Toward Quantum-Resilient PKI: A Systematic Literature Review of Post-Quantum Certificates Model

Nor Azeala Mohd Yusof; A H Azni; Farida Ridzuan; Nur Hafiza Zakaria; Sakinah Ali Pitchay; Abdul Alif Zakaria; Tasnuva Ali

doi:10.33102/dypnkt79

Authors

Nor Azeala Mohd Yusof CyberSecurity Malaysia, 63000 Cyberjaya, Selangor, Malaysia.
A H Azni Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia.
Farida Ridzuan CyberSecurity and Systems Research Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia.
Nur Hafiza Zakaria Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia
Sakinah Ali Pitchay CyberSecurity and Systems Research Unit, Faculty of Science and Technology, Universiti Sains Islam Malaysia, Nilai 71800, Negeri Sembilan, Malaysia.
Abdul Alif Zakaria CyberSecurity Malaysia, 63000 Cyberjaya, Selangor, Malaysia.
Tasnuva Ali Department of Electronics and Telecommunication Engineering, Daffodil International University Dhaka, Bangladesh.

DOI:

https://doi.org/10.33102/dypnkt79

Keywords:

Post-Quantum Cryptography (PQC), Public Key Infrastructure; X.509 Certificates; Certificate Verification; Hybrid Cryptographic Models

Abstract

The rise of quantum computing presents a critical threat to classical public-key cryptographic systems, necessitating a global shift toward post-quantum cryptography (PQC). While algorithmic standardisation has seen substantial progress since the National Institute of Standards and Technology (NIST) initiated its call for PQC proposals in 2017, the integration of these algorithms into certificate-based infrastructures remains fragmented and underexplored. This gap creates uncertainty for secure communication, particularly in transitioning legacy systems into quantum-resilient environments. This systematic literature review (SLR) focuses on PQC certificate architectures studied between 2017 and 2025, encompassing the evolution of the field since NIST's formal standardisation efforts began. The review employs the PRISMA 2020 methodology to identify and analyse six distinct post-quantum certificate models: Pure PQC, Hybrid, Composite, Chameleon, Parallel, and Wrapped. Each model is evaluated across several criteria, including structure, backwards compatibility, tooling support, standardisation status, and production readiness, drawing evidence from scholarly publications, draft standards, and open-source implementations. Findings highlight the Hybrid certificate as the most viable short-term solution due to its high interoperability and maturity in deployment. Composite and Parallel architectures offer enhanced security assurances that are suitable for critical infrastructure, although they come with increased implementation complexity. Pure PQC certificates, while future-proof, are still limited to constrained or greenfield environments. Chameleon and Wrapped models are identified as emerging alternatives for blockchain and legacy scenarios, respectively, with limited but growing support. This review enlightens the design and deployment of quantum-safe public key infrastructures by outlining the trade-offs and maturity levels of each architecture. It also emphasises the need for continued development in standardisation and toolchain support to facilitate scalable and secure PQC adoption.

Downloads

Download data is not yet available.

References

[1] P. W. Shor, “Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer,” SIAM J. Comput., vol. 26, no. 5, pp. 1484–1509, 1997, doi: 10.1137/S0097539795293172.

[2] National Institute of Standards and Technology, “Post-Quantum Cryptography: Call for Proposals,” 2017. [Online]. Available: https://csrc.nist.gov/Projects/post-quantum-cryptography, Accessed: 14 May 2025.

[3] National Institute of Standards and Technology, “Post-Quantum Cryptography: Selected Algorithms,” 2024. [Online]. Available: https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms, Accessed: 14 May 2025.

[4] L. Chen et al., “Report on Post-Quantum Cryptography,” NISTIR 8105, National Institute of Standards and Technology, 2016, doi: 10.6028/NIST.IR.8105.

[5] M. J. Page et al., “The PRISMA 2020 statement: An updated guideline for reporting systematic reviews,” BMJ, vol. 372, p. n71, 2021, doi: 10.1136/bmj.n71.

[6] A. A. Zakaria, A. H. Azni, F. Ridzuan, N. H. Zakaria, and M. Daud, “Systematic literature review: Trend analysis on the design of lightweight block cipher,” J. King Saud Univ. Comput. Inf. Sci., vol. 35, no. 5, p. 101550, 2023, doi: 10.1016/j.jksuci.2023.04.003.

[7] R. Radzali, A. H. Azni, F. H. M. Ridzuan, N. H. Zakaria, and T. Ali, “Analysis of trust models in public key infrastructure: A systematic literature review of interoperability challenges,” Malays. J. Sci. Health Technol., vol. 11, no. 1, Feb. 2025, doi: 10.33102/mjosht.v11i1.465.

[8] N. Ricchizzi, C. Schwinne, and J. Pelzl, “Applied Post Quantum Cryptography: A Practical Approach for Generating Certificates in Industrial Environments,” arXiv preprint, arXiv:2505.04333, 2025.

[9] D. J. Bernstein et al., “PQConnect: Automated Post-Quantum End-to-End Tunnels,” Cryptology ePrint Archive, 2024.

[10] E. Kupcova, J. Simko, M. Pleva, and M. Drutarovsky, “Experimental Framework for Secure Post-Quantum TLS Client-Server Communication,” in Proc. Int. Symp. ELMAR, 2024, pp. 213–216.

[11] S. Paul, F. Schick, and J. Seedorf, “TPM-based post-quantum cryptography: A case study on quantum-resistant and mutually authenticated TLS for IoT environments,” in Proc. 16th Int. Conf. Availability, Reliability and Security, 2021, pp. 1–10.

[12] N. Bindel, U. Herath, M. McKague, and D. Stebila, “Transitioning to a Quantum-Resistant Public Key Infrastructure,” in Post-Quantum Cryptography: PQCrypto 2017, Springer, 2017, pp. 384–405.

[13] A. Loconsolo, “Securing digital identities: From the deployment to the analysis of a PKI ecosystem with virtual HSMs leveraging open-source tools,” Ph.D. dissertation, Politecnico di Torino, Italy, 2024.

[14] M. Anastasova, R. Azarderakhsh, and M. M. Kermani, “Fully Hybrid TLSv1.3 in WolfSSL on Cortex-M4,” in Proc. Int. Conf. Appl. Cryptogr. Netw. Security, 2024, pp. 376–395.

[15] D. Stebila, M. Campagna, and L. Chen, “Post-quantum key exchange for the Internet and the Open Quantum Safe project,” Proc. IEEE, vol. 108, no. 10, pp. 1780–1802, Oct. 2020, doi: 10.1109/JPROC.2020.3008703.

[16] N. Bindel and S. McCarthy, “The need for being explicit: Failed attempts to construct implicit certificates from lattices,” Comput. J., vol. 66, no. 6, pp. 1320–1334, 2023.

[17] T. E. Carroll, L. M. Redington, A. M. Moran-Schmoker, and A. J. Murray, “Inventory of Public Key Cryptography in US Electric Vehicle Charging,” Pacific Northwest National Laboratory (PNNL), 2023.

[18] K. Krishan, “Implementation of quantum-safe VPN,” M.S. thesis, Faculty of Informatics, Masaryk Univ., Brno, Czech Republic, 2025.

[19] G. D’Onghia, D. G. Berbecaru, and A. Lioy, “Shaping a Quantum-Resistant Future: Strategies for Post-Quantum PKI,” in Proc. IEEE Symp. Comput. Commun. (ISCC), 2024, pp. 1–6.

[20] D. Berger, M. Lemoudden, and W. J. Buchanan, “Post-Quantum Migration of the Tor Application,” J. Cybersecurity Privacy, vol. 5, no. 2, p. 13, 2025.

[21] W. Yang, X. Li, Z. Feng, and J. Hao, “TLSsem: A TLS security-enhanced mechanism against MITM attacks in public WiFis,” in Proc. 22nd Int. Conf. Eng. Complex Comput. Syst. (ICECCS), 2017, pp. 30–39.

[22] L. P. Fraile et al., “Enabling Quantum-Resistant EDHOC: Design and Performance Evaluation,” IEEE Access, 2025.

[23] Q. Khan et al., “Toward Post-Quantum Digital Certificate for eSIM,” in Proc. Silicon Valley Cybersecurity Conf. (SVCC), 2024, pp. 1–3.

[24] S. Sunahara et al., “A Framework for Institutional Privacy Considered Full DNS over HTTPS Architecture,” IEEE Access, 2025.

[25] J. E. R. F. de Oliveira, “qSCMS: Post-quantum security credential management system for vehicular communications,” Ph.D. dissertation, Univ. São Paulo, Brazil, 2019.

[26] T. Waseem, “Analysis of PQConnect,” Master dissertation, Tampere University, Finland, 2025.

[27] H. Kwon, “Secure and Scalable Device Attestation Protocol with Aggregate Signature,” Symmetry, vol. 17, no. 5, p. 698, 2025.

[28] S. Paul, P. Scheible, and F. Wiemer, “Towards post-quantum security for cyber-physical systems: Integrating PQC into industrial M2M communication,” J. Comput. Security, vol. 30, no. 4, pp. 623–653, 2022.

[29] J. Samandari and C. Gritti, “Post-Quantum Authentication and Integrity in 3-Layer IoT Architectures,” in Proc. Int. Conf. Privacy, Security and Trust (PST), 2024, pp. 1–11.

[30] G. Kornaros, G. Berki, and M. Grammatikakis, “Quantum-secure communication for trusted edge computing with IoT devices,” in Proc. IFIP Int. Conf. ICT Syst. Security and Privacy Protection, 2023, pp. 163–176.

[31] J. Stapleton and W. C. Epstein, Security Without Obscurity: A Guide to PKI Operations. Boca Raton, FL, USA: CRC Press, 2024.