Software-Defined Cryptography: A Design Feature of Cryptographic Agility
Abstract: Given the widespread use of cryptography in Enterprise IT, migration to post-quantum cryptography (PQC) is not drop-in replacement at all. Cryptographic agility, or crypto-agility, is a design feature that enables seamless updates to new cryptographic algorithms and standards without the need to modify or replace the surrounding infrastructure. This paper introduces a notion of software-defined cryptography as the desired design feature for crypto-agility, emphasizing the role of software in providing centralized governance for cryptography and automated enforcement of cryptographic policies, such as migration to PQC.
- Ramaswamy Chandramouli. Implementation of devsecops for a microservices-based application with service mesh. NIST Special Publication, 800-204C, March 2022.
- New directions in cryptography. IEEE Transactions on Information Theory, 22(6):644–654, November 1976.
- Software-Defined Networking (SDN): Layers and Architecture Terminology. RFC 7426, January 2015.
- Transitioning organizations to post-quantum cryptography. Nature, 605:237–243, 05 2022.
- Automatic policy generation for Inter-Service access control of microservices. In 30th USENIX Security Symposium (USENIX Security 21), pages 3971–3988. USENIX Association, August 2021.
- Where is the research on cryptographic transition and agility? Communications of the ACM, 66:29–32, March 2023.
- Zero trust architecture. NIST Special Publication, 800-207, August, 2020.
- temp. Zero trust maturity model 2.0. https://www.cisa.gov/zero-trust-maturity-model, April 2023. Cybersecurity and Infrastructure Security Agency (CISA).
Paper Prompts
Sign up for free to create and run prompts on this paper using GPT-5.
Top Community Prompts
Collections
Sign up for free to add this paper to one or more collections.
