#KEYMASTER: The State of Hybrid Certificates in a Post-Quantum World

In this #KEYMASTER session, Sven Rajala sat down with Chief PKI Officer Tomas Gustavsson to unpack a question many security teams are actively grappling with: where do hybrid certificate formats stand today as we move toward post-quantum cryptography (PQC)?

What followed was a clear-eyed look at how the industry has moved from experimentation to execution—and why having fewer, better-defined options is actually a sign of progress.

Watch video on YouTube

From Many Ideas to Practical Reality

Over the past few years, the cryptographic community has explored multiple approaches to easing the transition from classical cryptography to PQC. These included a variety of hybrid certificate formats—such as chimera (a.k.a catalyst or X.509 alternative’s), composite, and chameleon certificates—alongside the option of moving directly to pure post-quantum certificates.

While this diversity sparked innovation, Tomas explains that it also created uncertainty. Organizations preparing for real-world deployment struggled to choose between options when it wasn’t clear which ones would survive the standardization process and which would quietly fade away.

The Options That Fell Away

That uncertainty has begun to resolve itself. One of the clearest examples is chameleon certificates, which were ultimately discontinued in the standardization process and are no longer being updated. Their removal narrowed the field and reduced complexity for adopters.

Chimera certificates follows a similar path. Initially appealing due to their backward compatibility, they proved difficult to implement in practice. Key elements—such as certificate signing request (CSR) generation—were never fully realized, and gaps in the standards discouraged widespread adoption. As a result, industry interest in chimera certificates has steadily declined, although there are still use case pockets.

Where the Industry Is Converging

With those approaches falling away, the landscape has consolidated around two viable paths:

• Pure PQC certificates, the safest and most future-proof option when organizations are able to adopt them.
• Composite certificates, which combine classical and post-quantum algorithms, are rapidly gaining industry momentum.

For hybrid options composite certificates, in particular, are seeing strong backing from major vendors and are already being implemented in real-world solutions. Rather than theoretical constructs, they are now being used to solve practical post-quantum transition challenges.
Classical cryptography—RSA and ECC—will still be around for some time, but the long-term goal is clear: a full transition away from classical-only security once standards and timelines are firmly established.

Standards Are Catching Up—Fast

One of the most encouraging takeaways from the discussion is how quickly standardization is progressing. Final  standards for pure PQC algorithms in soem use cases have been released recently, and composite standards for PKI are expected very soon. Even production-ready object identifiers (OIDs) are already defined, signaling that PQC is moving rapidly from theory into deployment-ready reality.

Tooling Is Ready Too

Importantly, the ecosystem is keeping pace. Cryptographic libraries like Bouncy Castle—a long-standing leader in the space—already support these emerging algorithms. That includes both experimental formats and production-quality implementations, giving organizations a practical path to start testing and deploying today.

A Clearer Path Forward

The conversation closes on an optimistic note. What once felt like an overwhelming array of choices has narrowed into a clearer, more manageable roadmap. With pure PQC and composite certificates emerging as the dominant approaches, organizations now have the clarity they need to plan their post-quantum strategies with confidence.

The post-quantum future isn’t hypothetical anymore—it’s taking shape, and the industry finally knows which direction to move.

Key Takeaways

• The early experimentation phase for hybrid certificate formats is ending, and the industry is converging on clearer standards.
• Chameleon certificates are no longer being pursued, and chimera certificates are steadily losing relevance due to implementation complexity.
• Pure PQC certificates are the preferred option when feasible, currently offering the simplest adoption in production-ready use cases.
• Composite certificates are the leading hybrid approach, with strong industry backing and real-world deployments underway.
• Classical cryptography will persist in the short term, but its role is expected to diminish as PQC standards mature.
• PQC standardization is moving quickly, with finalized algorithms and protocols, upcoming composite standards, and production-ready OIDs already in place.
• Tooling and libraries—such as Bouncy Castle—are ready today, enabling organizations to begin practical PQC adoption now.

Learn more

• Post-Quantum Cryptography (PQC) Readiness
• #KEYMASTER: The Current State of Composites Signatures and Certificates
• Workshop: Zero Touch PQC PKI Deployment with Kubernetes, Helm, and PQC Composite Certificates