The SOG-IS Crypto Working Group has published a new version (v1.3) of their document on agreed cryptographic mechanisms.
Below, we highlight some of the differences and similarities between the new version, v1.3, and the previous version (v1.2) of this document:
- The use of an RSA modulus of size above 3000 bits (n ≥ 3000 bits) is recommended for RSA schemes; this has not changed since the last version of the document.
- The acceptance deadline for the legacy use of an RSA modulus of size above 1900 bits but less than 3000 bits (1900 ≤ n < 3000) is set to December 31st, 2025. Note that this acceptance deadline has not changed since the last version of the SOG-IS document. So, the usage of RSA based schemes with a modulus of size 2048 bits ceases to be agreed after December 31st, 2025.
- The digital signature scheme RSA-PKCS#1v1.5 is accepted as legacy mechanism at least until 2030 (under the assumption that an RSA modulus of size above 3000 bits is used). So, the acceptance deadline for this legacy digital signature scheme has been extended by 3 years (from 2027 to 2030) since version v1.2 of the SOG-IS document.
- Regarding the TLS protocol, which is used to secure communications over the Internet, the versions TLSv1.2 and TLSv1.3 are recommended in the new version v1.3 of the SOG-IS document on agreed cryptographic mechanisms. Also, TLS ciphersuites which offer perfect forward secrecy are recommended. Both recommendations have already been made in the previous version of the document.
In contrast to version v1.2 of the SOG-IS document on agreed cryptographic mechanisms, which was not specific about ways to achieve resilience against quantum attackers (having access to large-scale quantum computers), version v1.3 of the document recognizes that the deployment of hybrid solutions (meaning, a combination of a traditional scheme with a post-quantum scheme) for asymmetric mechanisms appears to be the most appropriate way to transition to quantum resilience. Hybrid schemes can be run on classical computers and achieve security against classical attackers, if at least one scheme is secure, as well as security against quantum attackers, if the post-quantum scheme is secure.
The current version of the ETSI TS 119 312 (2022-02) technical specification on cryptographic suites is based on the SOG-IS document on agreed cryptographic mechanisms (v1.2) and will most likely be updated. The ETSI TS 119 312 technical specification is referenced in ETSI ESI standards which are used in eIDAS conformity assessments of qualified trust service providers (e.g., ETSI EN 319 411-1, ETSI ESI 319 421). Those providers use, for example, digital signature schemes to sign the (qualified) certificates for electronic signatures issued to their customers, who can then use the private key associated to their (qualified) certificates for electronic signatures to sign electronic documents such as tax declarations or contracts.