Technical Requirements for Cryptographic Components of Hybrid Post-Quantum Public-Key Infrastructure

D. 5.1 This document forms deliverable 5.1 for the HAPKIDO (Hybrid quantum-safe Public-Key Infrastructure Development for Organisations) project. The goal of this document is to present the technical requirements that the cryptographic components of hybrid (classical/post-quantum) PKIs need to satisfy.

The document focuses on security requirements and on compatibility requirements; performance requirements are too dependent on applications and use-cases to be discussed in general terms.
Requirements have been identified based on existing guidelines on security, as well as on the current initiatives in terms of formatting cryptographic components for hybrid certificates. For the latter, the source material comes from the latest X.509 version from ITU-T, and from drafts of standards from IETF. We make the remark that the two propose different approaches to include both classical and post-quantum signatures and components in certificates.