On the State of Crypto Agility

18. Deutscher IT-Sicherheitskongress


Cryptographic primitives and protocols require constant modifications and adaptations in order to maintain the security of IT-systems. Many researchers argue that applying the notion of crypto-agility provides more feasible and practical updating of cryptographic systems, especially in the light of the expected transition to PQC. However, there is no unified definition for this notion, nor a common understanding of the requirements that can enable it. Moreover, it is not entirely clear what measures need to be taken in order to apply crypto-agility in practice, and which aspects and challenges exist towards this endeavor. We compare the various definitions of crypto-agility including its requirements and varying facets, and investigate the state of readiness of crypto-agility by surveying works dealing with general challenges and recommendations in this regard. We present the survey and discuss discovered challenges and solutions and utilize our findings to evaluate the state of readiness for crypto-agility.