cryptolib: comparing and selecting cryptography libraries

Publication
EICC ‘22: European Interdisciplinary Cybersecurity Conference, Barcelona, Spain, Juni 15-16, 2022

Abstract

Selecting a library out of numerous candidates can be a laborious and resource-intensive task. We present the cryptolib index, a tool for decision-makers to choose the best fitting cryptography library for a given context. To define our index, 15 library attributes were synthesized from findings based on a literature review and interviews with decision-makers. These attributes were afterwards validated and weighted via an online survey. In order to create the index value for a given library, the individual attributes are assessed using given evaluation criteria associated with the respective attribute. As a proof of concept and to give a practical usage example, the derivation of the cryptolib values for the libraries BouncyCastle and Tink are shown in detail. Overall, by tailoring the weighting of the cryptolib attributes to their current use case, decision-makers are enabled to systematically select a cryptography library fitting best to their software project at hand in a guided, repeatable and reliable way.