DigiCert® solutions for post-quantum computing
To enable cryptographic agility across your enterprise, DigiCert® supports the post-quantum cryptography (PQC) standards that can be incorporated in your key pairs and certificates.
DigiCert solutions that support PQC
DigiCert ONE services that deploy private CA certificates and key pairs support the following types of PQC solutions:
Solutions | DigiCert® services |
|---|---|
Pure PQC (ML-DSA) certificate issuance and renewal using these methods:
| |
Sign software and verify hash commands using PQC algorithms | |
Batch issuance support for pure PQC certificates |
|
Client-side and server-side key pair generation |
|
Automated certificate lifecycle management of ML-DSA and composite certificates so you’re never faced with expired PQC device certificates | Trust Lifecycle |
Discover certificates and endpoints vulnerable to quantum cryptography | Trust Lifecycle |
Generate ML-DSA key pairs to create a CSR and send a CSR to a PKI over EST or SCEP, all through a free-to-download CLI | |
C-SDK embedded security toolkit with support for ML-KEM, ML-DSA, TLS 1.3, and FIPS 140-3 certified crypto | |
Test issues of PQC certificates, including ones with algorithms not yet supported by the CA/Browser forum | DigiCert Labs, our free playground for testing algorithms |
Supported PQC signing algorithms
DigiCert issues private certificates with ML-DSA, SLH-DSA, and ML-KEM signing algorithms, depending on the service. At the current time, CertCentral doesn’t issue public CA certificates with these algorithms.
ML‑DSA provides digital signatures using lattice‑based assumptions, which offers authenticity and non‑repudiation.
ML‑KEM lets one party (initiator) generate a public/private key pair. The responder uses the public key to derive a shared secret and a ciphertext, which the initiator de-capsulates to recover the same secret. Use this key encryption method as a quantum defense version of TLS/SSL for secure websites.
SLH-DSA applies lightweight hash-based techniques to ensure security while optimizing performance, making it ideal for resource-constrained environments.
DigiCert service | ML-DSA | SLH-DSA | ML-KEM |
|---|---|---|---|
✓ | ✓1 | -- | |
Device Trust | ✓ | ✓1 | -- |
Document Trust | -- | -- | -- |
Software Trust2 | ✓ | ✓1 | -- |
TrustCore SDK | ✓ | ✓ | ✓ |
TrustEdge | ✓ | ✓ | ✓ |
Trust Lifecycle | ✓ | ✓1 | -- |
1 PQC-enabled HSM will be available in the United States datacenters only.
2 Online Certificate Status Protocol (OCSP) support for ML-DSA isn’t defined in a Requests for Comments (RFC) yet.
Supported key sizes per signing algorithm
DigiCert® issues and manages private certificates for PQC with the following key sizes:
Signing algorithm | Key size | Description |
|---|---|---|
ML-DSA | ML-DSA-44 | Represents a cryptographic strength equivalent of at least 128-bit symmetric encryption. This level of security is considered sufficient for many applications requiring strong security, such as protecting sensitive data and communications. |
ML-DSA-65 | Represents a higher cryptographic strength equivalent to at least 192-bit symmetric encryption. Offers increased security margin compared to Security Level 44, making it suitable for applications demanding elevated security requirements. | |
ML-DSA-87 | Represents an even higher level of cryptographic strength of at least 256-bit symmetric encryption, surpassing the previous two levels. Equivalent to an even greater bit length in symmetric encryption, further increasing the complexity for potential attackers. Offers the highest level of security among the mentioned levels, suitable for sensitive applications requiring maximum protection against advanced cryptographic attacks. | |
ML-KEM | ML-KEM-512 | Can be used by two parties to establish a shared secret key over a public channel. When a sender wants to securely communicate with a recipient, they use the recipient's public key to "encapsulate" a secret key, creating a ciphertext. The shared secret key can then used with symmetric-key cryptographic algorithms to perform basic tasks in secure communications, such as encryption and authentication. |
ML-KEM-768 | Represents a stronger version than ML-KEM-512, but with decreased performance. | |
ML-KEM-1024 | Represents the strongest version of ML-KEM, but with decreased performance. | |
SLH-DSA | SLH-DSA SHA2-128f | Similar to SHA2-128s but optimized for faster performance |
SLH-DSA SHA2-128s | Offers an equivalent strength of 128-bit symmetric encryption, using SHAKE for flexible security parameters | |
SLH-DSA SHA2-192f | Fast variant of SHA2-192s, offering higher security with optimized performance | |
SLH-DSA SHA2-192s | Provides 192-bit symmetric encryption strength, suitable for applications demanding higher security | |
SLH-DSA SHA2-256f | A faster version of SHA2-256s, providing maximum security with optimized performance | |
SLH-DSA SHA2-256s | Offers 256-bit symmetric encryption strength, suitable for highly sensitive applications | |
SLH-DSA SHAKE-128f | Fast variant of SHAKE-128, balancing performance and security | |
SLH-DSA SHAKE-128s | Offers an equivalent strength of 128-bit symmetric encryption, using SHAKE for flexible security parameters | |
SLH-DSA SHAKE-192f | A fast variant of SHAKE-192, optimized for performance in demanding applications | |
SLH-DSA SHAKE-192s | Flexible security with 192-bit strength using SHAKE for adjustable output lengths | |
SLH-DSA SHAKE-256f | A fast variant of SHAKE-256, ideal for highly sensitive environments requiring both strong security and high efficiency | |
SLH-DSA SHAKE-256s | Uses SHAKE for flexible cryptographic output at a 256-bit strength |