Next-Generation SPIFFE/SPIRE Identity Management Systems with Post-Quantum Cryptography Algorithms

Quantum transition reached a new level of importance since NIST standardized post-quantum cryptographic algorithms in late 2024. Consequently, several studies addressed the required changes in existing technologies and systems embracing post-quantum algorithms to face an imminent quantum threat. Cloud-based environments are no different, especially when assuring correct authentication and authorization. We address the usage of post-quantum primitives embedded in identity-management systems, a crucial entity inside distributed systems. Our proposal is based on SPIFFE / SPIRE, an open-source framework for secure identity production, integrating post-quantum and classical primitives in a hybrid manner. Moreover, we discuss using X.509 certificates as part of our infrastructure and their performance, combining different digital signature algorithms.

In the 25th IEEE international Symposium on Cluster, Cloud and Internet Computing