Paper 2023/1539

ELCA: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era

Dimitrios Sikeridis, VMware xLabs
David Ott, VMware Research
Sean Huntley, VMware xLabs
Shivali Sharma, VMware xLabs
Vasantha Kumar Dhanasekar, VMware xLabs
Megha Bansal, VMware xLabs
Akhilesh Kumar, VMware xLabs
Anwitha U N, VMware xLabs
Daniel Beveridge, VMware Incubation
Sairam Veeraswamy, VMware xLabs

Given the importance of cryptography to modern security and privacy solutions, it is surprising how little attention has been given to the problem of \textit{cryptographic agility}, or frameworks enabling the transition from one cryptographic algorithm or implementation to another. In this paper, we argue that traditional notions of cryptographic agility fail to capture the challenges facing modern enterprises that will soon be forced to implement a disruptive migration from today’s public key algorithms (e.g., RSA, ECDH) to quantum-safe alternatives (e.g., CRYSTALS-KYBER). After discussing the challenge of real-world cryptographic transition at scale, we describe our work on enterprise-level cryptographic agility for secure communications based on orchestrated \textit{cryptographic providers}. Our policy-driven approach, prototyped in service mesh, provides a much-needed re-envisioning for cryptographic agility and highlights what’s missing today to enable disruptive cryptographic change at scale.

Available format(s)
Publication info
Cryptographic AgilityPost-Quantum CryptographyPQCEnterpriseCrypto Provider
Contact author(s)
sikeridisd @ vmware com
dott @ vmware com
shuntley @ vmware com
2023-10-09: approved
2023-10-07: received
See all versions
Short URL
Creative Commons Attribution


      author = {Dimitrios Sikeridis and David Ott and Sean Huntley and Shivali Sharma and Vasantha Kumar Dhanasekar and Megha Bansal and Akhilesh Kumar and Anwitha U N and Daniel Beveridge and Sairam Veeraswamy},
      title = {ELCA: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era},
      howpublished = {Cryptology ePrint Archive, Paper 2023/1539},
      year = {2023},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.