If you think of software as a building, you might say it’s made up of code blocks. Many of these building blocks are custom-built for a specific application. Others are standard components and used in many buildings—cryptographic algorithms and functions are a prime example of this.
In a qualitative interview study with 21 international participants, CISPA researcher Alexander Krause explored the challenges faced by experienced software developers when they want to renew existing crypto implementations—or even create better cryptographic building blocks from scratch.
The CISPA study will be presented on August 14, 2025, at the Usenix Security Symposium in Seattle, U.S..
Crypto Agility—or: Why does crypto become outdated?
Cryptographic algorithms are fundamental building blocks in the development of new applications. They ensure that data and information can be communicated in encrypted form, reliably protected from the prying eyes of unauthorized third parties.
Unlike most other code sequences, certain cryptographic implementations lose their effectiveness over time. As other technological fields advance, for example, if computers significantly gain processing power, asymmetric encryption can potentially become vulnerable.
Quantum computing is a textbook example of this. As CISPA researcher Krause explains, “If connections are encrypted with TLS, those data streams can’t be decrypted yet—but it’s very likely that this will be possible in the future. Quantum computers will be able to compute far more efficiently, because they’re not just using the binary states 0 and 1, but the three states 0, 1, and 01 simultaneously.”
Computing with three possible states enables quantum machines to solve mathematical problems much faster, and to use new, more efficient algorithms that aren’t available on “conventional” computers.
Updating cryptographic implementations is thus a recurring task—and one with far-reaching implications for software users. If crypto updates go awry, the consequences for overall software security can be severe. In this context, Krause refers to the concept of “crypto agility.”
“This recurring update process for cryptographic implementations ideally begins with something called ‘crypto agility. It means that when developers are designing a software, they already keep in mind that they may need to replace or update the cryptographic implementation at some point…
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We 5guruayurveda.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on. For any glitch kindly connect at 5guruayurveda.com
