应用加密和区块链2020cryptographic-agility-anticipating-preparing-for-and-executing-change
SESSION ID:ACB-T11
Cryptographic Agility: Anticipating, Preparing for and Executing ChangeMODERATOR:
Dr. Lily Chen
Manager of Cryptographic Technology GroupComputer Security Division
Information Technology Lab, NIST
PANELISTS:
Dr. David Ott
Senior Staff Researcher and Academic Program DirectorVMware Research
Dr.Zulfikar Ramzan
Chief Technology OfficerRSA
Dr. Brian LaMacchia
Distinguished EngineerMicrosoft
#RSAC
Cryptography Lifetime: Algorithm Strength Over Time
#RSAC
Cryptographic Agility: Addressing Change
Technology advancements and more sophisticated cryptanalysis empower attackers and increase threat levelsCryptography needs to change over time
Ex: Improvements in hash collision finding, future quantum computersAlgorithms become deprecated and need removalNew primitives and algorithms are introducedLarger key/signature/ciphertext sizes are neededAlternative parameter sets are introduced
#RSAC
Cryptographic Agility: a capability allowing us to make smooth transitions between algorithms and configurations3
Cryptographic Agility: Discussion Topics
1.
#RSAC
2.3.
4.
In the applications, products, or services your organization deploys, produces or provides, what does crypto agility mean and how has it been handled?
What have we learned from cryptography transitions in the past, and how might this motivate improvements?
What are the major challenges in dealing with transitions, for
example, from the current adopted cryptosystems to new quantum-resistant algorithms? Possible technical paths for transition?What strategies which you think might improve cryptographic agility?
4
Cryptographic Agility: What Can You Do Today
Build and maintain an inventory of current uses of cryptography in your systems and applications.
–Include algorithms, parameters, key sizes, protocols, etc.
#RSAC
Test transition ahead of time.
–For PQC, you can use Open Quantum Safe (OQS, https://openquantumsafe.org/) implementations to test candidate algorithms and PQC-enabled protocols.
Ask your suppliers for details on how they provide cryptographic agility in their systems and services.
Participate in industry forums discussing cryptography transition and the frameworks that will enable it.
–E.g., NIST PQC, IETF work on TLS hybrids
5