January 15 and 16, 2025 - Austin, Texas, US | Online
Conference Details
The PKI Consortium is excited to host its third hybrid Post-Quantum Cryptography (PQC) Conference on Wednesday, January 15, and Thursday, January 16, 2025. The event will take place at the Thompson Conference Center, University of Texas, Austin, Texas, US.
This conference is a premier gathering for decision-makers, technical leaders, and industry influencers from both public and private sectors who are deeply invested in the future of cryptography. Attendees can expect a diverse program featuring keynote speeches, breakout sessions, and panel discussions led by thought leaders in PQC.
The conference is open to all individuals interested in Post-Quantum Cryptography and is not limited to PKI Consortium members.
Interested in sponsoring the Post-Quantum Cryptography Conference? For detailed information about sponsorship opportunities, please contact us. You can also download the sponsorship brochure for a comprehensive overview and pricing of our sponsorship packages.
The conference features a balanced program with strategic, informational, and educational sessions in the Plenary room, and technical deep dives in the Breakout room. Attendees can look forward to keynote speeches, interactive sessions, and panel discussions led by Post-Quantum Cryptography (PQC) experts. To ensure a focus on education, speakers are not permitted to promote products or services during presentations.
Please note that this is a preliminary agenda and is subject to change. Final details, including topics, abstracts, speakers, panels, and time slots, will be updated here in the coming weeks and months, with more speakers and panels to be announced, we still have limited availability for speakers. Propose a Talk or Panel
To get a sense of what to expect, you can also check out the agenda, slides, and recordings from our Amsterdam PQC Conference.
Albert de Ruiter operates the Policy Authority at Logius, the digital government service organization of the Netherlands. He is also a member of the QvC (Quantum Secure Cryptography) working group of the Dutch government, a board member of HAPKIDO, and a member of the PKI Consortium. Albert is known for introducing the idea of a Post-Quantum Cryptography Conference to the PKI Consortium in 2022.
Bill Newhouse Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence (NCCoE) at NIST
Bill Newhouse is a cybersecurity engineer at the National Cybersecurity Center of Excellence (NCCoE) in the Applied Cybersecurity Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST).
His work at the NCCoE, NIST's applied cybersecurity lab, pushes for the adoption of functional cybersecurity reference designs built from commercially available technologies provided by project collaborators. These projects include establishing communities of interest with members from industry, academia, and government to gain insight to define project's that address cybersecurity risk faced by the members of the community of interest. NCCoE projects are documented in NIST SP 1800 series publications known as practices guides. He has completed guides addressing cybersecurity risk in the hospitality and retail sectors as well as an early demonstration of derived credentials. He recently completed a cybersecurity collaboration with the U.S. Department of Energy that resulted in a Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. His responsibilities as the financial services sector lead also include identifying ways to include financial services sector use case scenarios in relevant NCCoE projects/practice guides. He is presently leading projects on Data Classification and Migration to Post-Quantum Cryptography.
Blair has 30+ years of IT cybersecurity sales, channel, marketing, and business development experience. Blair continuously expanded his cybersecurity and cryptographic expertise starting with Symantec and several cyber start-ups including Chrysalis-ITS (Thales), InfoSec Global, Crypto4A and since September 2019, back with Thales’ Global Technology Alliances team, including the Quantum cryptography portfolio. Blair recently represented the Canadian Forum for Digital Infrastructure Resilience (CFDIR) to articulate the standards and Government guidance at Mobile World Congress (MWC) in 2023. He is an avid presenter, start-up consultant, and IT industry contributor. Blair holds an Hons.BA from the University of Waterloo, and Wilfrid Laurier University, Ontario, Canada.
Bruno Couillard is the CEO and co-founder of Crypto4A Technologies Inc., where he leads the development of cutting-edge crypto-agile and post-quantum cybersecurity solutions, including the QxHSM and QxEDGE. With over 35 years of experience in cryptography, key management, and quantum-safe technology, Bruno has worked extensively in both commercial and military applications.
Previously, he co-founded Chrysalis-ITS and spearheaded the development of the Luna HSM, now a part of Thales. He also contributed to the creation of the PKCS#11 Standard. In addition to his entrepreneurial work, Bruno has served as a cryptographic evaluator for the Canadian Government and played a key role in the Canadian Cryptographic Modernization Program (CCMP).
Bruno is an active board member of Quantum Industry Canada (QIC), co-chair of the Quantum Industry Developers and Users Working Group, and a member of the Canadian National Quantum Strategy committee. Through these roles, he continues to promote and shape a quantum-safe cybersecurity ecosystem.
Dustin Moody Mathematician & Project Lead, Post-Quantum Cryptography at NIST
Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.
Giuseppe Bruno is the Head of Division in the Economics and Statistics Department at the Bank of Italy. In his career, he has worked with experts from the Division of Research and Statistics at the Board of Governors of the Federal Reserve System. In 1993, he spent an academic year at the University of Pennsylvania (Philadelphia) for developing algorithms for optimal control of econometric models. In 2000, after a short period at the Statistical Division of the Organisation for Economic Co-operation and Development (OECD), he was appointed Head of the Economic Research Department’s IT unit. In 2022 he has been visiting the Institute of Quantum Computing at the University of Waterloo. Over his career, he has published over 30 papers in different economic and computational economics journals.
Giuseppe Damiano Vice President of Product Management at Entrust
Giuseppe is currently the Vice President of Product Management for the nShield product portfolio offering at Entrust.
Giuseppe is a senior expert in developing and managing PKI solutions and infrastructures, data security, and electronic payment systems with more than 30 years of experience. He has a very strong knowledge of IT architecture security, PKI solutions, HSMs, e-procurement, e-invoicing, digital certificates for electronic signatures, electronic seals, and time stamping.
During his professional career, as CTO of a Qualified Trust Service Provider, Giuseppe has successfully deployed large-scale projects for major Italian banks, insurance companies, and certification authorities, managing more than 20 million qualified digital certificates using solutions developed in-house.
Notable achievements include setting up one of the biggest Qualified Remote Signature infrastructures in Europe, remote signature server solutions capable of hosting large numbers of certificates independently of the HSM capacity, designing HSM solutions to manage data security for electronic payment instruments. Together with one of the most important smart-card manufacturers, he defined and implemented the first prototype of a digital signature system based on a GSM SIM. The project was nominated in 2005 by the European IST-Prize as one of Europe’s most innovative projects of the year.
Giuseppe has actively contributed to writing one of the first technical API standards for Cloud Signature. The standard is defined by the Cloud Signature Consortium and adopted by ETSI.
He has also actively contributed to writing one of the first proposals for Distributed Ledger Timestamp based on standard PKI formats and blockchain evidence.
Jaime Gómez García is a recognized expert in telecommunications, blockchain, and quantum technologies, with an extensive professional background within the financial sector. His contributions as a disseminator of quantum technologies and their consequential influence on enterprises, notably within the financial domain, have garnered him recognition as a LinkedIn Quantum Top Voices in 2022 and 2023. Currently, Jaime is Head of Quantum Technologies at Banco Santander, addressing how quantum computing can be leveraged in benefit of the business and how to tackle the quantum threat to cryptography.
Joey Lupo Product Security Architect at QuSecure, Inc
Joey’s strength and passion are in all things security, cryptography, and code. For the last 2 and a half years, he has worked at QuSecure as a Product Security Architect and Software Engineer. He completed an MSc in Cyber Security, Privacy, and Trust from the University of Edinburgh as a 2021 scholarship award winner of the St. Andrew’s Society of the State of New York. Before that, he graduated summa cum laude from Amherst College, where he studied mathematics and computer science and was captain of the Division III men’s ice hockey team.
Lory Thorpe Quantum Safe Industry Lead at IBM and Chair of the GSMA Post Quantum Telco Network Task Force
Driven executive leader with over 20 years senior level global experience in digital transformation and telecommunications with a strong technology, strategy and innovation background (development, architecture, product and solution mgt) in Internet of Things, mobile networks, cloud, security, data analytics/ AI, edge. Expertise in building, integrating and delivering innovative digital products and solutions to market, across Private and Public sector within Enterprise.
Leading portfolio and industry efforts on application of Quantum Computing and Quantum Safe in Telecommunications in IBM.
Luke Valenta is a research engineer primarily focused on building secure, reliable systems and measuring the Internet.
He is broadly interested in computer security, network and protocol measurement, applied cryptography, privacy, elliptic curves, and distributed systems.
Mike Ounsworth is a Software Security Architect at Entrust. His day-job is primarily application security architecture and penetration testing, with research projects in cryptography and post-quantum cryptography. He is leading discussion at IETF around post-quantum transition strategies for Public Key Infrastructure (PKI), including primary and secondary authorship on several Internet Drafts. He holds an M.Sc in Computer Science in robotics and artificial intelligence from McGill University, and an undergraduate degree in Computer Science with concentrations in mathematics and physics from Queen's University. Fun fact: he has a decade of experience coaching the high school level FIRST Robotics Competition.
Paul van Brouwershaven Chair PKI Consortium and Director of Technology Compliance at Entrust
Paul van Brouwershaven is Director of Technology Compliance for Entrust’s certification authority, Chair of the PKI Consortium and Vice Chair of the CA/Browser Forum.
Scott Stuewe is a 25+ year veteran of the healthcare information technology industry. As President and CEO of DirectTrust, Scott drives strategy, visibility, and growth of DirectTrust’s focus areas of community, accreditation, standards development, and trust services to contribute to the advancement of trusted healthcare data exchange. Under his tenure, the organization achieved the landmark milestones of one, two, three, and four billion Direct Secure Messages sent and received through the DirectTrust Network, as well as acquired SAFE Identity, and merged with EHNAC. Previously, Stuewe was Director of Strategy and Interoperability at a health information management company, and served more than 24 years at Cerner, including as Cerner Network’s Director of National Interoperability Strategy, where he drove participation in the CommonWell Health Alliance and the bridge with Carequality.
Tomas is the founder of the open-source PKI project EJBCA and Chief PKI Officer of Keyfactor. He has been implementing PKI systems since 1994 and have contributed to numerous other open source-projects in PKI and applied cryptography. Tomas has been working on applying quantum safe algorithms to PKI for the last couple of years.
Plenary
Breakout
8:30
Registration
9:00
Opening
Paul van Brouwershaven- Chair PKI Consortium and Director of Technology Compliance at Entrust Albert de Ruiter- Policy Authority PKI Dutch Government (Logius)
9:30
NIST Post-Quantum Cryptography Update
Bill Newhouse- Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence (NCCoE) at NIST Dustin Moody- Mathematician & Project Lead, Post-Quantum Cryptography at NIST
In August 2024, the National Institute of Standards and Technology (NIST) reached a pivotal moment by releasing the first three finalized Post-Quantum Cryptography (PQC) standards: FIPS 203, FIPS 204, and FIPS 205. These standards mark the beginning of a new era in cryptography, designed to protect against the future threat of quantum computing.
In this presentation, Dr. Dustin Moody, a leading mathematician at NIST, will provide an in-depth update on the newly established FIPS PQC standards. He will also discuss the ongoing efforts to standardize additional cryptographic algorithms, ensuring preparedness for potential vulnerabilities in the current standards.
Mr. Bill Newhouse, a cybersecurity engineer and Project Lead at the NIST National Cybersecurity Center of Excellence (NCCoE), will explain the urgency of transitioning to these new quantum-resistant cryptographic standards. He will also share practical strategies and best practices to facilitate the migration from existing public-key cryptographic systems to these next-generation standards.
10:30
Break
11:00
Panel dicussion
Strategies for Transitioning to Future-Proof Cryptography
Lory Thorpe- Quantum Safe Industry Lead at IBM and Chair of the GSMA Post Quantum Telco Network Task Force Jaime Gómez García- Head of Quantum at Banco Santander Scott Stuewe- President and CEO at DirectTrust
This panel will bring together industry leaders from the Financial, Mobile, Healthcare, and Aviation sectors to discuss the critical transition to post-quantum cryptography (PQC). Panelists from leading banks, the GSMA Association, DirectTrust, and other key stakeholders will explore the growing threat posed by quantum computing to traditional cryptographic systems. They will discuss the unique challenges each industry faces in adopting quantum-resistant solutions, including technical, regulatory, and operational hurdles. Key topics will include the current state of readiness, strategies for smooth transitions, the role of standards bodies, and collaborative efforts across industries. The discussion will also address timelines, cost considerations, and the importance of future-proofing critical infrastructure to ensure security in a post-quantum world.
To be announced shortly
The speaker(s) for this session will be announced soon!
11:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
12:00
To be announced shortly
The speaker(s) for this session will be announced soon!
Developers
Update on end-to-end PKI and HSM integrations with ML-DSA
At last years PQC Conference we benchmarked Hardware Securtiy Modules with Dilithium. Now that FIPS-204 is released, it is time to forget about Dilithium and do production level integrations using ML-DSA.
This session shows PKI application integration for issuing certificates, with a number of HSMs that are ready for ML-DSA. We will highlight how easy, or hard, it is to integrate using PKCS#11 or REST APIs. Of course there will be benchmarks of certificate issuance comparing ML-DSA against classic algorithms. Let’s see what else we are able to squeeze in until January.
12:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
13:00
Lunch
14:00
WebPKI
Why the Internet isn’t ready for post-quantum certificates
NIST has finalized the first set of post-quantum algorithms, and post-quantum key agreement has been enabled by default in browsers for over a year. Why are signatures lagging behind? This talk provides the latest updates in a fast-moving ecosystem, a recap of the challenges in migrating to post-quantum certificates, and an overview of ongoing efforts to make post-quantum signatures practical in the WebPKI.
In a followup breakout session, we go into detail into some of the more promising proposals for coping with post-quantum certificates.
To be announced shortly
The speaker(s) for this session will be announced soon!
14:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
15:00
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
15:30
Break
16:00
To be announced shortly
The speaker(s) for this session will be announced soon!
Post-quantum signatures are not easily deployable in the WebPKI. Using the signature algorithms recently standardized by NIST as drop-in replacements for existing classical algorithms on the Web would incur significant performance degradations, making this approach infeasible unless a cryptographically-relevant quantum computer (CRQCs) is imminent. There’s a real risk that post-quantum signatures do not see widespread adoption before CRQCs become a reality, unless we make changes to how signatures are used in the WebPKI.
This talk dives into several of the more promising proposals for making post-quantum signatures deployable, from TLS extensions to reduce the number of transmitted signatures, to using key agreement as an authentication mechanism, to complete overhauls of the WebPKI. We discuss ongoing work to evaluate the feasibility of each of these proposals and to address known unknowns.
(this is a 60 minute session)
16:30
To be announced shortly
The speaker(s) for this session will be announced soon!
Continuation of prior session
16:55
Closing remarks for day 1
Paul van Brouwershaven- Chair PKI Consortium and Director of Technology Compliance at Entrust Albert de Ruiter- Policy Authority PKI Dutch Government (Logius)
Albert de Ruiter operates the Policy Authority at Logius, the digital government service organization of the Netherlands. He is also a member of the QvC (Quantum Secure Cryptography) working group of the Dutch government, a board member of HAPKIDO, and a member of the PKI Consortium. Albert is known for introducing the idea of a Post-Quantum Cryptography Conference to the PKI Consortium in 2022.
Bill Newhouse Cybersecurity Engineer & Project Lead, National Cybersecurity Center of Excellence (NCCoE) at NIST
Bill Newhouse is a cybersecurity engineer at the National Cybersecurity Center of Excellence (NCCoE) in the Applied Cybersecurity Division in the Information Technology Laboratory at the National Institute of Standards and Technology (NIST).
His work at the NCCoE, NIST's applied cybersecurity lab, pushes for the adoption of functional cybersecurity reference designs built from commercially available technologies provided by project collaborators. These projects include establishing communities of interest with members from industry, academia, and government to gain insight to define project's that address cybersecurity risk faced by the members of the community of interest. NCCoE projects are documented in NIST SP 1800 series publications known as practices guides. He has completed guides addressing cybersecurity risk in the hospitality and retail sectors as well as an early demonstration of derived credentials. He recently completed a cybersecurity collaboration with the U.S. Department of Energy that resulted in a Cybersecurity Framework Profile developed for the Liquefied Natural Gas (LNG) industry and the subsidiary functions that support the overarching liquefaction process, transport, and distribution of LNG. His responsibilities as the financial services sector lead also include identifying ways to include financial services sector use case scenarios in relevant NCCoE projects/practice guides. He is presently leading projects on Data Classification and Migration to Post-Quantum Cryptography.
Blair has 30+ years of IT cybersecurity sales, channel, marketing, and business development experience. Blair continuously expanded his cybersecurity and cryptographic expertise starting with Symantec and several cyber start-ups including Chrysalis-ITS (Thales), InfoSec Global, Crypto4A and since September 2019, back with Thales’ Global Technology Alliances team, including the Quantum cryptography portfolio. Blair recently represented the Canadian Forum for Digital Infrastructure Resilience (CFDIR) to articulate the standards and Government guidance at Mobile World Congress (MWC) in 2023. He is an avid presenter, start-up consultant, and IT industry contributor. Blair holds an Hons.BA from the University of Waterloo, and Wilfrid Laurier University, Ontario, Canada.
Bruno Couillard is the CEO and co-founder of Crypto4A Technologies Inc., where he leads the development of cutting-edge crypto-agile and post-quantum cybersecurity solutions, including the QxHSM and QxEDGE. With over 35 years of experience in cryptography, key management, and quantum-safe technology, Bruno has worked extensively in both commercial and military applications.
Previously, he co-founded Chrysalis-ITS and spearheaded the development of the Luna HSM, now a part of Thales. He also contributed to the creation of the PKCS#11 Standard. In addition to his entrepreneurial work, Bruno has served as a cryptographic evaluator for the Canadian Government and played a key role in the Canadian Cryptographic Modernization Program (CCMP).
Bruno is an active board member of Quantum Industry Canada (QIC), co-chair of the Quantum Industry Developers and Users Working Group, and a member of the Canadian National Quantum Strategy committee. Through these roles, he continues to promote and shape a quantum-safe cybersecurity ecosystem.
Dustin Moody Mathematician & Project Lead, Post-Quantum Cryptography at NIST
Dustin Moody is a mathematician in the NIST Computer Security Division. Dustin leads the post-quantum cryptography project at NIST. He received his Ph.D. from the University of Washington in 2009. His area of research deals with elliptic curves and their applications in cryptography.
Giuseppe Bruno is the Head of Division in the Economics and Statistics Department at the Bank of Italy. In his career, he has worked with experts from the Division of Research and Statistics at the Board of Governors of the Federal Reserve System. In 1993, he spent an academic year at the University of Pennsylvania (Philadelphia) for developing algorithms for optimal control of econometric models. In 2000, after a short period at the Statistical Division of the Organisation for Economic Co-operation and Development (OECD), he was appointed Head of the Economic Research Department’s IT unit. In 2022 he has been visiting the Institute of Quantum Computing at the University of Waterloo. Over his career, he has published over 30 papers in different economic and computational economics journals.
Giuseppe Damiano Vice President of Product Management at Entrust
Giuseppe is currently the Vice President of Product Management for the nShield product portfolio offering at Entrust.
Giuseppe is a senior expert in developing and managing PKI solutions and infrastructures, data security, and electronic payment systems with more than 30 years of experience. He has a very strong knowledge of IT architecture security, PKI solutions, HSMs, e-procurement, e-invoicing, digital certificates for electronic signatures, electronic seals, and time stamping.
During his professional career, as CTO of a Qualified Trust Service Provider, Giuseppe has successfully deployed large-scale projects for major Italian banks, insurance companies, and certification authorities, managing more than 20 million qualified digital certificates using solutions developed in-house.
Notable achievements include setting up one of the biggest Qualified Remote Signature infrastructures in Europe, remote signature server solutions capable of hosting large numbers of certificates independently of the HSM capacity, designing HSM solutions to manage data security for electronic payment instruments. Together with one of the most important smart-card manufacturers, he defined and implemented the first prototype of a digital signature system based on a GSM SIM. The project was nominated in 2005 by the European IST-Prize as one of Europe’s most innovative projects of the year.
Giuseppe has actively contributed to writing one of the first technical API standards for Cloud Signature. The standard is defined by the Cloud Signature Consortium and adopted by ETSI.
He has also actively contributed to writing one of the first proposals for Distributed Ledger Timestamp based on standard PKI formats and blockchain evidence.
Jaime Gómez García is a recognized expert in telecommunications, blockchain, and quantum technologies, with an extensive professional background within the financial sector. His contributions as a disseminator of quantum technologies and their consequential influence on enterprises, notably within the financial domain, have garnered him recognition as a LinkedIn Quantum Top Voices in 2022 and 2023. Currently, Jaime is Head of Quantum Technologies at Banco Santander, addressing how quantum computing can be leveraged in benefit of the business and how to tackle the quantum threat to cryptography.
Joey Lupo Product Security Architect at QuSecure, Inc
Joey’s strength and passion are in all things security, cryptography, and code. For the last 2 and a half years, he has worked at QuSecure as a Product Security Architect and Software Engineer. He completed an MSc in Cyber Security, Privacy, and Trust from the University of Edinburgh as a 2021 scholarship award winner of the St. Andrew’s Society of the State of New York. Before that, he graduated summa cum laude from Amherst College, where he studied mathematics and computer science and was captain of the Division III men’s ice hockey team.
Lory Thorpe Quantum Safe Industry Lead at IBM and Chair of the GSMA Post Quantum Telco Network Task Force
Driven executive leader with over 20 years senior level global experience in digital transformation and telecommunications with a strong technology, strategy and innovation background (development, architecture, product and solution mgt) in Internet of Things, mobile networks, cloud, security, data analytics/ AI, edge. Expertise in building, integrating and delivering innovative digital products and solutions to market, across Private and Public sector within Enterprise.
Leading portfolio and industry efforts on application of Quantum Computing and Quantum Safe in Telecommunications in IBM.
Luke Valenta is a research engineer primarily focused on building secure, reliable systems and measuring the Internet.
He is broadly interested in computer security, network and protocol measurement, applied cryptography, privacy, elliptic curves, and distributed systems.
Mike Ounsworth is a Software Security Architect at Entrust. His day-job is primarily application security architecture and penetration testing, with research projects in cryptography and post-quantum cryptography. He is leading discussion at IETF around post-quantum transition strategies for Public Key Infrastructure (PKI), including primary and secondary authorship on several Internet Drafts. He holds an M.Sc in Computer Science in robotics and artificial intelligence from McGill University, and an undergraduate degree in Computer Science with concentrations in mathematics and physics from Queen's University. Fun fact: he has a decade of experience coaching the high school level FIRST Robotics Competition.
Paul van Brouwershaven Chair PKI Consortium and Director of Technology Compliance at Entrust
Paul van Brouwershaven is Director of Technology Compliance for Entrust’s certification authority, Chair of the PKI Consortium and Vice Chair of the CA/Browser Forum.
Scott Stuewe is a 25+ year veteran of the healthcare information technology industry. As President and CEO of DirectTrust, Scott drives strategy, visibility, and growth of DirectTrust’s focus areas of community, accreditation, standards development, and trust services to contribute to the advancement of trusted healthcare data exchange. Under his tenure, the organization achieved the landmark milestones of one, two, three, and four billion Direct Secure Messages sent and received through the DirectTrust Network, as well as acquired SAFE Identity, and merged with EHNAC. Previously, Stuewe was Director of Strategy and Interoperability at a health information management company, and served more than 24 years at Cerner, including as Cerner Network’s Director of National Interoperability Strategy, where he drove participation in the CommonWell Health Alliance and the bridge with Carequality.
Tomas is the founder of the open-source PKI project EJBCA and Chief PKI Officer of Keyfactor. He has been implementing PKI systems since 1994 and have contributed to numerous other open source-projects in PKI and applied cryptography. Tomas has been working on applying quantum safe algorithms to PKI for the last couple of years.
Plenary
Breakout
8:30
Registration
9:00
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
9:30
Is CBOM Enough?
Joey Lupo- Product Security Architect at QuSecure, Inc
A number of organizations are framing the migration to post-quantum cryptography (PQC) as an opportunity to affect broader IT security modernization across their organizations, especially as it relates to managing the full life cycle of cryptographic algorithms, libraries, and protocols. This presentation introduces the idea of a Cryptographic Bill of Materials (CBOM), often considered a key element of this IT modernization effort. We compare and contrast CBOM with the more familiar Software Bill of Materials (SBOM), paying particular attention to how the cryptographic ecosystem poses unique challenges compared to software-at-large. For example, many cryptographic protocols include a negotiation phase over the wire, complicating the effort to know exactly which algorithm was used in any given protocol handshake. We explore the types of cryptographic assurance that a CBOM can and cannot provide for an organization. Finally, we describe how supplementary efforts such as key management, real-time cryptographic monitoring, and the ability to execute historical queries are needed to fill in the operational gaps of a CBOM.
To be announced shortly
The speaker(s) for this session will be announced soon!
This panel will explore the integration of Post-Quantum Cryptography (PQC) into Hardware Cryptographic Modules, with a focus on the recently released NIST standards. Panelists will examine the challenges and opportunities related to certifying PQC algorithms in compliance with established security requirements. Key topics will include performance considerations, such as the computational cost of PQC in constrained environments, and availability, especially the readiness of hardware vendors to meet market demand. The discussion will also address the evolving landscape of certification processes and the implications for secure communications in a Post-Quantum world.
To be announced shortly
The speaker(s) for this session will be announced soon!
10:30
Break
11:00
To be announced shortly
The speaker(s) for this session will be announced soon!
PQC standardization at the Internet Engineering Task Force (IETF)
Just as post-quantum cryptography (PQC) has presented significant challenges for academic cryptographers, so too has it posed unique challenges for cryptographic engineers. The new PQC primitives, with their distinct characteristics compared to traditional RSA and ECC algorithms, often require substantial protocol and application redesign to accommodate them effectively. Moreover, the need for a relatively abrupt transition to PQC across the Internet’s vast infrastructure has introduced additional complexities.
This presentation will provide a comprehensive overview of the latest developments in PQC standardization within the IETF. We will delve into the challenges and progress made in integrating PQC into common Internet protocols, highlighting key areas where work is still underway. Additionally, we will explore the implications of the newly standardized algorithms (ML-DSA, SLH-DSA, ML-KEM, LMS, XMSS) and discuss the strategies for their successful deployment. Finally, we will share insights from our research on PKI PQ/traditional hybrid modes, which offer a promising approach for enhancing both security and migration flexibility during the transition to a post-quantum world.
11:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
12:00
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
12:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
13:00
Lunch
14:00
Industry
Communication among Financial Institutions: What are the available answers to the quantum threat?
As central banks, financial institutions, and payment platforms rely heavily on secure communication for transactions, client information, and regulatory compliance, the advent of quantum computing poses a significant threat to some of the classical encryption methods underpinning these systems. Quantum computers, with their potential to solve integer factorization (used in RSA) and discrete logarithm problems (used in ECC) exponentially faster than classical computers, could break widely used cryptographic systems like RSA, Diffie-Hellman, and Elliptic Curve Cryptography (ECC), which secure most financial communications today. This quantum threat calls for proactive strategies to ensure the long-term security of financial networks. In this work, we have explored the available solutions, working closely with different encryption technologies and key management systems. The network is based on cloud VPN, providing a high level of cryptoagility, or the ability to switch between cryptographic algorithms efficiently, and shows significant interoperability among providers featuring standard protocols."
To be announced shortly
The speaker(s) for this session will be announced soon!
14:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
15:00
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
15:30
To be announced shortly
The speaker(s) for this session will be announced soon!
To be announced shortly
The speaker(s) for this session will be announced soon!
16:00
Networking
Please be aware that speakers are not permitted to promote products or services during their presentations. While commercials, workshops, and pitches may include commercial information, the primary focus of the conference is on educational content.
This conference is made possible through the support of the Post-Quantum Cryptography Working Group and the following organizations:
For more information about the conference, please contact the PKI Consortium at [email protected].
Participate in our community discussions and/or join the consortium