Log in
E-mail
Password
Show password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Settings
Settings
Dynamic quotes 
OFFON

CISCO SYSTEMS, INC.

(CSCO)
  Report
SummaryQuotesChartsNewsRatingsCalendarCompanyFinancialsConsensusRevisions 
SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Cisco : Towards Backward-Compatible Post-Quantum Certificate Authentication

04/19/2018 | 03:32pm EST

We have blogged about post-quantum cryptography before. Quantum computers would pose a threat to PKI algorithms and systems that we know today. Cisco, with our academic collaborators, has been focusing on quantum-resistant hash-based signatures for a few years now with LMS and SPHINCS+ and more. NIST's PQ Project is also working on standardizing quantum-resistant algorithms that will be used to protect against the cryptographic challenges quantum computers would introduce.

How would quantum-resistant signatures be used on the Internet today? A very common usecase is authentication. For example, TLS uses X.509 certificates to authenticate servers today with traditional signature algorithms like RSA and ECDSA. When a new post-quantum algorithm gets standardized, how would it be used in X.509 certificates? By swapping traditional signature algorithm OIDs with post-quantum ones in X.509 certificates, we would introduce backwards compatibility problems. Clients that have not been upgraded to support the new algorithms would not be able to authenticate and communicate with the server.

It is clear that we would want a smooth transition that supports traditional and post-quantum signatures in X.509 for a long time until post-quantum support was ubiquitous, if that even was ever possible. To address these concerns, with our collaborators from ISARA and Entrust Datacard, we propose three new extensions in X.509 that would allow traditional and quantum-resistant algorithms to co-exist in certificates (hybrid certificates) and be used depending on which algorithm the verifier supports. These extensions are agnostic to the post-quantum algorithms (crypto agility) in them and allow a smoother transition to a post-quantum hybrid certificates. An example hybrid cert looks like:

Now, how about protocols that use these certificates? TLS is a great example. We wanted to test how TLS would operate with hybrid certificates and post-quantum signatures. We also wanted to investigate how these certs would be provisioned by using the crypto agile EST protocol (RFC7030). To demonstrate these scenarios, we worked with our partners at ISARA to come up with working code which is demonstrated in a public server, test-pqpki.com. test-pqpki.com adds postquantum signature support in TLS 1.2 by defining new ciphersuites and using hybrid certificates. Even though initially only LMS signatures are supported, in the future the server will support different algorithms (i.e SPHINCS+, Crystals-Dilithium) based on the server port the client is connecting to. Readers can test that post-quantum hybrid X.509 certs are backwards compatible with TLS clients that do not support these algorithms by connecting to the server using TLS. They can also use the code provided in order to patch OpenSSL and test post-quantum signatures in both the TLS handshake and X.509 hybrid certificates for TLS authentication. Additionally, the server supports EST enrollment in order to get new hybrid certificates. As this is a demo server, we intend to investigate some more practical issues and challenges with the use of post-quantum signatures, which are described in the next steps section.

We want the industry to be ready to use PQ algorithms as soon as they are standardized by NIST. We encourage readers to visit the server and use the code patches in order to test it and provide feedback. For more information, visit http://test-pqpki.com

We want to thank ISARA for the great partnership in researching a practical quantum safe crypto world.


Tags:

Disclaimer

Cisco Systems Inc. published this content on 19 April 2018 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 19 April 2018 19:31:08 UTC


ę Publicnow 2018
All news about CISCO SYSTEMS, INC.
12/03SECURELY CONNECTING THE HYBRID WORKF : SD-WAN's role in a SASE architecture
PU
12/03CISCO : Checkmate in One…Cisco Silicon One
PU
12/03CISCO : IoT – Two new tools to help partners take on the competition
PU
12/03CISCO : Relevant and Extended Detection with SecureX
PU
12/03APPDYNAMICS 2021 VIRTUAL PROJECT WIT : Every child deserves a quality education
PU
12/03CISCO : Secure Firewall named Best Next Generation Firewall in SE Labs 2021 Annual Report
PU
12/02CISCO : A simplified Migration Process from Cisco Prime Infrastructure to Cisco DNA Center..
PU
12/02CISCO : Snort 3 Anywhere
PU
12/02CISCO : The Network as the First Line of Defence for Securing Critical Infrastructure
PU
12/02CISCO : 8 Great Tech Gifts for Developers
PU
More news
Analyst Recommendations on CISCO SYSTEMS, INC.
More recommendations
Financials (USD)
Sales 2022 52 752 M - -
Net income 2022 12 216 M - -
Net cash 2022 18 814 M - -
P/E ratio 2022 19,4x
Yield 2022 2,65%
Capitalization 237 B 237 B -
EV / Sales 2022 4,14x
EV / Sales 2023 3,84x
Nbr of Employees 79 500
Free-Float 99,9%
Chart CISCO SYSTEMS, INC.
Duration : Period :
Cisco Systems, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends CISCO SYSTEMS, INC.
Short TermMid-TermLong Term
TrendsNeutralNeutralBullish
Income Statement Evolution
Consensus
Sell
Buy
Mean consensus OUTPERFORM
Number of Analysts 28
Last Close Price 56,23 $
Average target price 62,50 $
Spread / Average Target 11,2%
EPS Revisions
Managers and Directors
Charles H. Robbins Chairman & Chief Executive Officer
Richard Scott Herren Chief Financial Officer & Executive VP
Jacqueline Guichelaar Group Chief Information Officer & Senior VP
Roland Acra Chief Technology Officer & Senior Vice President
Maria Martinez Chief Operating Officer & Executive Vice President
Sector and Competitors
1st jan.Capi. (M$)
CISCO SYSTEMS, INC.22.97%237 156
MOTOROLA SOLUTIONS, INC.45.83%41 887
ARISTA NETWORKS, INC.66.84%37 243
FOXCONN INDUSTRIAL INTERNET CO., LTD.-17.82%35 053
ERICSSON-6.08%33 373
NOKIA OYJ59.31%32 295