SoK: Towards a Common Understanding of Cryptographic Agility

Cryptographic agility is gaining attention due to its crucial role in maintaining cryptographic security in a rapidly evolving technological landscape. However, despite its increasing importance, the term cryptographic agility remains vaguely defined and there is no clear consensus on its exact meaning. This lack of clarity poses a challenge since the need for agility becomes more urgent as new cryptographic vulnerabilities and advanced computing threats emerge, emphasizing the need for a systematic approach to clarify and refine the notion on cryptographic agility. In this paper, we systematize the concept of cryptographic agility by providing three research contributions. First, we review current definitions across academic and gray literature, identifying six distinct categories to differentiate every aspect within the definitions. Second, we synthesize these insights to establish a comprehensive, canonical definition of cryptographic agility. Third, we explore the relationship between cryptographic agility and the related concepts cryptographic versatility and interoperability. In our discussion, we examine the relevance of cryptographic agility, highlight its trade-offs with complexity, assess its individual applicability, and illustrate its various contexts by offering an additional application-specific definition. Our work provides a new perspective on cryptographic agility and related concepts, based on systematical research to clarify and enhance its future use.