Paper 2023/1539
ELCA: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era
, VMware xLabs, VMware xLabsAbstract
Given the importance of cryptography to modern security and privacy solutions, it is surprising how little attention has been given to the problem of \textit{cryptographic agility}, or frameworks enabling the transition from one cryptographic algorithm or implementation to another. In this paper, we argue that traditional notions of cryptographic agility fail to capture the challenges facing modern enterprises that will soon be forced to implement a disruptive migration from today’s public key algorithms (e.g., RSA, ECDH) to quantum-safe alternatives (e.g., CRYSTALS-KYBER). After discussing the challenge of real-world cryptographic transition at scale, we describe our work on enterprise-level cryptographic agility for secure communications based on orchestrated \textit{cryptographic providers}. Our policy-driven approach, prototyped in service mesh, provides a much-needed re-envisioning for cryptographic agility and highlights what’s missing today to enable disruptive cryptographic change at scale.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Preprint.
- Keywords
- Cryptographic AgilityPost-Quantum CryptographyPQCEnterpriseCrypto Provider
- Contact author(s)
-
sikeridisd @ vmware com
dott @ vmware com
shuntley @ vmware com - History
- 2023-10-09: approved
- 2023-10-07: received
- See all versions
- Short URL
- https://ia.cr/2023/1539
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2023/1539,
author = {Dimitrios Sikeridis and David Ott and Sean Huntley and Shivali Sharma and Vasantha Kumar Dhanasekar and Megha Bansal and Akhilesh Kumar and Anwitha U N and Daniel Beveridge and Sairam Veeraswamy},
title = {{ELCA}: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era},
howpublished = {Cryptology {ePrint} Archive, Paper 2023/1539},
year = {2023},
url = {https://eprint.iacr.org/2023/1539}
}
