Agility and Private Keys (G30c)
The talk will address the challenges that we face when we need to either migrate from one cryptographic scheme to another or be able to support multiple cryptographic schemes. Even when we are able to obtain cryptographic agility from algorithmic point of view, the migration of key material still remains an open issue. We present a solution with various versions of it. The presentation will also contain security discussion and various secure customizations of the approach. The main building blocks of the scheme are TRNGs, symmetric and asymmetric cryptographic primitives, randomness and key generation functions. The approach also gives an option to incorporate legacy keys, if required. At the same time, the compromise of a specific key, does not affect the other keys, based on the same agile key. This is one of the important building blocks of cryptographic agility and migration process, which not only allows an easier migration between cryptographic schemes, but also allows one to easily use and manage keys for various schemes simultaneously. This is an important property, as we will most likely have multiple post-quantum schemes defined as a standard.