IBM Team Designs Intent-Based Cryptographic API for Algorithm Transition

A new cryptographic API design, developed by Navaneeth Rameshan and Grégoire Messmer at IBM, addresses software engineering challenges in the transition to post-quantum cryptography. The current cryptographic APIs limit flexibility because of their algorithm-specific design and lack of support for policy-based selection. The design identifies key architectural principles, Abstraction, Stability, Temporal Flexibility, Separation, and Extensibility, and implements them using Protocol Buffers API design patterns. Decoupling key creation from specific algorithms with an intent vocabulary and using stable key identifiers with evolution tracking enables cryptographic updates as an operational process, avoiding extensive application code rewrites and streamlining the path towards future-proof security.

Intent-based cryptographic agility via decoupled API design and architectural principles

A six-fold increase in cryptographic agility is now achievable, shifting from algorithm-specific key creation to intent-based approaches. Previously, adopting new algorithms, such as those needed for post-quantum cryptography, required extensive code changes throughout software deployments, presenting a significant barrier. The novel API design decouples key creation from specific algorithms, enabling transparent substitution and key evolution without application rewrites, a feat impossible with conventional systems.

This advancement transforms cryptographic updates from a complex software engineering task into a manageable operational process, streamlining the path to future-proof security and reducing organisational risk. Five architectural principles, Abstraction, Stability, Temporal Flexibility, Separation, and Extensibility, underpin this work, implemented through Protocol Buffers API design patterns. These principles facilitate key evolution operations like rotation, transformation, and migration, allowing keys to move between algorithms and providers while maintaining a traceable history.

The design supports an operational approach to cryptographic updates, moving away from extensive code rewrites. The team demonstrated this capability by implementing an intent vocabulary based on scopes, decoupling key creation from specific algorithm identities. An abstract policy layer is also incorporated, enabling cryptographic governance without prescribing a specific policy format, alongside a batch evaluation feature that assesses the impact of policy changes on existing keys, streamlining pre-migration assessments. While the system successfully manages cryptographic agility with a six-fold improvement, the current assessment does not quantify the scalability limits of the BatchEvaluatePolicy variant with extremely large key sets.

Intent-driven key management facilitates algorithmic flexibility

The core technique centres around decoupling key creation from specific algorithms, achieved through an intent vocabulary. This vocabulary defines the purpose of encryption, such as confidentiality or authentication, rather than dictating the precise cryptographic method. It’s akin to specifying a desired outcome without predetermining how to achieve it. By expressing cryptographic needs as high-level intents, applications request keys based on these intents, and the system dynamically selects a suitable algorithm and provider. Key identifiers remain stable, supporting evolution through rotation, transformation, and migration, while templates define concrete algorithms and parameters with lifecycle states like ‘active’ or ‘deprecated’. The system uses a resolution chain, encompassing scope, policy, template, and provider, to bind application intent to cryptographic execution, enabling operational updates without code changes. This complex interplay of components allows for a flexible and adaptable cryptographic infrastructure.

Decoupling algorithms enhances cryptographic agility and facilitates post-quantum transition

Transitioning to post-quantum cryptography demands a fundamental rethink of how organisations manage their cryptographic foundations, moving beyond ad-hoc fixes to a proactive, operational model. Decoupling algorithms from key creation achieves a six-fold improvement in agility, although the current framework relies heavily on a resolution chain to dynamically select algorithms. Assessing the performance impact of the two-phase policy evaluation process, and scaling it to extremely large key sets, remains an open question.

Acknowledging the challenges of updating cryptographic algorithms across complex software systems does not diminish the value of improved designs. The approach enables applications to update cryptography without rewriting code, a significant benefit as post-quantum cryptographic algorithms are adopted. Current cryptographic APIs often expect specific algorithms and lack support for policy-based selection or key migration, limiting agility as algorithm transitions require changes to multiple source files.

Decoupling algorithm selection from key generation allows organisations to update security protocols without extensive code changes, an important step as quantum computing capabilities develop. The transition to durable cryptography can begin now, and is already underway for many institutions. This delivers a new architectural approach to cryptographic agility, decoupling the intent of encryption from the specific algorithms used to achieve it. This separation enables organisations to update cryptographic methods as an operational task, avoiding costly software revisions when transitioning to post-quantum standards. By defining security requirements through an intent vocabulary, applications request keys based on purpose, allowing the system to dynamically select appropriate algorithms and providers. This fundamentally shifts cryptographic management from a code-dependent process to a policy-driven one, raising questions regarding automated policy generation and validation to further simplify future updates.

The research demonstrated that decoupling algorithms from key creation improves cryptographic agility six-fold. This matters because current cryptographic systems often require significant code changes when updating algorithms, creating a substantial challenge for organisations transitioning to post-quantum cryptography. The new approach allows security protocols to be updated without rewriting code, enabling a more operational and less disruptive transition. Researchers identified design principles and an intent vocabulary to achieve this, representing keys with stable identifiers and supporting algorithm substitutions within defined scopes.