Cryptographic Agility and PQC – Why Being Adaptable Matters

Vasileios fortanix
Vasileios Galanis
Published:Feb 1, 2024
Reading Time:3mins


The cryptographic industry is rapidly changing, brought about by the emerging risk of quantum computing-aided cryptanalysis. The new attacking techniques that fully capable quantum computers will bring into play are expected to obsolete current public key cryptography algorithms. Cryptographic algorithms underpin the security of all computer infrastructures and networks as they are used for a variety of purposes such as authentication, data integrity checking, and proof of identity.

The capacity to rapidly adapt to these new conditions will provide a decisive advantage in managing the security risks for any enterprise infrastructure. The concept of ‘cryptographic agility’ is the ability to switch between cryptographic algorithms. We will describe the purpose of post-quantum cryptography, how to achieve cryptographic agility and their impact on a business and technical level.

The concept of cryptographic agility

The term ‘cryptographic agility’ (or crypto agility for short) refers to the ability to switch between different cryptographic primitives. Although the term has a technical focus of being able to rapidly deploy new cryptographic algorithms within an infrastructure, it also implies a strong business component in the form of risk management and policy creation.

More specifically, regarding the current developments in the quantum computing space, crypto agility refers to the capability of switching over from the current standard public key cryptography algorithms to the new, quantum-cryptanalysis-resistant algorithms denoted as PQC aka Post Quantum Cryptography.

The business impact of post-quantum readiness

Crypto agility has a major impact on risk management. Public key algorithms are used to protect data while stored or in transit, but they also enable access control and data integrity checking. Organizations need to be able to enumerate all sensitive data assets and create risk mitigation policies in preparation for the implementation of remediation steps. These policies will inform the decision-making process in toolset procurement, staffing, and migration project management.

Data classification is vital in identifying critical infrastructure and systems that require transition to Post-Quantum Cryptography (PQC) algorithms. This is necessary due to the 'harvest now, decrypt later' attack model. Therefore, data classification helps to prioritize data that needs to be protected by PQC algorithms. Of course, the speed with which an organization can switch to PQC has a direct impact on risk exposure and maintenance of its security posture.

Disaster recovery planning and insurance costs are directly impacted by risk management. Without a migration plan to PQC, it should be expected cyber insurance costs will increase. Investing in a toolset that enables a simple transition to PQC will translate into tangible business benefits apart from the many technical ones.

The technical impact of post-quantum agility

Public key cryptography is foundational to an organization’s security. Authentication, data integrity checking, and proof of identity all have public key cryptography at their core. From protocols like TLS and SSH to document signing and digital identity verification, all are dependent on primitives such as RSA and elliptic curve cryptography, all of which are impacted by quantum-aided cryptanalysis. As such, the impact of PQC on infrastructures and networks is wide and far-reaching.

As such, organizations need to create a complete inventory of their sensitive data assets and encryption measures, identify which protocols are used, where keys are deployed, for what purpose, and what kind of data they protect.

This needs to be followed by decisions in which technical tools and expert resources to invest, the required level of adoption of the newly standardized PQC cryptographic algorithms on all levels (operating systems, network protocols, software development) as well as extensive testing for interoperability, performance, and code security.

How Fortanix DSM helps you achieve crypto agility

The Fortanix is built from the ground up to quickly adopt new capabilities such as PQC, without disrupting operations due to complex hardware or software upgrade procedures. The platform’s internal functions will be fully PQC compliant soon after the PQC algorithms are standardized by NIST.

The Fortanix platform offers unique advantages to simplify key lifecycle management. With a REST API-based architecture, key discovery toolset, key metadata handling, and reporting and auditing capabilities that allow for automated and comprehensive management of a key estate. Fortanix Data Security Manager provides easy integration for all major applications (databases, PKIs, data signing, etc.), both on-premises and on leading cloud platforms.

All the above make Fortanix DSM an ideal tool to implement a PQC transition strategy efficiently and effectively.

Please read more about Fortanix solutions for Post-Quantum Cryptography:

Share this post: