Placing cryptographic agility at the heart of a quantum-safe future
This Christmas, many of my daughter's electronic presents came without batteries included. Even in my small family there are different views on batteries. My uncle likes to use bargain batteries from the pound shop rather than pay any brand premium; my sister likes to use high-end long-life batteries so that she doesn't have to worry about changing them often; my brother-in-law likes to use rechargeable batteries which are better for the environment. Fortunately, the device manufacturers have made sure that my family can use their batteries of choice as drop-in alternatives, in cryptography we call this agility.
Not everything in life is so easy. For example, the cartridges for my computer printer don't work in other brands' printers nor vice-versa. This can make it a pain to find cartridges for old printers or switching to a new printer.
It is beyond doubt that cyber security will rise up the risk registers for enterprises and governments in 2024. Our data is not safe and as legacy encryption, which has served us well for many years, becomes obsolete, we need to find alternative solutions now that will harden our encryption against current and future threats - including from quantum computing. Governments including the US and UK have already implemented symmetric-key protections for their national security systems but as enterprises look to secure data with a long-time value, they need to ensure that the encryption technology they embrace is designed with cryptographic agility.
Today, security professionals agree that application and protocols should be designed with this cryptographic agility in mind. The cryptographic primitives that we use as the building blocks of security should be designed to be used interchangeably. This allows for smoother the design of smoother interfaces and, in the event that a primitive needs to be deprecated, allows for a swift and orderly migration to a new primitive rather than having to deal with legacy. At Arqit, our Symmetric Key Agreement platform can work with a wide choice of "block ciphers". Whether you prefer the standard and reliable AES, or something lightweight and ultra-low power like Ascon, or something that avoids look-up-tables like Threefish, our applications and protocols can work with all of these. The common key sizes, inputs, and outputs of symmetric cryptography are similar enough in their interfaces that it is easy for us to switch out one for another.
Not all cryptography is so nice. Public key algorithms in particular have much fewer options and the options have very different characteristics in bandwidth, key requirements and operation. This leads to big changes needing to be made to standards and APIs when we want to migrate. If a problem arises in the security of an algorithm (as is very often the case in the history of public key), it's a huge challenge to upgrade and the issues of legacy can drag on years into the future.
The brittle nature of public key cryptography inhibits products using these methods from adopting cryptographic agility. This runs the risk of future technical debt and adds to complexity which is the enemy of security. It is a sign that these primitives should only be used where absolutely necessary.
In 2024, as the world prepares for a major change to post-quantum algorithms, seismic changes are needed to remake protocols and code libraries in order to cope with significantly different public key algorithms. Migration projects are planned which are predicted to take decades. Cryptographic agility is one more reason to prefer stronger, simpler encryption.
National Quantum Strategy Mission 2 – Networking Workshop | techUK event
techUK office Workshop
National Security updates
Sign-up to get the latest updates and opportunities from our National Security programme.
Authors
