Paper 2023/1539

ELCA: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era

Dimitrios Sikeridis, VMware xLabs
David Ott, VMware Research
Sean Huntley, VMware xLabs
Shivali Sharma, VMware xLabs
Vasantha Kumar Dhanasekar, VMware xLabs
Megha Bansal, VMware xLabs
Akhilesh Kumar, VMware xLabs
Anwitha U N, VMware xLabs
Daniel Beveridge, VMware Incubation
Sairam Veeraswamy, VMware xLabs
Abstract

Given the importance of cryptography to modern security and privacy solutions, it is surprising how little attention has been given to the problem of \textit{cryptographic agility}, or frameworks enabling the transition from one cryptographic algorithm or implementation to another. In this paper, we argue that traditional notions of cryptographic agility fail to capture the challenges facing modern enterprises that will soon be forced to implement a disruptive migration from today’s public key algorithms (e.g., RSA, ECDH) to quantum-safe alternatives (e.g., CRYSTALS-KYBER). After discussing the challenge of real-world cryptographic transition at scale, we describe our work on enterprise-level cryptographic agility for secure communications based on orchestrated \textit{cryptographic providers}. Our policy-driven approach, prototyped in service mesh, provides a much-needed re-envisioning for cryptographic agility and highlights what’s missing today to enable disruptive cryptographic change at scale.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint.
Keywords
Cryptographic AgilityPost-Quantum CryptographyPQCEnterpriseCrypto Provider
Contact author(s)
sikeridisd @ vmware com
dott @ vmware com
shuntley @ vmware com
History
2023-10-09: approved
2023-10-07: received
See all versions
Short URL
https://ia.cr/2023/1539
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1539,
      author = {Dimitrios Sikeridis and David Ott and Sean Huntley and Shivali Sharma and Vasantha Kumar Dhanasekar and Megha Bansal and Akhilesh Kumar and Anwitha U N and Daniel Beveridge and Sairam Veeraswamy},
      title = {{ELCA}: Introducing Enterprise-level Cryptographic Agility for a Post-Quantum Era},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1539},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1539}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.