Papers
Topics
Authors
Recent
Search
2000 character limit reached

Merkle Tree Certificate Post-Quantum PKI for Kubernetes and Cloud-Native 5G/B5G Core

Published 5 Apr 2026 in cs.CR | (2604.04191v1)

Abstract: Post-quantum signature schemes such as ML-DSA-65 produce signatures of 3,309 bytes and public keys of 1,952 bytes over 50 times larger than classical Ed25519. In TLS-authenticated environments like Kubernetes control planes and 5G Core networks, where every inter-component connection is mutually authenticated, this overhead compounds across thousands of handshakes per second. Merkle Tree Certificates (MTC), currently under development at IETF, replace per-certificate issuer signatures with Merkle inclusion proofs and, in the landmark mode, eliminate on-wire signatures from certificate authentication entirely. We present MTC-based PKI architectures for Kubernetes and 3GPP 5G Service-Based Architecture. Starting from the infrastructure layer, we replace the Kubernetes cluster CA with an MTCA deployment that issues MTC certificates to control plane components, with cosigners and a DaemonSet-based landmark distributor. Building on this, we design a certificate lifecycle for 5G Network Functions deployed against QORE, a post-quantum 5G Core. We implement MTC proof construction and verification in Go crypto/tls and crypto/x509 packages. Our measurements on an Intel i9-12900 show MTC landmark verification completing in under 2 μs compared to 24 microseconds for ECDSA signature verification-with no measurable impact on TLS handshake time. We further propose a 6G-native architecture where the NRF serves as the MTCA and the SCP as witness cosigner, and discuss applicability to Non-Terrestrial Networks.

Summary

  • The paper introduces a Merkle Tree Certificate system that replaces issuer signatures with Merkle inclusion proofs and cosignatures, significantly reducing bandwidth.
  • It demonstrates an 85% reduction in PQ certificate chain size and landmark verification speedups of 12–28× (classical) and 200–400× (ML-DSA-65).
  • The design integrates with Kubernetes and 5G/B5G core infrastructures to enable scalable, low-latency PKI with transparent index-based certificate revocation.

Merkle Tree Certificate PKI for Post-Quantum Cloud-Native 5G/B5G and Kubernetes

Motivation: Post-Quantum Signature Overhead in Cloud-Native Environments

Recent advances in PQC, exemplified by NIST’s ML-DSA-65 standard, necessitate the adoption of post-quantum algorithms in PKI. However, ML-DSA-65 signatures (3,309 bytes) and keys (1,952 bytes) generate a 51× bandwidth increase over Ed25519, with per-handshake certificate chains (including CT SCTs) ballooning to more than 13,000 bytes. The compounded cost in Kubernetes, 5G SBA, and other environments utilizing frequent mTLS handshakes, potentially induces unacceptable latency and packet fragmentation, directly violating latency budgets in 5G and 6G infrastructures. Classical PKI revocation mechanisms (CRL/OCSP) introduce additional operational bottlenecks and cannot be efficiently scaled to meet 5G/6G’s zero-trust architecture needs.

Merkle Tree Certificates: Architecture and Certificate Lifecycle

Merkle Tree Certificates (MTC), as discussed in the evolving IETF specification, replace per-certificate issuer signatures with Merkle inclusion proofs and employ a cosigner network to countersign checkpoints, supporting signatureless authentication in the landmark operational mode. Each certificate is represented as a leaf in an append-only Merkle tree maintained by the CA, where inclusion proofs replace issuer signatures and cosignatures attest log consistency.

MTC defines two certificate modes:

  • Standalone Certificates: Include inclusion proofs and cosignatures; verifiable by parties trusting the cosigners.
  • Landmark Certificates: Signatureless unless a pre-distributed subtree hash is available; proof size is constant, decoupled from cryptographic scheme.

Certificate Lifecycle:

  • Certificate requests (CSR) from NFs in Kubernetes/5G are submitted to MTCA, validated against bootstrapped X.509, appended to Merkle log, and cosigned.
  • Landmarks (subtree hashes) distributed via DaemonSet; NFs/clients mount landmark files for hash-only verification.
  • Revocation is conducted by index ranges, eliminating CRL/OCSP dependence. Figure 1

    Figure 1: Landmark certificates with varying number of leaves illustrate how proof size scales logarithmically, enabling constant authentication cost regardless of underlying signature scheme.

Integration in Kubernetes and Cloud-Native 5G/B5G

The paper proposes mapping MTC roles to Kubernetes constructs: MTCA as a Deployment, cosigners as independent pods, landmark distributor as a DaemonSet. Certificate issuances and credential rotations utilize Kubernetes native APIs (cert-manager ExternalIssuer CRD). Control-plane components (API server, kubelet, controller-manager, scheduler) seamlessly transition from classical X.509 to MTC-based certification, preserving RBAC semantics, with bootstrapped trust anchored by the MTCA log ID and cosigner keys. Landmark distribution ensures that signatureless, efficient authentication is possible even in high-throughput, ephemeral connection environments typical of 5G SBA.

For 5G core integration, the proposed design maps the NRF as the MTCA and the SCP as witness cosigner, embedding MTC operations into NF registration, certificate lifecycle, and SBI mTLS flows. This architecture is extended to B5G/6G, with recommended standardization of MTC in NF management APIs and event notification mechanisms (e.g., landmark events).

Performance and Bandwidth Reduction

Empirical evaluation on an Intel i9-12900 demonstrates landmark verification in sub-2 µs, compared to 24 µs for ECDSA-P256, with negligible impact on total TLS handshake latency. MTC landmark certificates reduce PQ certificate wire size from ~17,500 bytes (ML-DSA-65 X.509 chains) to ~2,900 bytes—a reduction of approximately 85%. Certificate authentication with landmark mode is hash-only, yielding verification speedups in the order of 12–28× (classical ECDSA) and 200–400× projected for ML-DSA-65. Figure 2

Figure 2

Figure 2

Figure 2: Results comparing ECDSA P-256 with MTC (Standalone and Landmark modes), highlighting bandwidth reduction and verification latency improvements.

Transparency, Revocation, and Challenges

MTC guarantees certificate transparency and log integrity via cosigner signatures, mirrors, and effective monitoring. Revocation by index enables constant-time, strictly offline checks, improving resilience in NTN and high-latency environments. Notably, MTC landmark authentication decouples operational cost from signature scheme, preserving bandwidth and computational efficiency across both classical and PQ deployments.

Challenges include increased operational complexity in private PKI deployments, cross-PLMN cosigner scaling for roaming, specification maturity (draft volatility), landmark staleness, and log pruning. These limit immediate universal adoption, particularly given the lack of current 3GPP standardization.

Implications and Future Directions

Theoretical implications include a fundamentally new trust distribution paradigm in private PKI, with strong cryptographic guarantees for transparency, log integrity, and scalability. Practically, MTC enables consistent PQ-readiness in cloud-native infrastructure, facilitating frictionless adoption of PQC without the latency and bandwidth penalties of ML-DSA or SLH-DSA signatures.

Anticipated future developments:

  • Standardization of native MTC in 6G core (via extensions to NRF/SCP APIs).
  • Potential elimination of CertificateVerify for short-lived landmark certificates, achieving fully hash-based authentication.
  • Integration with CMPv2 for RAN and transport automation.
  • Expanding MTC for satellite PKI, NTN, and high-latency edge scenarios.
  • Decentralized PKI constructions with multi-operator cosigner governance.

Conclusion

MTC-based PKI offers substantial reductions in certificate transmission and verification overhead in post-quantum environments, with strong transparency and revocation mechanisms suitable for Kubernetes, 5G/B5G, and prospective 6G networks. The architecture enables practical deployment of PQ PKI, addressing core challenges of bandwidth, latency, auditability, and operational scalability while supporting future standardization and protocol refinements.

Paper to Video (Beta)

No one has generated a video about this paper yet.

Whiteboard

No one has generated a whiteboard explanation for this paper yet.

Open Problems

We haven't generated a list of open problems mentioned in this paper yet.

Collections

Sign up for free to add this paper to one or more collections.