Certification of KEM Keys in Let’s Encrypt in a Post-Quantum World

As the threat of quantum computing grows, the need to incorporate PQC techniques into existing protocols becomes imperative. This research investigates the integration of post-quantum KEM keys into the Let's Encrypt process for issuing X.509 certificates. The proposed design outlines an adapted Let's Encrypt process that includes a proof of possession handshake specifically designed for KEM keys. The research focuses on understanding the necessary modifications and adaptations to the proof of possession process and related components to facilitate the issuance of secure X.509 certificates. Additionally, the study explores the challenges associated with incorporating PQC KEM keys into the Let's Encrypt infrastructure, including the necessary changes to cryptographic libraries such as OpenSSL and Pebble. While the practical implementation of the proposed design is outside the scope of this research, the investigation provides valuable insights into the feasibility and implications of integrating PQC KEM keys into the Let's Encrypt process. The findings of this research contribute to the advancement of secure post-quantum cryptography within the Let's Encrypt infrastructure and pave the way for enhanced security and privacy in certificate issuance.