3.7.7 Cryptographic Agility

Cryptographic agility refers to the ability of the DGT network to adapt and upgrade its cryptographic algorithms and protocols over time. It is essential for ensuring the long-term security and resilience of the system against evolving threats and advancements in cryptographic research. The DGT network incorporates cryptographic agility as a fundamental principle to maintain the confidentiality, integrity, and availability of data. This allows the network to stay resilient in the face of emerging cryptographic vulnerabilities or the need to adopt stronger cryptographic primitives:

• Algorithm Flexibility: The network is designed to support multiple cryptographic algorithms and protocols, allowing for a seamless transition from one algorithm to another. This flexibility ensures that the network can adopt more secure algorithms when necessary or phase out deprecated ones.

• Key Management: The system employs robust key management practices, including the secure generation, storage, and rotation of cryptographic keys. This enables efficient and secure key updates when transitioning to new algorithms or cryptographic mechanisms.

• Upgrade Mechanisms: The DGT network is equipped with upgrade mechanisms that facilitate the deployment of new cryptographic algorithms and protocols. These mechanisms ensure a smooth transition by allowing nodes to upgrade their software and cryptographic libraries without disrupting the network's operation.

• Standard Compliance: The network adheres to recognized cryptographic standards and best practices. It incorporates widely accepted cryptographic algorithms and protocols from reputable cryptographic libraries and organizations, ensuring interoperability and compatibility with existing cryptographic infrastructure.

• Research and Monitoring: The DGT team actively monitors advancements in cryptographic research and industry standards. It stays informed about potential vulnerabilities or weaknesses in existing algorithms and protocols and takes proactive measures to mitigate risks by upgrading to more secure alternatives.

In line with its commitment to security, the DGT network is also exploring future updates to enhance quantum resistance. One approach under consideration is the integration of NTRU lattice-based cryptography. NTRU is a post-quantum cryptographic algorithm that offers resistance against attacks by quantum computers. It is based on the mathematical principles of lattice theory, which provides a secure foundation for encryption and key exchange.

NTRU employs a lattice-based structure where computational problems related to lattice theory are used to secure communications. The algorithm's security is rooted in the difficulty of solving lattice problems, even for powerful quantum computers. By incorporating NTRU into the cryptographic agility framework of the DGT network, the system aims to future-proof its security against the threat of quantum computers. The adoption of NTRU in the DGT network will involve the development and integration of NTRU-based cryptographic libraries and protocols. This will ensure that the network can securely generate and manage NTRU-based keys, perform encryption and decryption operations, and establish secure communication channels resistant to quantum attacks.