TOPPAN Holdings, NICT, and ISARA Successfully Demonstrate Seamless Transition Technology to Post-Quantum Cryptography in Certificate Authorities
TOPPAN, NICT, and ISARA successfully demonstrated a technology to seamlessly transition certificate authorities to Post-Quantum Cryptography (PQC) without service interruption, ensuring future-proof internet security.
📋 Article Processing Timeline
- 📰 Published: April 9, 2026 at 20:05
- 🔍 Collected: April 9, 2026 at 11:30
- 🤖 AI Analyzed: April 20, 2026 at 11:15 (263h 44m after Collected)
TOPPAN Holdings Inc. (Headquarters: Bunkyo-ku, Tokyo; Representative Director and COO: Satoshi Oya; hereinafter "TOPPAN Holdings"), the National Institute of Information and Communications Technology (Headquarters: Koganei-shi, Tokyo; President: Hideo Ohno; hereinafter "NICT"), and ISARA Corporation (Headquarters: Ontario, Canada; CEO: Atsushi Yamada; hereinafter "ISARA") have successfully verified the usefulness of a seamless transition technology from current cryptography to Post-Quantum Cryptography (PQC), which is considered difficult even for quantum computers to decipher, in the mechanism of a certificate authority, which is the security foundation of internet communications.
In internet communications, security is supported by digital certificates that prove the authenticity of the communication partner, and a public key infrastructure (*1) by the certificate authority that issues and signs them. However, public key cryptography is thought to become vulnerable to quantum computers in the future, making the transition to PQC an urgent task. During this transition, quantum-proofing the cryptographic algorithm of the root certificate authority, which is at the top of the certificate authorities, poses a challenge as it may lead to service fragmentation or suspension.
In this demonstration, "digital certificates issued by a second crypto-agile root certificate authority (*4)" (hereinafter "second root certificate") developed by ISARA, which simplifies the transition from current cryptography such as ECDSA (*2) to PQC such as ML-DSA (*3), were applied to an IC card system developed by TOPPAN Holdings on a quantum cryptography network testbed constructed by NICT. Simulating an environment where current cryptography and PQC coexist during the PQC transition phase for identity authentication and web access via IC cards, the results confirmed a smooth transition to a PQC environment without stopping the existing authentication infrastructure. This contributes to a phased transition to a security level capable of countering the threat of quantum computers without suspending services in fields requiring long-term confidentiality, such as medical, financial, and administrative sectors.
A part of this demonstration was conducted with the support of the Cabinet Office's SIP program, "Promoting the Application of Advanced Quantum Technology Foundations to Social Issues" (Research Promotion Agency: National Institutes for Quantum Science and Technology). In addition, the efforts of this demonstration will be exhibited at the "6th Quantum Computing EXPO [Spring]" (Venue: Tokyo Big Sight) held from Wednesday, April 15, to Friday, April 17, 2026.
■ Background
Internet security is based on digital certificates that prove the authenticity of communication partners using public key cryptography, certificate authorities that act as trusted third-party organizations to issue and guarantee them, and a chain of certificates issued by the certificate authorities (hereinafter "certificate chain") and their verification. However, it has been pointed out that this foundational technology, public key cryptography, could potentially be deciphered by quantum computers in the future. For this reason, the National Institute of Standards and Technology (NIST), a US government agency, is advancing the standardization of PQC, selecting algorithms such as ML-DSA and ML-KEM (*5), and preparations for the transition to PQC are underway globally. Early responses are particularly required in fields that protect confidential information over a long period, such as finance, healthcare, and administration.
However, changing the cryptographic algorithm of the root certificate issued by the root certificate authority, the top of the certificate chain, poses a significant impact on the entire social infrastructure, necessitating a careful transition. Especially for so-called legacy terminals that only support the algorithms of current cryptography, deploying a new PQC certificate...
In internet communications, security is supported by digital certificates that prove the authenticity of the communication partner, and a public key infrastructure (*1) by the certificate authority that issues and signs them. However, public key cryptography is thought to become vulnerable to quantum computers in the future, making the transition to PQC an urgent task. During this transition, quantum-proofing the cryptographic algorithm of the root certificate authority, which is at the top of the certificate authorities, poses a challenge as it may lead to service fragmentation or suspension.
In this demonstration, "digital certificates issued by a second crypto-agile root certificate authority (*4)" (hereinafter "second root certificate") developed by ISARA, which simplifies the transition from current cryptography such as ECDSA (*2) to PQC such as ML-DSA (*3), were applied to an IC card system developed by TOPPAN Holdings on a quantum cryptography network testbed constructed by NICT. Simulating an environment where current cryptography and PQC coexist during the PQC transition phase for identity authentication and web access via IC cards, the results confirmed a smooth transition to a PQC environment without stopping the existing authentication infrastructure. This contributes to a phased transition to a security level capable of countering the threat of quantum computers without suspending services in fields requiring long-term confidentiality, such as medical, financial, and administrative sectors.
A part of this demonstration was conducted with the support of the Cabinet Office's SIP program, "Promoting the Application of Advanced Quantum Technology Foundations to Social Issues" (Research Promotion Agency: National Institutes for Quantum Science and Technology). In addition, the efforts of this demonstration will be exhibited at the "6th Quantum Computing EXPO [Spring]" (Venue: Tokyo Big Sight) held from Wednesday, April 15, to Friday, April 17, 2026.
■ Background
Internet security is based on digital certificates that prove the authenticity of communication partners using public key cryptography, certificate authorities that act as trusted third-party organizations to issue and guarantee them, and a chain of certificates issued by the certificate authorities (hereinafter "certificate chain") and their verification. However, it has been pointed out that this foundational technology, public key cryptography, could potentially be deciphered by quantum computers in the future. For this reason, the National Institute of Standards and Technology (NIST), a US government agency, is advancing the standardization of PQC, selecting algorithms such as ML-DSA and ML-KEM (*5), and preparations for the transition to PQC are underway globally. Early responses are particularly required in fields that protect confidential information over a long period, such as finance, healthcare, and administration.
However, changing the cryptographic algorithm of the root certificate issued by the root certificate authority, the top of the certificate chain, poses a significant impact on the entire social infrastructure, necessitating a careful transition. Especially for so-called legacy terminals that only support the algorithms of current cryptography, deploying a new PQC certificate...
FAQ
What is Post-Quantum Cryptography (PQC)?
It is a new generation of cryptographic technology that is difficult to decipher even by future quantum computers with ultra-high-speed computing capabilities.
What was groundbreaking about this proof-of-concept experiment?
It prevented service disruptions or fragmentation due to the cryptographic switch of certification authorities, and confirmed that a safe transition to PQC can be made while existing systems remain operational.
When will this technology be put into practical use?
It is expected to be gradually introduced over the next few years, starting with fields that require high security such as finance and administration, in parallel with NIST's standardization process.