Cryptographic agility (also referred to as ''crypto-agility'') is a practice paradigm in designing

information security Information security, sometimes shortened to InfoSec, is the practice of protecting information by mitigating information risks. It is part of information risk management. It typically involves preventing or reducing the probability of unauthorize ...

protocols and standards in a way so that they can support multiple

cryptographic primitive Cryptographic primitives are well-established, low-level cryptographic algorithms that are frequently used to build cryptographic protocols for computer security systems. These routines include, but are not limited to, one-way hash functions and ...

s and

algorithms In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing c ...

at the same time. Then the systems implementing a particular standard can choose which combination of primitives they want to use. The primary goal of cryptographic agility was to enable rapid adaptations of new

s and

without making disruptive changes to the systems' infrastructure. Cryptographic agility acts as a safety measure or an incident response mechanism when a cryptographic primitive of a system is discovered to be vulnerable. A security system is considered crypto agile if its cryptographic algorithms or parameters can be replaced with ease and is at least partly automated. The impending arrival of a quantum computer that can break existing asymmetric cryptography is raising awareness of the importance of cryptographic agility.

Example

The

X.509 In cryptography, X.509 is an International Telecommunication Union (ITU) standard defining the format of public key certificates. X.509 certificates are used in many Internet protocols, including TLS/SSL, which is the basis for HTTPS, the secure ...

public key certificate In cryptography, a public key certificate, also known as a digital certificate or identity certificate, is an electronic document used to prove the validity of a public key. The certificate includes information about the key, information about the ...

illustrates crypto-agility. A public key certificate has cryptographic parameters including key type, key length, and a

hash algorithm A hash function is any function that can be used to map data of arbitrary size to fixed-size values. The values returned by a hash function are called ''hash values'', ''hash codes'', ''digests'', or simply ''hashes''. The values are usually u ...

. X.509 version v.3, with key type RSA, a 1024-bit key length, and the SHA-1 hash algorithm were found by

NIST The National Institute of Standards and Technology (NIST) is an agency of the United States Department of Commerce whose mission is to promote American innovation and industrial competitiveness. NIST's activities are organized into physical sci ...

to have a key length that made it vulnerable to attacks, thus prompting the transition to SHA-2.

Importance

With the rise of secure transport layer communication in the end of the 1990s, cryptographic primitives and algorithms have been increasingly more popular; as an example, by 2019 more than 80% of all website employed some form of security measures. Furthermore, cryptographic techniques are widely incorporated to protect applications and business transactions. However, as cryptographic algorithms are deployed, researching their security intensifies, and new attacks against cryptographic primitives (old and new alike) are discovered in short intervals. Crypto-agility tries to tackle the implied threat to information security by allowing swift deprecation of vulnerable primitives and replacement by new ones. This threat is not merely theoretical; many algorithms that were once considered secure (

DES Des is a masculine given name, mostly a short form (hypocorism) of Desmond. People named Des include: People * Des Buckingham, English football manager * Des Corcoran, (1928–2004), Australian politician * Des Dillon (disambiguation), sever ...

, 512 bit RSA,

RC4 In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...

) are now known to be vulnerable, some even to amateur attackers. On the other hand, new algorithms ( AES,

Elliptic Curve Cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide e ...

) are often both more secure and faster in comparison to old ones. Systems designed to meet crypto-agility criteria are expected to be less affected should current primitives are found vulnerable, and may enjoy better latency or battery usage by using new and improved primitives. As an example,

quantum computing Quantum computing is a type of computation whose operations can harness the phenomena of quantum mechanics, such as superposition, interference, and entanglement. Devices that perform quantum computations are known as quantum computers. Though ...

, if feasible, is expected to be able to defeat existing public key cryptography algorithms. The overwhelming majority of the existing public key infrastructure rely on the computational hardness of problems such as large

integer factorization In number theory, integer factorization is the decomposition of a composite number into a product of smaller integers. If these factors are further restricted to prime numbers, the process is called prime factorization. When the numbers are suf ...

and

discrete logarithm In mathematics, for given real numbers ''a'' and ''b'', the logarithm log''b'' ''a'' is a number ''x'' such that . Analogously, in any group ''G'', powers ''b'k'' can be defined for all integers ''k'', and the discrete logarithm log''b' ...

problems (which includes

elliptic-curve cryptography Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography (based on plain Galois fields) to provide e ...

as a special case). Quantum computers running

Shor's algorithm Shor's algorithm is a quantum algorithm, quantum computer algorithm for finding the prime factors of an integer. It was developed in 1994 by the American mathematician Peter Shor. On a quantum computer, to factor an integer N , Shor's algorithm ...

can solve these problems exponentially faster than the best known algorithms for conventional computers.

Post-quantum cryptography In cryptography, post-quantum cryptography (sometimes referred to as quantum-proof, quantum-safe or quantum-resistant) refers to cryptographic algorithms (usually public-key algorithms) that are thought to be secure against a cryptanalytic attack b ...

is the subfield of cryptography that aims to replace algorithms broken with new ones that are believed hard to break even for a quantum computer. The main families of post-quantum alternatives to factoring and discrete logarithm include

lattice-based cryptography Lattice-based cryptography is the generic term for constructions of cryptographic primitives that involve lattices, either in the construction itself or in the security proof. Lattice-based constructions are currently important candidates for pos ...

multivariate cryptography Multivariate cryptography is the generic term for asymmetric cryptographic primitives based on multivariate polynomials over a finite field F. In certain cases those polynomials could be defined over both a ground and an extension field. If the ...

hash-based cryptography Hash-based cryptography is the generic term for constructions of cryptographic primitives based on the security of hash functions. It is of interest as a type of post-quantum cryptography. So far, hash-based cryptography is used to construct digit ...

and code-based cryptography.

Awareness

System evolution and crypto-agility are not the same. System evolution progresses on the basis of emerging business and technical requirements. Crypto-agility is related instead to computing infrastructure and requires consideration by security experts, system designers and application developers.

Best practices

Best practices about dealing with crypto-agility include: * All business applications involving any sort of cryptographic technology should incorporate the latest algorithms and techniques. * Crypto-agility requirements must be disseminated to all hardware, software and service suppliers, who must comply on a timely basis; suppliers who cannot address these requirements must be replaced. * Suppliers must provide timely updates and identify the crypto technology they employ. * Quantum-resistant solutions should be taken in mind. *

Symmetric-key algorithm Symmetric-key algorithms are algorithms for cryptography that use the same cryptographic keys for both the encryption of plaintext and the decryption of ciphertext. The keys may be identical, or there may be a simple transformation to go between th ...

should be flexible in their key lengths. * Hash algorithms should support different lengths of outputs. * Digital certificate and private key rotations must be automated. * Comply with standards and regulations. * The names of the algorithms used should be communicated and not assumed or defaulted.

References

{{Authority control Cryptographic algorithms