, with an extensive professional background within the financial sector. His contributions as a disseminator of quantum technologies and their consequential influence on enterprises, notably within the financial domain, have garnered him recognition as a LinkedIn Quantum Top Voices in 2022 and 2023. Currently, Jaime is Head of Quantum Technologies at Banco Santander, addressing how quantum computing can be leveraged in benefit of the business and how to tackle the quantum threat to cryptography.

Jan Klaußner
Senior Product Architect at Bundesdruckerei GmbH

Jan Klaußner studied computer science with focus on cryptography and security at TU Dresden and worked in the IT-Security industry ever since. Several years developing high grade security products provided him a deep understanding of the possibilities and challenges around smart cards and Public Key Infrastructures. Finally, he joined his team at the Bundesdruckerei in 2021 to improve and promote innovative ideas around PKIs and post quantum cryptography.

Jeff Stapleton
Executive Director Cybersecurity Researcher at Wells Fargo

Jeff Stapleton is a security professional with over 40 years’ experience primarily in the financial services industry, focusing on cryptography, PKI and key management. He has participated in the development of numerous ISO and X9 standards for 35 years, chaired the X9F4 Cybersecurity and Cryptography workgroup for 25 years, and a US expert to ISO TC68 Financial Services. Jeff has published papers, written articles, and authored his five-book series Security Without Obscurity with Routledge CRC Press.

Joey Lupo
Product Security Architect at QuSecure, Inc

Joey’s strength and passion are in all things security, cryptography, and code. For the last 2 and a half years, he has worked at QuSecure as a Product Security Architect and Software Engineer. He completed an MSc in Cyber Security, Privacy, and Trust from the University of Edinburgh as a 2021 scholarship award winner of the St. Andrew’s Society of the State of New York. Before that, he graduated summa cum laude from Amherst College, where he studied mathematics and computer science and was captain of the Division III men’s ice hockey team.

José Hernández Pérez
Research Specialist at HPI Consulting & Florida State University

José Hernández Pérez is an educational consultant specializing in emerging technologies for business, including artificial intelligence, quantum computing, and high-performance computing. He also works as an Applications Specialist at Florida State University’s Research Computing Center, focusing on curriculum development and providing research software support in the humanities, arts, and social sciences. His mission is to equip students at every career stage with the skills and resources they need to pursue their passions wherever they may lead them. José Hernández graduated from the University of Chicago with a MA in Digital Studies and a BA in History.

Lory Thorpe
Quantum Safe Industry Lead at IBM and Chair of the GSMA Post Quantum Telco Network Task Force

Driven executive leader with over 20 years senior level global experience in digital transformation and telecommunications with a strong technology, strategy and innovation background (development, architecture, product and solution mgt) in Internet of Things, mobile networks, cloud, security, data analytics/ AI, edge. Expertise in building, integrating and delivering innovative digital products and solutions to market, across Private and Public sector within Enterprise. Leading portfolio and industry efforts on application of Quantum Computing and Quantum Safe in Telecommunications in IBM.

Luke Valenta
Research Engineer at Cloudflare

Luke Valenta is a research engineer primarily focused on building secure, reliable systems and measuring the Internet. He is broadly interested in computer security, network and protocol measurement, applied cryptography, privacy, elliptic curves, and distributed systems.

Maaike van Leuken
Researcher and Portfolio Manager Quantum Safe Technologies at Netherlands Organisation for Applied Scientific Research (TNO)

Maaike van Leuken is a researcher and the portfolio manager for Quantum Safe Technologies at TNO. Her focus is on the migration towards quantum safe cryptography. She graduated in computing science, cyber security and cryptography from Radboud University in 2021.

Matthew Campagna
Senior Principal Engineer at Amazon Web Services (AWS)

Matthew Campagna is a Sr. Principal Engineer & Cryptographer for Amazon Web Services Inc.’s. He oversees the design and analysis of cryptographic solutions across AWS. He is a member of the ETSI Security Algorithms Group Experts (SAGE), and Chairman of ETSI TC CYBER’s Quantum Safe Cryptography group. Previously he managed Certicom/BlackBerry’s Cryptography Research Group focused on the development of intellectual property and standardization for elliptic curve cryptography. He holds a doctorate in Mathematics from Wesleyan University.

Mike Ounsworth
Software Security Architect at Entrust

Mike Ounsworth is a Software Security Architect at Entrust. His day-job is primarily application security architecture and penetration testing, with research projects in cryptography and post-quantum cryptography. He is leading discussion at IETF around post-quantum transition strategies for Public Key Infrastructure (PKI), including primary and secondary authorship on several Internet Drafts. He holds an M.Sc in Computer Science in robotics and artificial intelligence from McGill University, and an undergraduate degree in Computer Science with concentrations in mathematics and physics from Queen's University. Fun fact: he has a decade of experience coaching the high school level FIRST Robotics Competition.

Mila Anastasova
Computer and Electrical Engineering at Florida Atlantic University

Panos Kampanakis
Principal Security Engineer, Applied Scientist at Amazon Web Services (AWS)

Panos has extensive experience with cyber security, applied cryptography, security automation, and vulnerability management. In his professional career, he has trained and presented on various security topics at technical events for numerous years. He has co-authored cybersecurity publications and participated in various security standards bodies to provide common interoperable protocols and languages for security information sharing, cryptography, and PKI. Currently, he works with engineers and industry standards partners to provide cryptographically secure tools, protocols, and standards.

Paul van Brouwershaven
Chair PKI Consortium and Director of Technology Compliance at Entrust

Paul van Brouwershaven is Director of Technology Compliance for Entrust’s certification authority, Chair of the PKI Consortium and Vice Chair of the CA/Browser Forum.

Reshmi TR
Scientist at Society for Electronic Transactions and Security (SETS)

Dr. TR Reshmi is currently working as a Scientist under Cryptology and Computing Research group in Society for Electronic Transactions and Security (SETS) Chennai Under Office of Principal Scientific Adviser to the Government of India. Her active projects are in the areas of Blockchain, 5G Security, Ransomware Analysis and AI/ML for Cybersecurity. Dr. Reshmi, an alumnus of Anna University, received her Ph.D. in Information & Communication Engineering from Anna University in 2015. Currently, she has around 15 years of industrial, academic and research experience in the field of computer science and engineering. She has delivered several keynote addresses and presented papers in a number of reputed national and international conferences and also has authored 30 papers in SCI and Scopus Indexed technical journals. Further, to her credit, Dr Reshmi has one patents granted and 2 under progress for grant approval. Dr. Reshmi is an IPv6 Forum Certified Engineer (Silver). She is an active member of several professional societies and forums such as IETF, ISOC, IPv6 forum, IAENG to name a few and also a member in few working groups & committees in her professional areas.

Scott Stuewe
President and CEO at DirectTrust

Scott Stuewe is a 25+ year veteran of the healthcare information technology industry. As President and CEO of DirectTrust, Scott drives strategy, visibility, and growth of DirectTrust’s focus areas of community, accreditation, standards development, and trust services to contribute to the advancement of trusted healthcare data exchange. Under his tenure, the organization achieved the landmark milestones of one, two, three, and four billion Direct Secure Messages sent and received through the DirectTrust Network, as well as acquired SAFE Identity, and merged with EHNAC. Previously, Stuewe was Director of Strategy and Interoperability at a health information management company, and served more than 24 years at Cerner, including as Cerner Network’s Director of National Interoperability Strategy, where he drove participation in the CommonWell Health Alliance and the bridge with Carequality.

Syed Suleman Ahmad
Research Engineer at Cloudflare

Suleman is a Research Engineer working at the intersection of product engineering and security research at Cloudflare. His work and academic experience has span the following areas of interest: Security and Privacy, Internet Measurement, and Applied Machine Learning — particularly applications in Cybersecurity, and Distributed Systems.

Tim Callan
Chief Compliance Officer at Sectigo

Tim Callan has over 20 years of experience in the SSL and PKI technology spaces. Tim leads Sectigo's conformance with industry and regulatory requirements including browser root programs, WebTrust, CA/Browser Forum, and more. Tim is instrumental in driving initiatives to improve certificate agility and successful issuance. A founding member of the CA/Browser Forum and current vice-chair for one of its working groups, Tim is creator and co-host of "Root Causes: A PKI and Security Podcast", the world’s most popular podcast dedicated to digital certificates. With 400+ episodes published, Tim is on the forefront of explaining trends that will be essential to the IT professionals, including shortening certificate lifespans and the coming change to post-quantum cryptography.

Tomas Gustavsson
Chief PKI Officer at Keyfactor

Tomas is the founder of the open-source PKI project EJBCA and Chief PKI Officer of Keyfactor. He has been implementing PKI systems since 1994 and have contributed to numerous other open source-projects in PKI and applied cryptography. Tomas has been working on applying quantum safe algorithms to PKI for the last couple of years.

Plenary

Breakout

8:30

Registration

9:00

Opening

Paul van Brouwershaven - Chair PKI Consortium and Director of Technology Compliance at Entrust
Albert de Ruiter - Policy Authority PKI Dutch Government (Logius)

9:30

NIST Post-Quantum Cryptography Update

Bill Newhouse - Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence (NCCoE) at NIST
Dustin Moody - Mathematician & Project Lead, Post-Quantum Cryptography at NIST

In August 2024, the National Institute of Standards and Technology (NIST) reached a pivotal moment by releasing the first three finalized Post-Quantum Cryptography (PQC) standards: FIPS 203, FIPS 204, and FIPS 205. These standards mark the beginning of a new era in cryptography, designed to protect against the future threat of quantum computing.

In this presentation, Dr. Dustin Moody, a leading mathematician at NIST, will provide an in-depth update on the newly established FIPS PQC standards. He will also discuss the ongoing efforts to standardize additional cryptographic algorithms, ensuring preparedness for potential vulnerabilities in the current standards.

Mr. Bill Newhouse, a cybersecurity engineer and Project Lead at the NIST National Cybersecurity Center of Excellence (NCCoE), will explain the urgency of transitioning to these new quantum-resistant cryptographic standards. He will also share practical strategies and best practices to facilitate the migration from existing public-key cryptographic systems to these next-generation standards.

10:30

Break

11:00

Panel dicussion

Strategies for Transitioning to Future-Proof Cryptography

Lory Thorpe - Quantum Safe Industry Lead at IBM and Chair of the GSMA Post Quantum Telco Network Task Force
Jaime Gómez García - Head of Quantum at Banco Santander
Scott Stuewe - President and CEO at DirectTrust

This panel will bring together industry leaders from the Financial, Mobile, Healthcare, and Aviation sectors to discuss the critical transition to post-quantum cryptography (PQC). Panelists from leading banks, the GSMA Association, DirectTrust, and other key stakeholders will explore the growing threat posed by quantum computing to traditional cryptographic systems. They will discuss the unique challenges each industry faces in adopting quantum-resistant solutions, including technical, regulatory, and operational hurdles. Key topics will include the current state of readiness, strategies for smooth transitions, the role of standards bodies, and collaborative efforts across industries. The discussion will also address timelines, cost considerations, and the importance of future-proofing critical infrastructure to ensure security in a post-quantum world.

Migrating and benchmarking a banking application

Maaike van Leuken - Researcher and Portfolio Manager Quantum Safe Technologies at Netherlands Organisation for Applied Scientific Research (TNO)

There is a hesitance to start the migration to quantum-safe solutions, which leads to slower adoption of PQC. This stems from multiple PQC algorithms to choose from, each having specific strong and weaker points, especially with respect to performance, storage and bandwidth. How to deploy these? Hybrid or not? What is the impact on my application? By helping (financial) organisation in migrating their application and testing them in an operational setting, we capture system effects and benchmarking results. In this presentation, I will discuss the results and experiences gained during the migration and share common pitfalls.

11:30

To be announced shortly

The speaker(s) for this session will be announced soon!

Hybrid PQC Digital Signatures and SSI

Erik Hieta-aho - Senior Scientist at VTT, Research Center of Finland

Self-sovereign identity (SSI) and digital credentials are becoming more and more practical, especially in Europe, and as such it is essential for them to be secured against the quantum threat. As we know PQC is a relatively modern area of cryptography and so we have decided to implement both a classical and a PQC digital signature scheme in a hybrid implementation within an SSI stack. Therefore, providing the classical security we know and trust while also preparing for the eventual quantum computing attack in the future. We are developing a hybrid PQC digital signature scheme in which we are implementing ML-DSA and ECDSA in parallel. The goals of our project also include the benchmarking and comparison of the hybrid vs PQC vs classical implementations.

12:00

Beginners

ELI5: Implementing digital certificates for a post-quantum world

Tim Callan - Chief Compliance Officer at Sectigo

This presentation will focus on the pragmatic steps IT teams can take now to prepare for deployment of post-quantum cryptographic algorithms once it becomes practical. This conversation will directly connect the steps back to IT teams’ day-to-day tasks, as it relates to certificate management, and help practitioners identify exactly what they need to do today to begin the process of being post-quantum ready. The presentation will go over: (1) the necessary steps for industry standards bodies to clarify requirements for the new NIST standards; (2) what software, hardware, and services vendors need to do to incorporate support and possible timelines for this support; (3) how enterprises can apply these updates, (4) what you, as an IT manager, can do today to begin the transformation to PQC, and (5) what a likely post-quantum certificate migration plan might look like, including the use of hybrid certificates.

Developers

Update on end-to-end PKI and HSM integrations with ML-DSA

Tomas Gustavsson - Chief PKI Officer at Keyfactor

At last years PQC Conference we benchmarked Hardware Securtiy Modules with Dilithium. Now that FIPS-204 is released, it is time to forget about Dilithium and do production level integrations using ML-DSA. This session shows PKI application integration for issuing certificates, with a number of HSMs that are ready for ML-DSA. We will highlight how easy, or hard, it is to integrate using PKCS#11 or REST APIs. Of course there will be benchmarks of certificate issuance comparing ML-DSA against classic algorithms. Let’s see what else we are able to squeeze in until January.

12:30

To be announced shortly

The speaker(s) for this session will be announced soon!

To be announced shortly

The speaker(s) for this session will be announced soon!

13:00

Lunch

14:00

WebPKI

Why the Internet isn’t ready for post-quantum certificates

Luke Valenta - Research Engineer at Cloudflare

NIST has finalized the first set of post-quantum algorithms, and post-quantum key agreement has been enabled by default in browsers for over a year. Why are signatures lagging behind? This talk provides the latest updates in a fast-moving ecosystem, a recap of the challenges in migrating to post-quantum certificates, and an overview of ongoing efforts to make post-quantum signatures practical in the WebPKI.

In a followup breakout session, we go into detail into some of the more promising proposals for coping with post-quantum certificates.

Quantum-Safe Solutions for Permissioned Blockchain Networks: A Hyperledger Fabric Case Study

Reshmi TR - Scientist at Society for Electronic Transactions and Security (SETS)

This presentation explores the integration of Post-Quantum Cryptographic (PQC) solutions within the permissioned blockchain framework of Hyperledger Fabric. Focusing on applications such as supply chain management, land registration, and certificate validation, the talk will highlight how Hyperledger Fabric has been tailored to meet security needs in both academia and industry. Public Key Infrastructure (PKI) is central to these implementations, ensuring identity management and secure communication via TLS validations, with chain codes customized for specific uses.

The rise of quantum computing presents significant vulnerabilities for classical cryptographic algorithms used within these blockchain networks. In response, a quantum-safe PKI using Crystal Dilithium-based digital signatures has been developed and tested within Hyperledger Fabric, achieving successful implementation. Attempts to integrate SPINCS+, however, revealed compatibility challenges, emphasizing the need for adapting permissioned blockchain systems as quantum threats emerge. This talk will share early results of deploying a PQC-enabled certifying authority in Hyperledger Fabric, offering insights into essential modifications for a quantum-resistant blockchain environment.

14:30

X9 Financial PKI: PQC Readiness and Crypto-Agility for Financial Services

Jeff Stapleton - Executive Director Cybersecurity Researcher at Wells Fargo

Transitioning from legacy asymmetric algorithms to PQC algorithms also means upgrading your PKI and certificates, however the financial services industry has its own needs which no longer aligns with the CA/Browser Forum, the IETF, NIST, or other programs. Consequently, the Accredited Standards Committee (ASC) X9 Financial Services has launched the X9 Financial PKI as an alternative for PQC readiness and crypto-agility to banks, merchants, and third-party financial service providers. This session discusses the issues, the requirements, the technologies, the X9 Financial PKI program, and its first implementation using PQC enabled certificates.

Migration

Hybrid PQC E-Mail Communication: Easing Migration Pain

Jan Klaußner - Senior Product Architect at Bundesdruckerei GmbH

Secure e-mail communication is a natural fit for hybrid cryptography, offering long-term confidentiality and non-repudiation for users. This talk introduces a prototype system comprising a Certificate Authority, Certificate Management System, and an extended Open Source client application, including an integration module for Microsoft Outlook.

The presentation explores the selection criteria for hybrid schemes and the rationale behind choosing Composite and ICA approaches to facilitate PKI and S/MIME migration. It also shares insights from implementing and using pure PQC, Composite, and ICA hybrid constructions. Topics include certificate creation, client enrollment, and securely signing and encrypting e-mail messages using S/MIME across various cryptographic configurations, emphasizing the hybrid integration of classical and post-quantum secure cryptography.

15:00

To be announced shortly

The speaker(s) for this session will be announced soon!

Quantum-Safe Secure Boot: How hard can it be?

Axel York Poschmann - VP of Product at PQShield

Secure boot is hard. Quantum-safe secure boot is even harder. It starts with the choice of a suitable algorithm. On the signature verification side, conflicting regulatory requirements on Post-Quantum/Traditional (PQ/T) hybrid mean there is no silver-bullet, while on the signature generation side, key management challenges and the lack of available end-to-end quantum-safe solutions further complicate the decision process.

In this talk we highlight open issues at various stages of the secure boot lifecycle.

15:30

Break

16:00

To be announced shortly

The speaker(s) for this session will be announced soon!

WebPKI

Making PQ signatures work in the WebPKI

Luke Valenta - Research Engineer at Cloudflare

Post-quantum signatures are not easily deployable in the WebPKI. Using the signature algorithms recently standardized by NIST as drop-in replacements for existing classical algorithms on the Web would incur significant performance degradations, making this approach infeasible unless a cryptographically-relevant quantum computer (CRQCs) is imminent. There’s a real risk that post-quantum signatures do not see widespread adoption before CRQCs become a reality, unless we make changes to how signatures are used in the WebPKI.

This talk dives into several of the more promising proposals for making post-quantum signatures deployable, from TLS extensions to reduce the number of transmitted signatures, to using key agreement as an authentication mechanism, to complete overhauls of the WebPKI. We discuss ongoing work to evaluate the feasibility of each of these proposals and to address known unknowns.

(this is a 60 minute session)

16:30

To be announced shortly

The speaker(s) for this session will be announced soon!

Continuation of prior session

16:55

Closing remarks for day 1

Paul van Brouwershaven - Chair PKI Consortium and Director of Technology Compliance at Entrust
Albert de Ruiter - Policy Authority PKI Dutch Government (Logius)

17:00

Networking