"Post-Quantum Cryptography does not change why we use PKI. It changes how trust is established, signed, exchanged, and validated"

Classical PKI vs Post-Quantum PKI

What Stays the Same, What Changes

What Stays the Same

  • X.509 certificate model

  • Trust chains (Root → Intermediate → End-entity)

  • Certificate lifecycle (issuance, renewal, revocation)

  • PKI governance and policies

What Changes

  • Cryptographic algorithms

  • Key and signature sizes

  • Certificate sizes

  • Performance characteristics

  • Infrastructure assumptions

"PQC does not replace PKI - it replaces the cryptography inside PKI"

Algorithm Mapping: Classical vs PQC

Key Exchange

Purpose

Classical PKI

PQC-Enabled PKI

Secure key exchange

RSA, DH, ECDH

ML-KEM (Kyber)

Security basis

Factoring / discrete log

Lattice-based problems

Digital Signatures

Purpose

Classical PKI

PQC-Enabled PKI

Certificate signing

RSA, ECDSA

ML-DSA (Dilithium)

Stateless signatures

ECDSA

SLH-DSA (SPHINCS+)

"NIST-selected PQC algorithms are designed for standardization and large-scale deployment, not academic elegance"

Key, Signature & Certificate Size Comparison

PQC introduces larger cryptographic artifacts.

Indicative Sizes (Approximate)

Item

Classical

PQC

Public key

64–256 bytes

1–2 KB

Signature

64–512 bytes

1–3 KB

End-entity certificate

~1 KB

3–6 KB

Certificate chain

Small

Significantly larger

"Larger keys and certificates impact networks, devices, and validation services"

Performance & Operational Impact

Computational Impact

  • PQC algorithms often:

    • Have faster key generation

    • Require more memory

    • Have larger data movement costs

Network Impact

  • Larger TLS handshakes

  • Bigger OCSP responses

  • Larger CRLs

  • Increased latency on constrained networks

Storage Impact

  • Certificate databases grow faster

  • Logs and archives increase in size

  • Embedded storage constraints become relevant

Impact on PKI Components

Certificate Authorities (CAs)

  • Larger signing operations

  • Longer certificate issuance pipelines

  • Increased HSM interaction complexity

Validation Services

  • OCSP and CRLs grow in size

  • Timestamp tokens become larger

  • Long-term validation artifacts expand

Relying Parties

  • Applications must support new algorithms

  • Certificate parsing and validation logic must evolve

"PQC is not “slower” everywhere - but it is different everywhere"

Hybrid PKI: Classical + PQC Together

Most real-world deployments will not switch overnight.

Hybrid Approaches Include:

  • Dual signatures (classical + PQC)

  • Hybrid key exchange in TLS

  • Parallel certificate chains

Benefits:

  • Backward compatibility

  • Defense-in-depth

  • Gradual ecosystem transition

Trade-offs:

  • Larger certificates

  • More complex validation

  • Increased operational overhead

"Hybrid PKI is not a compromise - it is a strategy."

Why PQC-PKI Is Not a Simple Upgrade

PQC affects assumptions that were previously “free”:

  • Network MTUs

  • HSM throughput

  • Certificate parsing limits

  • Embedded firmware constraints

Ignoring these leads to:

  • Failed deployments

  • Performance regressions

  • Incompatibility issues

"PQC readiness is an engineering problem, not a checkbox"

What This Comparison Tells Us

  • PQC-enabled PKI is inevitable

  • Classical PKI assumptions no longer hold

  • Size, performance, and compatibility must be engineered

  • Transition planning matters more than algorithm choice

FAQ

What fundamentally changes in PKI when moving from classical to post-quantum cryptography?

The core PKI trust model remains the same, but the cryptographic primitives change. Classical PKI relies on RSA and ECC for key exchange and digital signatures, which are vulnerable to quantum attacks. Post-Quantum PKI replaces or augments these with quantum-resistant algorithms such as ML-KEM and ML-DSA. This shift affects key sizes, certificate structures, validation performance, storage requirements, and interoperability across PKI components.

How does certificate lifecycle management change with PQC?

Certificate lifecycle management becomes more critical with PQC. Larger keys and signatures increase processing costs, making long-lived certificates less desirable. Organizations are expected to shorten certificate lifetimes, automate issuance and renewal, and improve visibility into certificate usage. PKI systems must support faster rotation, scalable revocation mechanisms, and automated monitoring to manage the increased operational load.

Does Post-Quantum PKI replace classical PKI immediately?

No. The industry is moving toward hybrid PKI, where classical and post-quantum algorithms are used together. Hybrid certificates or hybrid key exchanges ensure security even if one algorithm is later compromised. This approach provides backward compatibility, aligns with NIST and NSA guidance, and allows organizations to transition gradually without breaking existing trust relationships.

How do key and certificate sizes differ between classical PKI and PQC-based PKI?

Post-quantum algorithms use significantly larger public keys and signatures than RSA or ECC. For example, an ECC public key may be only a few dozen bytes, whereas a PQC public key or signature can be several kilobytes. This increases certificate sizes, TLS handshake payloads, OCSP responses, and log storage. PKI systems must therefore handle higher bandwidth usage, larger databases, and increased memory consumption.

What is the impact of PQC on TLS, code signing & document signing?

  • In TLS, PQC primarily affects key exchange and authentication, increasing handshake sizes and potentially latency.
  • For code signing and document signing, larger signatures affect storage, transmission, and verification times.
  • Long-term validation (LTV) becomes more important, as documents and binaries must remain verifiable even after classical algorithms are deprecated.
  • PKI architectures must adapt to ensure performance and compliance are maintained.

Can existing PKI infrastructure be reused for Post-Quantum PKI?

Partially. Core PKI concepts such as CAs, trust anchors, and certificate chains remain valid, but many components require upgrades. Cryptographic libraries, HSMs, CAs, and validation services must support PQC algorithms and hybrid modes. Systems that are crypto-agile can adapt more easily, while legacy or hard-coded environments may require replacement or significant redesign.