<- Back to the blog

RWC 2022: Where is the Research on Crypto-Agility?

Rob Edmondson
May 30, 2022

Real World Crypto 2022 recently concluded after a successful hybrid event in Amsterdam. With so much emphasis landing on post-quantum cryptography so far in 2022, a talk presented by David Ott really caught our attention:
Where Is the Research on Cryptographic Transition and Agility”

It’s a fair point.

In 2022, most major organisations have agreed that Crypto-Agility is critical for a secure and efficient future. The question is no longer “should we do it?” but rather; “how do we do it?”.

In response to this there is a startling hole in the current literature.

With David Ott’s provocative question ringing in our ears, we have recently discovered a fantastic paper he co-authored with Christopher Peikert of the University of Michigan in 2019. The work is inspired by a workshop held by the Computing Community Consortium (CCC) in 2019 with 30 industry participants from Google, Microsoft, Intel, Cisco, IBM and many other major research functions at leading tech companies.

The paper may be from 2019, but it is a goldmine of incisive questions and recommendations for crypto-agility that will probably be even more valuable for us 2022. In short, we need new research and models that expand crypto-agility to be practical and useful given the many potential pitfalls that could occur in any migration.

Asking Better Questions About Crypto-Agility

When we think of migrating to post quantum cryptography, we often start with: “where is our cryptography?” and “how do I migrate it?”

The immense value of Ott & Pelkert’s paper is that it focuses our attention on a layer of questions that sit below these more obvious ones. Making a much more solid starting point for our migration project.

I've shared below a quick exposition of some of the most illuminating ones:

- How will a migration affect performance?

An often overlooked challenge for migrations to post quantum cryptography is the impact on performance. PQC means larger key sizes, more complex algorithms, or both; and this in turn means there will be a notable jump in computation, memory, storage, and communication requirements for global infrastructure. 

- How will a migration affect security?

There is also the question of security. In some instances PQC introduces new variables that need to be configured, such as dimensions in lattice schemes or code length and dimensions in code based schemes. 

- Will there be risks to uptime for critical systems during migrations?

Inevitably there will be disruption to some systems during the migration, but this is especially concerning in cases where systems are mission critical or must continue to operate continuously. Any possibility of downtime may delay or prevent the upgrade process.

- How do you migrate where there are cross-stack dependencies?

As Ott writes: “While migration may seem as simple as changing a library at a single layer in the stack, in fact, there are often implicit dependencies that introduce complexities. For example, digital certificates may be parsed at the application layer, cryptographic keys may be managed by an infrastructure management agent, or network security mechanisms may be tuned to particular packet sequences for a given cryptographic protocol.”

- How do you migrate legacy systems?

Most established businesses have a few legacy systems lurking in the basement, and some of them were not built with the necessary openness for a migration of cryptography. In such cases organisations currently lack the guidance they need to proceed with post quantum cryptography with confidence.

- When should you migrate?

As it stands most literature and timelines focus on the roadmap for the submission, evaluation, and eventual release of post quantum cryptography. However, as we enter 2022 there is an urgent need for much more precision and definition on the steps involved in migration and exactly how and when different organisations should initiate them.

Where Is the Research on Cryptographic Transition and Agility?

The fact of the matter is that our existing research comes nowhere near taking into account the challenging questions listed above.

Fortunately, even back in 2019, Ott and Peikert called out “the need for broadening and recasting the scope of cryptographic agility in light of the size and complexity of global PQC migration challenge.” And this is exactly what they start to work on: how could we anatomize crypto-agility to be more useful and address the kinds of challenges that the 2019 workshop brought up.

They propose 8 possible modalities to start:

Implementation Agility Do the application interfaces and policy configuration frameworks facilitate migration across implementations?
Compliance Agility How easily can newly migrated cryptography within the application be configured to meet various compliance standards?
Security Strength Agility How easily can parameters be adjusted to ensure a new implementation is secure?
Migration Agility How easily can you move from one scheme to another - including conversion?
Retirement Agility How easily can you enforce the retirement of obsolete or insecure algorithms?
Composability Agility The ability to combine cryptographic building blocks in a secure way.
Platform Agility The ability to use assured cryptographic algorithms across different platform types.
Context Agility How easily do variables like algorithm choice or strength policy get derived from system attributes like data classification or location?

Conclusion: Real Crypto-Agility means Good Cryptography Management, but faster than before.

It turns out that novel concepts like “Crypto-Agility” are vacuous if they are not built out of good old fashioned common sense questions like: “did I configure that correctly?” or “how do I ensure this is FIPS compliant?” 

The only difference is that now we are asking them in the context of agility: “how fast can I get this configured correctly?” or “how fast can we ensure this new cryptography is FIPS compliant?” which are exactly the same questions organisations ask when introducing Agile & DevOps into their development functions. 

In short, successful crypto-agility just means getting your people, process, and technology aligned to do best practice cryptography faster than ever. 

To go deeper on Crypto-Agility and get real tangible guidance on how to achieve it within your organisation, you can read our Building a Crypto-Agile Organisation whitepaper here