Bas Westerbaan
Bas is the technical lead for post-quantum at Cloudflare. He works to drive the adoption of post-quantum cryptography at Cloudflare and the Internet at large. His works range from cryptography engineering, standardisation, to large-scale experimentation, and subsequent deployment. In a previous life, Bas studied the mathematical foundations of quantum theory.
Session
The Web PKI is the foundation on which many security systems depend, and for many the gold standard of how to do PKI. On closer inspection, the Web PKI is an old system evolved with patches added from one crisis to the next. In this talk, we discuss recent efforts to modernize the Web PKI to maintain reliability and security in the face of the imminent threat from quantum computers.
The transition to post-quantum cryptographic algorithms is hampered by the massive increase in size of PQC signatures relative to traditional cryptographic signatures. A straightforward “copy/paste” approach in which PQC algorithms were naively added into the existing WebPKI would add massive increases in the size of the TLS handshake, leading to a significant (around 50% P50) handshake latency to every HTTPS connection made.
The impact of PQC on the web PKI wouldn’t stop at handshake sizes. The public web PKI also relies on transparency into certificate issuance (“Certificate Transparency”, CT) to help detect and mitigate unauthorized certificate issuance. For the past decade, CT has served its purpose of holding Certification Authorities (CAs) accountable, recently notably detecting Fina CA’s mis-issuance of certificates for 1.1.1.1, Cloudflare’s Encrypted DNS service late last year. Unfortunately, a naive adoption of the most mature PQC algorithms into the current public CT ecosystem would likely result in the ecosystem’s collapse due to the increased operational costs for logs, burdening an already-fragile group of volunteer log operators.
Cloudflare and Google Chrome have spearheaded an effort, Merkle Tree Certificates (MTCs), that offer a new approach to HTTPS certificates that combine issuance and transparency into a single cryptographic object. Under active development in the Internet Engineering Task Force (IETF)’s PKI, Logs, and Tree Signatures (PLANTS) working group, MTCs reduce the overhead of post-quantum TLS certificates by 4-22Kb, eliminating the impact on client latency. Simultaneously, the design mitigates the impact on the Certificate Transparency ecosystem, likely resulting in reduced costs compared to today’s status quo.
In this talk, we’ll walk through the MTC proposal, interesting open discussions happening in the working group and discuss the results of early experimentation between Chrome and Cloudflare.