Toward a Common Understanding of Cryptographic Agility -- A Systematic Review

TL;DR

This paper systematically reviews and clarifies the concept of cryptographic agility, providing a comprehensive definition and exploring its relationship with related concepts to improve understanding and application in security practices.

Contribution

It offers a systematic review of definitions, synthesizes a canonical definition, and explores the relationships between cryptographic agility and related concepts.

Findings

Identified six categories of cryptographic agility definitions

Established a comprehensive, canonical definition

Explored the relationship with cryptographic versatility and interoperability

Abstract

Cryptographic agility is gaining attention due to its crucial role in maintaining cryptographic security in a rapidly evolving technological landscape. However, despite its increasing importance, the term cryptographic agility remains vaguely defined and there is no clear consensus on its exact meaning. This lack of clarity poses a challenge since the need for agility becomes more urgent as new cryptographic vulnerabilities and advanced computing threats emerge, emphasizing the need for a systematic approach to clarify and refine the notion on cryptographic agility. In this paper, we systematize the concept of cryptographic agility by providing three research contributions. First, we review current definitions across academic and gray literature, identifying six distinct categories to differentiate every aspect within the definitions. Second, we synthesize these insights to establish a comprehensive, canonical definition of cryptographic agility. Third, we explore the relationship between cryptographic agility and the related concepts cryptographic versatility and interoperability. In our discussion, we examine the relevance of cryptographic agility, highlight its trade-offs with complexity, assess its individual applicability, and illustrate its various contexts by offering an additional application-specific definition. Our work provides a new perspective on cryptographic agility and related concepts, based on systematical research to clarify and enhance its future use.