Abstract

Context:Crypto-agility, a name that stems from agile methodologies for software development, means the ability to modify quickly and securely cryptographic algorithms in the event of a compromise. The advent of quantum computing poses existential threats to current cryptography, having the power to breach current cryptography systems. Objective:We investigated whether and to what extent agile practices for software development are suited to support crypto-agility, or not. In particular, we discuss their usefulness in the context of substituting current algorithms with quantum-resistant ones. Method:First, we analyzed the literature to define a subset of 15 agile practices potentially relevant to cryptographic software development. Then, we developed a questionnaire to assess the suitability of agile practices for obtaining crypto-agility. We performed a Web search of relevant documents about crypto-agility and quantum resistance and sent their authors the questionnaire. We also sent the questionnaire to cybersecurity officers of four Italian firms. We analyzed and discussed the responses to 32 valid questionnaires. Results:The respondents’ affiliations are evenly distributed between researchers and developers. Most of them are active, or somehow active, in quantum-resistant cryptography and use agile methods. Most of the agile practices are deemed to be quite useful, or very useful to get crypto-agility, the most effective being Continuous Integration and Coding Standards; the least appreciated is Self-organizing Team. Conclusion:According to researchers and developers working in the field, the safe transition of cryptographic algorithms to quantum-resistant ones can benefit from the adoption of many agile practices. Further software engineering research is needed to integrate agile practices in more formal cryptographic software development processes.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.