- The paper introduces a registry-driven operational assurance framework that translates 17 standard-derived requirements into owner- and stage-specific policy actions, validated via mutation-based testing.
- It demonstrates methodological robustness by detecting all invalid artifacts (27/27) with zero false positives, outperforming tools like JZLint in post-quantum certificate evaluation.
- The work highlights the importance of explicit operational accountability by partitioning assurance tasks across CAs and importers to prevent structural and semantic failures in PQ systems.
Operational Post-Quantum X.509 Assurance for ML-KEM and ML-DSA: A Registry-Driven Model
Context and Motivation
The transition to post-quantum (PQ) cryptography at the public key infrastructure (PKI) layer is now defined by finalized standards: FIPS 203 and 204 for ML-KEM/ML-DSA, and RFC 9881/9935 for X.509 PKIX conventions. However, these standards alone are not sufficient for operational assurance—specific semantic and representation failures remain possible even when core cryptographic and encoding requirements are met. There is no standard-defined, operator-accountable workflow for partitioning assurance duties across certification authorities (CAs), artifact importers, and runtime consumers. Consequently, operational failures arise at the certificate-profile, SPKI, and private-key container surfaces, and current public-key linting tools for PQ algorithms offer no reproducible assurance pipeline with attribution to particular owners, stages, and policy actions.
Contribution and Model
This paper defines and implements an operational post-quantum X.509 assurance framework for ML-KEM and ML-DSA. The core novelty is a registry-driven artifact ("pkix-core") that reifies 17 requirements extracted from standards into an assurance registry indexed by owner (e.g., CA, importer), stage (certificate/profile, SPKI/public-key, private-key/import), detector kind, normative strength, and per-mode action (strict, deployable). These requirements are organized into three "gate packs" corresponding to operator-facing assurance bundles, and the workflow is evaluated over a frozen, mutation-based corpus of 48 artifacts with precise coverage diagnostics.
The registry clarifies:
- What requirement is checked, and why,
- At which stage and by whom,
- With what consequence under strict or deployment-oriented (deployable) policy.
A key claim is that assurance must become operationally accountable—not just a collection of lints with ambiguous enforcement.
Technical Architecture
Registry and Policy Model
The assurance registry formalizes 17 requirements split into five certificate/profile, five SPKI/public-key, and seven private-key/import checks. Each requirement is accompanied by normative provenance mapping to its clause in standards documents, operational placement in workflow, evaluation linkage to expected detections and corpus mutations, and explicit policy actions per mode.
- Certificate/profile requirements include positive and negative keyUsage rules, algorithm-specific signature AlgorithmIdentifier semantics, and explicit policy closures (e.g., PKIX exclusion of HashML-DSA).
- SPKI/public-key requirements focus on absent parameters, payload lengths, OID and key agreement, and encode/decode canonicality.
- Private-key/import requirements assure container format/lenghts, seed-expanded consistency, and, for ML-KEM, expanded-key hash relation. The importer-owned surface is explicitly modeled, separating concerns from CA-side pre-issuance gating.
Each requirement—structural, policy, import-crypto—has fully defined mappings to required mode behaviors and supporting evidence in the corpus.
Corpus Design and Evaluation
A deterministic, hash-pinned corpus contains 21 valid, 27 invalid artifacts spanning all surfaces and parameter sets. The mutation families exercise profile and representation failure modes, with detailed provenance.
The framework is evaluated in both strict (all violations block) and deployable (all block except one canonicality warning) modes, with success criteria:
- All expected invalid artifacts are detected (27/27),
- No false positives on valid artifacts,
- Stage-local coverage with no open detector gaps.
Results are robust: all active requirements are fully covered, with zero false positives and tight correspondence between policy metadata and empirical outcomes. Redundant detections are de-duplicated at the requirement level.
The paper benchmarks its registry-driven workflow against a frozen snapshot of JZLint (as the most capable prior certificate-level linter). On an apples-to-apples certificate-only comparison, JZLint detects only 5/10 expected invalids and fatally rejects 3 valid ML-KEM certificates. In contrast, the proposed artifact detects all 10/10, with no valid-certificate failures. The cross-tool behavior matrix (local, JZLint, OpenSSL, pkilint) shows substantial divergence between parse acceptance and policy conformance, and highlights runtime fragility of existing tools on modern PQ certificates—especially for ML-KEM.
A bounded public appendix with 26 external artifacts (8 certificates, 18 keys, two providers) further demonstrates external validity and toolchain divergence on real-world samples.
Operator Workflow
The executable assurance workflow is partitioned by gate pack and owner:
- CA must run both certificate/profile and SPKI/public-key gate packs pre-issuance, with clear pass/block/warn outcomes from registry-driven artifacts.
- Importer must run private-key-container/import validation before key use, leveraging a narrow, substrate-anchored bridge (frozen libcrux) for crypto-relevant consistency and hash validation.
All registry data, command lines, and evaluation outputs needed for audit or operation are emitted in machine- and human-readable forms. Strict mode is available for audit/posture replay; deployable is default for low-noise operational use, downgrading only the ML-KEM encode/decode identity check (canonicality) to warning.
Theoretical and Practical Implications
This work demonstrates that the translation from standards to deployable assurance must (a) explicitly model owner-staged boundaries, (b) attribute requirements explicitly in a registry, and (c) bind each requirement to evaluable evidence. It shows that parse acceptance, structural validity, profile conformance, and import fitness are non-equivalent judgments—overloading certificate parsing for all assurance tasks yields fatal gaps. Positive semantics (e.g., mandatory signing bits) and policy closure (e.g., disallowing HashML-DSA) are essential, not just prohibited-bit checks.
Bold claims:
- Certificate-only linting is fundamentally insufficient for ML-KEM and ML-DSA operational assurance, both empirically and architecturally.
- Parse acceptance and policy conformance by existing fielded tools are not congruent; significant classes of structural and semantic invalidities are missed by classical approaches.
- Proper operational assurance for post-quantum X.509 artifact flows is only possible with registry-driven, owner- and stage-assigned workflows.
The method—registry-driven requirement extraction, assignment, and mutation-backed coverage—generalizes across both semantic and representation-layer PQ standards, and can be extended as further artifact families and stages are standardized.
Limitations and Future Directions
- Scope is intentionally limited: ML-KEM, ML-DSA, final PKIX layer, three gate packs, no runtime-consumer coverage.
- Registry's policy actions, and baseline comparisons, are specific to the implemented/frozen artifacts and host environment.
- Public appendix and cross-tool layers are bounded and non-prevalence-supporting.
Future work includes expanding the registry to runtime-consumer boundaries, scaling to broader PQ artifact families and hybrid profiles, and extending policy-matrix expressivity for deployment.
Conclusion
By codifying X.509 PQ artifact assurance as an attributional, registry-driven, mode-aware workflow, this work provides both a rigorous theoretical model and a practical deployment playbook. It fills gaps left by prior PQ linting, certificate-only evaluation, and informal toolchain adaptation. The implication for assurance engineering is clear: post-quantum transition at the PKI layer must move toward reproducible, operator-accountable, and evidence-backed enforcement at each boundary, rather than relying on parse-based or monolithic certificate linters. The approach and toolchain localization set a methodological baseline for the evolving PQ infrastructure landscape.
Reference:
"From Public-Key Linting to Operational Post-Quantum X.509 Assurance for ML-KEM and ML-DSA: Registry-Driven Policy, Mutation-Based Evaluation, and Import Validation" (2604.17003)