HAPKIDO: for quantum-safe Public Key Infrastructures

Without preparation, sensitive data currently protected by encryption schemes will become accessible. The communication infrastructure will be disrupted, and our transactions and information will be vulnerable to criminals. This will affect countless organisations and millions of people.

To protect digital societies, quantum-safe trust services, including their underlying PKIs, are critical. Scientific and technical breakthroughs are required in quantum-safe cryptography, PKI development and migration architectures. In HAPKIDO TNO collaborates with TU Delft, CWI, Logius, KPN, Microsoft and Zynyo to accelerate these developments. The project is financed by the NWO.

Developing and migrating towards quantum-safe PKIs is not just a technical problem. Every organisation – and every sector – has its own unique organisational landscape, with associated financial, governance and technological characteristics.

The challenges of legacy systems and the many choices involved in quantum-safe development can also cause delays in the transition. Yet it is critical for organisations – such as those in finance, healthcare, the public sector and more - to begin preparing for quantum-safe solutions.

HAPKIDO will deliver sector-based plans that help organisations transition towards quantum-safe PKIs, including hybrid PKIs that demonstrate how quantum-safe solutions will work with existing infrastructures, and governance models that guide organisations towards a quantum-safe future. HAPKIDO is already sharing insights with frontrunners in the telecom, financial and public sectors.

The scientific breakthroughs expected in this project include contributions to quantum-safe security proofs, quantum-safe PKI designs, PKI migration architectures and strategies, and growth paths towards a quantum-safe infrastructure. Dissemination will be accelerated through a massive open online course, an awareness game, and via workshops hosted by the partners.

The HAPKIDO project consists of several work packages. The first number of a deliverable refers to the work page.

• WP 1: Societal impact analysis. Goal of this of this work package is to gain an in-depth understanding of the anticipated consequences of quantum computing on sectors that rely on PKI based trust services.
• WP 2: Requirements. The objective of this work package is to collect, structure, and deconflict requirements. Also, to identify potential gaps and changes needed in the requirements.
• WP 3: Governance Transition. Goal is to identify appropriate IT-governance mechanisms for migrating towards and operating a QS hybrid PKI. Also, to facilitate stakeholder engagement, create awareness and a sense of urgency for the transition, and insight into possible transition paths.

• WP 4: Hybrid QS-PKI system. Objective of the work package is the technical design of the hybrid quantum-safe PKI. This will be developed and implemented into a proof of concept. Researchers investigate how both conventional cryptography and post-quantum cryptography can be supported in a PKI infrastructure simultaneously.

• WP 5: Cryptographic Tools. Goal is to investigate how hybrid PKI can avoid potential loss of security during the transition to post-quantum cryptography. This is done by ensuring “strongest link” security: breaking the scheme should require breaking all underlying schemes simultaneously.
• WP 6: QS-PKI migration architecture. In order to identify fit-for-purpose migration architectures, criteria are needed to identify different types of architectures and architectural building blocks that may impact the migration from classical-cryptography based trust services to QS-cryptography based ones.

• WP 7: QS-PKI transition roadmap. In this work package the results from the other WP packages are consolidated in order to develop a roadmap by means of a growth model which can be readily used by organizations to achieve quantum safety.
• WP 8: Dissemination & Education. The objective is here is to ensure that stakeholders have access to the knowledge created in this project. The stakeholders here are the users of the quantum-safe PKI, the organizations that deploy trust-services, governance bodies on the national and EU level, and the academic community