FORM 2
THE PATENTS ACT, 1970
(39 of 1970)
&
THE PATENT RULES, 2003
COMPLETE SPECIFICATION
(See Section 10 and Rule 13)
Title of invention:
METHOD AND SYSTEM FOR RECOMMENDING QUANTUM SAFE CRYPTOGRAPHIC OPERATIONS IN APPLICATIONS
Applicant
Tata Consultancy Services Limited
A company Incorporated in India under the Companies Act, 1956
Having address:
Nirmal Building, 9th floor,
Nariman point, Mumbai 400021,
Maharashtra, India
Preamble to the description:
The following specification particularly describes the invention and the manner in which it is to be performed.
2
TECHNICAL FIELD
[001]
The disclosure herein generally relates to the field of cybersecurity and, more particularly, to a method and system for recommending quantum safe cryptographic operations in applications.
BACKGROUND 5
[002]
Cryptography is the technique which is used for doing secure communication between two parties in the public environment where unauthorized users and malicious attackers are present. In cryptography there are two processes i.e. encryption and decryption performed at sender and receiver end respectively. Encryption is the process where a simple multimedia data is combined with some 10 additional data (known as key) and converted into unreadable encoded format known as Cipher. Decryption is the reverse method as that of encryption where the same key is used to decode the cipher and it is converted into real multimedia data. Applications use crypto algorithms/classical crypto algorithms to enable confidentiality, integrity and availability of the enterprise systems and such 15 applications are becoming vulnerable to quantum risk as quantum computers with sufficient qubits can break public key crypto systems and reduce the security of symmetric and asymmetric crypto systems to half. Hence, there is a need to migrate the classical crypto algorithms to Post Quantum Cryptographic (PQC) algorithms.
[003]
There are multiple post quantum algorithms with different security 20 levels, key size and operations resulting in different time and memory requirements. However, some prior arts mainly focus on converting a piece of code for PQC or replace the existing code with PQC code. Some other prior arts focus on converting only vulnerable cryptographic data assets without considering optimization techniques. Hence there is a challenge in converting crypto code in applications 25 from classical computers to PQC considering optimization.
SUMMARY
[004]
Embodiments of the present disclosure present technological 30 improvements as solutions to one or more of the above-mentioned technical problems recognized by the inventors in conventional systems. For example, in one
3
embodiment, a method for
recommending quantum safe cryptographic operations in applications is provided. The method includes receiving, via one or more hardware processors, an application pipeline for Post Quantum Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion comprises a plurality of application 5 statements. Further, the method includes identifying, via the one or more hardware processors, a plurality of classical cryptographic schemes associated with each of the plurality of applications by analyzing an associated plurality of application statements and an associated plurality of enterprise objectives using an analyzer. Furthermore, the method includes identifying, via the one or more hardware 10 processors, a plurality of potential classical cryptographic schemes for PQC conversion by mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with a plurality of PQC schemes based on a plurality of application constraints, wherein the plurality of application constraints comprises an algorithm category, an associated security level and a risk 15 value and, wherein the plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined security level threshold and (ii) the risk value greater than a predefined risk threshold. Furthermore, the method includes computing, via the one or more hardware processors, a PQC conversion limit for each of the plurality of 20 applications based on the associated plurality of enterprise objectives using a proportional matching based limit setter. Furthermore, the method includes identifying, via the one or more hardware processors, a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the associated plurality of enterprise 25 objectives is less than the computed PQC conversion limit, wherein a plurality of security levels and a plurality of risk values associated with the identified plurality of potential PQC schemes are obtained. Furthermore, the method includes iteratively selecting, via the one or more hardware processors, a potential PQC scheme from among the plurality of potential PQC schemes based on a plurality of 30 constraints, wherein the plurality of constraints comprises the associated plurality
4
of enterprise objectives,
the security level and the risk value. Furthermore, the method includes obtaining, via the one or more hardware processors, an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme. Furthermore, the method includes iteratively obtaining, via the one or more 5 hardware processors, an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying the security level associated with each of the plurality of potential PQC schemes until the predefined security level threshold and (ii) by reducing enterprise objective values until the predefined objective threshold. Furthermore, the method includes updating, via the one or more hardware 10 processors, the initial allocation for each of the plurality of applications with plurality of optimal PQC schemes. Finally, the method includes providing recommendations, via the one or more hardware processors, as an alternative to each of the plurality of classical cryptographic schemes based on the plurality of optimal PQC schemes using a recommendation system. 15
[005]
In another aspect, a recommending quantum safe cryptographic operations in applications is provided. The system includes at least one memory storing programmed instructions, one or more Input /Output (I/O) interfaces, and one or more hardware processors operatively coupled to the at least one memory, wherein the one or more hardware processors are configured by the programmed 20 instructions to receive an application pipeline for Post Quantum Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion comprises a plurality of application statements. Further, the one or more hardware processors are configured by the programmed instructions to identify, a plurality of classical cryptographic schemes 25 associated with each of the plurality of applications by analyzing an associated plurality of application statements and an associated plurality of enterprise objectives using an analyzer. Furthermore, one or more hardware processors are configured by the programmed instructions to identify a plurality of potential classical cryptographic schemes for PQC conversion by mapping the plurality of 30 classical cryptographic schemes associated with each of the plurality of application
5
statements with a plurality of PQC schemes based on a plurality of
application constraints, wherein the plurality of application constraints comprises an algorithm category, an associated security level and a risk value and, wherein the plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined security level threshold and 5 (ii) the risk value greater than a predefined risk threshold. Furthermore, the one or more hardware processors are configured by the programmed instructions to compute, a PQC conversion limit for each of the plurality of applications based on the associated plurality of enterprise objectives using a proportional matching based limit setter. Furthermore, the one or more hardware processors are configured by 10 the programmed instructions to identify, via the one or more hardware processors, a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the associated plurality of enterprise objectives is less than the computed PQC conversion limit, wherein a plurality of security levels and a plurality of risk values associated with the 15 identified plurality of potential PQC schemes are obtained. Furthermore, the one or more hardware processors are configured by the programmed instructions to iteratively select a potential PQC scheme from among the plurality of potential PQC schemes based on a plurality of constraints, wherein the plurality of constraints comprises the associated plurality of enterprise objectives, the security level and 20 the risk value. Furthermore, the one or more hardware processors are configured by the programmed instructions to obtain an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme. Furthermore, the one or more hardware processors are configured by the programmed instructions to iteratively 25 obtain, an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying the security level associated with each of the plurality of potential PQC schemes until the predefined security level threshold and (ii) by reducing enterprise objective values until the predefined objective threshold. Furthermore, the one or more hardware processors are configured by the 30 programmed instructions to update the initial allocation for each of the plurality of
6
applications
with plurality of optimal PQC schemes. Finally, the one or more hardware processors are configured by the programmed instructions to provide recommendation, as an alternative to each of the plurality of classical cryptographic schemes based on the plurality of optimal PQC schemes using a recommendation system. 5
[006]
In yet another aspect, a computer program product including a non-transitory computer-readable medium embodied therein a computer program for recommending quantum safe cryptographic operations in applications is provided. The computer readable program, when executed on a computing device, causes the computing device to receive an application pipeline for Post Quantum 10 Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion comprises a plurality of application statements. Further, the computer readable program, when executed on a computing device, causes the computing device to identify, a plurality of classical cryptographic schemes associated with each of the plurality of applications 15 by analyzing an associated plurality of application statements and an associated plurality of enterprise objectives using an analyzer. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to identify a plurality of potential classical cryptographic schemes for PQC conversion by mapping the plurality of classical cryptographic schemes associated 20 with each of the plurality of application statements with a plurality of PQC schemes based on a plurality of application constraints, wherein the plurality of application constraints comprises an algorithm category, an associated security level and a risk value and, wherein the plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined 25 security level threshold and (ii) the risk value greater than a predefined risk threshold. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to compute, a PQC conversion limit for each of the plurality of applications based on the associated plurality of enterprise objectives using a proportional matching based limit setter. Furthermore, 30 the computer readable program, when executed on a computing device, causes the
7
computing device to
identify, via the one or more hardware processors, a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the associated plurality of enterprise objectives is less than the computed PQC conversion limit, wherein a plurality of security levels and a plurality of risk values associated with the 5 identified plurality of potential PQC schemes are obtained. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to iteratively select a potential PQC scheme from among the plurality of potential PQC schemes based on a plurality of constraints, wherein the plurality of constraints comprises the associated plurality of enterprise objectives, 10 the security level and the risk value. Furthermore, the computer readable program, when executed on a computing device, causes the computing device to obtain an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme. Furthermore, computer readable program, when executed on a computing 15 device, causes the computing device to iteratively obtain, an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying the security level associated with each of the plurality of potential PQC schemes until the predefined security level threshold and (ii) by reducing enterprise objective values until the predefined objective threshold. Furthermore, the computer readable 20 program, when executed on a computing device, causes the computing device to update the initial allocation for each of the plurality of applications with plurality of optimal PQC schemes. Finally, the computer readable program, when executed on a computing device, causes the computing device to provide recommendation, as an alternative to each of the plurality of classical cryptographic schemes based 25 on the plurality of optimal PQC schemes using a recommendation system.
[007]
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.
30
8
BRIEF DESCRIPTION OF THE DRAWINGS
[008]
The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate exemplary embodiments and, together with the description, serve to explain the disclosed principles:
[009]
FIG. 1A is a functional block diagram of a system for recommending 5 quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure.
[010]
FIG. 1B illustrates a broad level functional architecture of the system for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure. 10
[011]
FIG. 2A and FIG. 2B (also referred to as FIG. 2) illustrate a flow diagram for a processor implemented method for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure.
[012]
FIG. 3 illustrates an example flow diagram for algorithm category 15 mapping for the processor implemented method for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure.
[013]
FIG. 4 illustrates an example flow diagram for limit setting for the processor implemented method for recommending quantum safe cryptographic 20 operations in applications, in accordance with some embodiments of the present disclosure.
[014]
FIG. 5 illustrates an example flow diagram for optimal Post Quantum Cryptographic (PQC) allocation for the processor implemented method for recommending quantum safe cryptographic operations in applications, in 25 accordance with some embodiments of the present disclosure.
[015]
FIG. 6 illustrates an example flow diagram for constraint compliance checking for the processor implemented method for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure. 30
9
[016]
FIG. 7 illustrates a sample application format used for experimenting the processor implemented method for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure.
5
DETAILED DESCRIPTION OF EMBODIMENTS
[017]
Exemplary embodiments are described with reference to the accompanying drawings. In the figures, the left-most digit(s) of a reference number identifies the figure in which the reference number first appears. Wherever convenient, the same reference numbers are used throughout the drawings to refer 10 to the same or like parts. While examples and features of disclosed principles are described herein, modifications, adaptations, and other implementations are possible without departing from the spirit and scope of the disclosed embodiments.
[018]
To overcome the challenges of the conventional approaches, embodiments herein provide a method and system for recommending quantum safe 15 cryptographic operations in applications. The present disclosure paves way for transferring of application that are using classical cryptographic algorithms/operations (which are vulnerable to quantum attacks) to be replaced by appropriate post quantum cryptography algorithms/schemes/operations. Since Post Quantum Cryptographic (PQC) algorithms are more secure against quantum 20 attacks, they result in more execution time and resource requirements. Hence, it becomes necessary to select those PQC algorithms that satisfy enterprise constraints on time and memory. Due to presence of various PQC algorithms and security levels with different key size and operations there is a requirement for recommender that can ensure optimal conversion from classical cryptographic schemes to PQC 25 schemes at appropriate security levels. This lowers the risk and the selected PQC algorithms also satisfies the enterprise security requirements.
[019]
Referring now to the drawings, more particularly to FIG. 1A through FIG. 7, where similar reference characters denote corresponding features consistently throughout the figures, there are shown preferred embodiments, and 30
10
these embodiments are described in the context of the following exemplary system
and/or method.
[020]
FIG. 1A is a functional block diagram of a system 100 for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present disclosure. The system 100 5 includes or is otherwise in communication with hardware processors 102, at least one memory such as a memory 104, an Input /Output (I/O) interface 112. The hardware processors 102, memory 104, and the I/O interface 112 may be coupled by a system bus such as a system bus 108 or a similar mechanism. In an embodiment, the hardware processors 102 can be one or more hardware processors. 10
[021]
The I/O interface 112 may include a variety of software and hardware interfaces, for example, a web interface, a graphical user interface, and the like. The I/O interface 112 may include a variety of software and hardware interfaces, for example, interfaces for peripheral device(s), such as a keyboard, a mouse, an external memory, a printer and the like. Further, the I/O interface 112 15 may enable the system 100 to communicate with other devices, such as web servers, and external databases.
[022]
The I/O interface 112 can facilitate multiple communications within a wide variety of networks and protocol types, including wired networks, for example, local area network (LAN), cable, etc., and wireless networks, such as 20 Wireless LAN (WLAN), cellular, or satellite. For the purpose, the I/O interface 112 may include one or more ports for connecting several computing systems with one another or to another server computer. The I/O interface 112 may include one or more ports for connecting several devices to one another or to another server.
[023]
The one or more hardware processors 102 may be implemented as 25 one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, node machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions. Among other capabilities, the one or more hardware processors 102 is configured to fetch and execute computer-readable instructions stored in memory 104. 30
11
[024]
The memory 104 may include any computer-readable medium known in the art including, for example, volatile memory, such as static random access memory (SRAM) and dynamic random access memory (DRAM), and/or non-volatile memory, such as read only memory (ROM), erasable programmable ROM, flash memories, hard disks, optical disks, and magnetic tapes. In an 5 embodiment, memory 104 includes a plurality of modules 106. Memory 104 also includes a data repository (or repository) 110 for storing data processed, received, and generated by the plurality of modules 106.
[025]
The plurality of modules 106 includes programs or coded instructions that supplement applications or functions performed by the system 100 10 for recommending quantum safe cryptographic operations in applications. The plurality of modules 106, amongst other things, can include routines, programs, objects, components, and data structures, which perform particular tasks or implement particular abstract data types. The plurality of modules 106 may also be used as, signal processor(s), node machine(s), logic circuitries, and/or any other 15 device or component that manipulates signals based on operational instructions. Further, the plurality of modules 106 can be used by hardware, by computer-readable instructions executed by the one or more hardware processors 102, or by a combination thereof. The plurality of modules 106 can include various sub-modules (not shown). The plurality of modules 106 may include computer-readable 20 instructions that supplement applications or functions performed by the system 100 for recommending quantum safe cryptographic operations in applications. For example, the plurality of modules includes an analyzer module 120 (shown in FIG. 1B), a category mapper module 122 (shown in FIG. 1B), a limit setter module 124 (shown in FIG. 1B), a PQC allocator module 126 (shown in FIG. 1B), a PQC 25 constraint compliance module 128 (shown in FIG. 1B) and a recommendation module 130 (shown in FIG. 1B).
[026]
FIG. 1B illustrates a broad level functional architecture for a processor implemented method for recommending quantum safe cryptographic operations in applications, in accordance with some embodiments of the present 30 disclosure.
12
[027]
The data repository (or repository) 110 may include a plurality of abstracted pieces of code for refinement and data that is processed, received, or generated as a result of the execution of the plurality of modules in the module(s) 106.
[028]
Although the data repository 110 is shown internal to the system 5 100, it will be noted that, in alternate embodiments, the data repository 110 can also be implemented external to the system 100, where the data repository 110 may be stored within a database (repository 110) communicatively coupled to the system 100. The data contained within such an external database may be periodically updated. For example, new data may be added into the database (not shown in FIG. 10 1A) and/or existing data may be modified and/or non-useful data may be deleted from the database. In one example, the data may be stored in an external system, such as a Lightweight Directory Access Protocol (LDAP) directory and a Relational Database Management System (RDBMS). The working of the components of the system 100 are explained with reference to the method steps depicted in FIG. 2. 15
[029]
FIG. 2 is an exemplary flow diagrams illustrating a method 200 for recommending quantum safe cryptographic operations in applications implemented by the system of FIG. 1A and 1B, according to some embodiments of the present disclosure. In an embodiment, the system 100 includes one or more data storage devices or the memory 104 operatively coupled to the one or more hardware 20 processor(s) 102 and is configured to store instructions for execution of steps of the method 200 by the one or more hardware processors 102. The steps of method 200 of the present disclosure will now be explained with reference to the components or blocks of system 100 as depicted in FIG. 1A and 1B and the steps of flow diagram as depicted in FIG. 2. The method 200 may be described in the general context of 25 computer executable instructions. Generally, computer executable instructions can include routines, programs, objects, components, data structures, procedures, modules, functions, etc., that perform particular functions or implement particular abstract data types. Method 200 may also be practiced in a distributed computing environment where functions are performed by remote processing devices that are 30 linked through a communication network. The order in which the method 200 is
13
described is not intended to be construed as a limitation, and any number of the
described method blocks can be combined in any order to implement the method 200, or an alternative method. Furthermore, the method 200 can be implemented in any suitable hardware, software, firmware, or combination thereof.
[030]
At step 202 of method 200, one or more hardware processors 102 5 are configured by the programmed instructions to receive an application pipeline for Post Quantum Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion includes a plurality of application statements.
[031]
At step 204 of the method 200, the analyzer module 120 when 10 executed by the one or more hardware processors 102 are configured by the programmed instructions to identify a plurality of classical cryptographic schemes associated with each of the plurality of applications by analyzing each of the plurality of application statements and a plurality of enterprise objectives associated with each of the plurality of applications using an analyzer. The plurality of 15 enterprise objectives includes the execution time, an associated memory space occupied, a computation cost and a communication cost as given in equations (1) through (6).
𝑇𝑜𝑡𝑎𝑙 𝑇𝑖𝑚𝑒 = 𝐶𝑜𝑚𝑚𝑢𝑛𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒 + 𝐸𝑥𝑒𝑐𝑢𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒 + 𝑆𝑒𝑐𝑢𝑟𝑖𝑡𝑦 𝑇𝑖𝑚𝑒…………………..(1) 20
𝐶𝑜𝑚𝑚𝑢𝑛𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒 =𝑑𝑎𝑡𝑎𝐵𝑎𝑛𝑑𝑤𝑖𝑑𝑡ℎ………………………(2)
𝐸𝑥𝑒𝑐𝑢𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒 =𝜂(𝑖𝑛𝑠𝑡𝑟𝑢𝑐𝑡𝑖𝑜𝑛𝑠)𝑝𝑟𝑜𝑐𝑒𝑠𝑠𝑖𝑛𝑔 𝑐𝑎𝑝𝑎𝑐𝑖𝑡𝑦 𝑜𝑓 𝑉𝑀…………………..(3)
𝑆𝑒𝑐𝑢𝑟𝑖𝑡𝑦 𝑇𝑖𝑚𝑒 =𝑑𝑎𝑡𝑎𝑠𝑒𝑐𝑢𝑟𝑖𝑡𝑦 𝑜𝑣𝑒𝑟ℎ𝑒𝑎𝑑 …………………………..(4)
𝐶𝑜𝑚𝑚𝑢𝑛𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑐𝑜𝑠𝑡 = 𝐶𝑜𝑚𝑚𝑢𝑛𝑖𝑐𝑎𝑡𝑖𝑜𝑛 𝑇𝑖𝑚𝑒 ∗ 𝑐𝑜𝑠𝑡 𝑝𝑒𝑟 𝑢𝑛𝑖𝑡 𝑉𝑀…………………(5) 25
𝐶𝑜𝑚𝑝𝑢𝑡𝑎𝑡𝑖𝑜𝑛 𝑐𝑜𝑠𝑡 = 𝑇𝑜𝑡𝑎𝑙 𝑇𝑖𝑚𝑒 ∗ 𝑐𝑜𝑠𝑡 𝑝𝑒𝑟 𝑢𝑛𝑖𝑡 𝑉𝑀………(6)
[032]
For example, the plurality of classical cryptographic schemes includes RSA (Rivest Shamir, Adleman), ECDSA (Elliptic Curve Digital Signature Algorithm), SHA (Secure Hash Algorithm), AES (Advanced Encryption Standard), DES (Data Encryption Standard) and the like, used for the statements for that 30 application. An application statement might involve a RSA call. The operations in
14
RSA are keygen, encrypt, decrypt, (iii) information (if available) on time, memory,
and other requirements for classical schemes used in the application statements.
[033]
At step 206 of the method 200, the category mapper module 122, when executed by the one or more hardware processors 102 is configured by the programmed instructions to identify a plurality of potential classical cryptographic 5 schemes for PQC conversion by mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with a plurality of PQC schemes based on a plurality of application constraints. For example, if the classical scheme is RSA, then category is “public key” and the available PQC options are (Kyber512, Kyber768, Kyber1024). A user/enterprise 10 defined security criteria is considered for each conversion. If the classical scheme is ECDSA then the available PQC options are {Dilithium 2, Dilithium 3, Dilithium 5}. If the classical scheme is SHA, the available PQC options are {SHA 256, SHA 384, SHA 512}.
[034]
The plurality of application constraints includes an algorithm 15 category, an associated security level and a risk value/score. The plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined security level threshold and (ii) the risk value greater than a predefined risk threshold as given in equation (7).
𝑒𝑥𝑝−(𝐴(𝜆𝑆−𝜆𝑃𝑄𝐶)𝑡(𝑆))≥𝑠𝑒𝑐𝑢𝑟𝑖𝑡𝑦 𝑙𝑒𝑣𝑒𝑙 𝑡ℎ𝑟𝑒𝑠ℎ𝑜𝑙𝑑 ……….(7) 20
Where, 𝐴 is mean arrival of attacks per unit time, 𝜆𝑆 is required security for the code statement, 𝜆𝑃𝑄𝐶 is security provided by the PQC scheme and 𝑡(𝑆)is total (execution) time of the code statement. For example, the value of security level threshold is in the range of [0,1]. When the difference between required and provided security is higher, the value on the left side of the equation decreases, 25 resulting in lower chances of satisfying the constraint. This means to ensure higher security, higher security levels are needed.
[035]
The steps for mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with the plurality of PQC schemes based on the algorithm category using the category 30
15
mapper is explained in conjunction with FIG. 3. The method included receiving the
plurality of application statements associated with each of the plurality of applications. Further, a category associated with the plurality of classical schemes corresponding to each of the plurality of application statements are obtained using pattern matching technique. Finally, the plurality of PQC schemes, the associated 5 security level and the associated risk value pertaining to each identified category are obtained based on a plurality of enterprise security requirements, wherein the plurality of enterprise security requirements comprise a mean arrival of attacks per unit time, a required security level of the code statement, a security level provided by the plurality of PQC schemes, a mandatory security threshold and an execution 10 time of the code statement.
[036]
At step 208 of the method 200, the limit setter module 124 when executed by the one or more hardware processors 102 are configured by the programmed instructions to compute a PQC conversion limit for each of the plurality of applications based on the plurality of enterprise objectives using a 15 proportional matching based limit setter.
[037]
The steps for computing the PQC conversion limit for each of the plurality of applications based on the plurality of enterprise objectives using a proportional matching based limit setter is explained in conjunction with FIG. 4. Now referring to FIG. 4, initially, a dataset comprising a plurality of historical 20 applications is received. The plurality of historical applications includes the plurality of classical cryptographic schemes used in those applications, an associated plurality of historical enterprise objectives and a statement size associated with each of a plurality of historical application statements. Further, clustering is performed on the plurality of classical cryptographic schemes 25 associated with the plurality historical applications based on a plurality of cryptographic algorithmic categories (𝐶𝐾) .
[038]
For example, if Category: Public Key, Classical Scheme: RSA, PQC options: {Kyber 512, Kyber 768, Kyber 1024}. Similarly, if Category: Digital Signature, Classical Scheme: ECDSA, PQC options: {Dilithium 2, Dilithium 3, 30 Dilithium 5}. If Category: Hashing, Classical Scheme: SHA, PQC options: {SHA
16
256, SHA 384, SHA 512}
. Further, a plurality of relationship information is extracted for each of a plurality of category clusters. For example, a plurality of relationships between objectives {𝑟.𝑡𝑖𝑚𝑒, 𝑟.𝑚𝑒𝑚,…} and message size related to application statement (B) are obtained. The equations include coefficients for the equations for time {𝐶1𝑡, 𝐶2𝑡,…}, memory {𝐶1𝑚, 𝐶2𝑚,…}, the constants {𝑌𝑡, 𝑌𝑚,…} 5 and error value {∈𝑡,∈𝑚,…}. For example, the relationship information is represented in the form of equations as shown in equation (8) and (9).
𝑟.𝑡𝑖𝑚𝑒= 𝐶1𝑡(𝐵)1+𝐶2𝑡(𝐵)2+⋯+𝐶∅
𝑡(𝐵∅)+𝑌𝑡+ ∈𝑡 … (8)
𝑟.𝑡𝑖𝑚𝑒= 𝐶1𝑚(𝐵)1+𝐶2𝑚(𝐵)2+⋯+𝐶∅𝑚(𝐵∅)+𝑌𝑚+ ∈𝑚 …(9)
[039]
The relationship information is extracted between the plurality of 10 historical enterprise objectives and the associated statement size (B). Finally, the PQC conversion limit for each of the plurality of applications is computed by dividing each of the plurality of relationship information by a sum of the plurality of relationship information associated with the corresponding application as shown in equations (4) and (5). Here, 𝐶(𝑇) is time constraint for application in PQC, 𝐶(𝑀) 15 is memory constraint for an application after PQC conversion. Here, 𝑒.𝑡𝑖𝑚𝑒𝑆𝑐ℎ𝐼 is estimated execution time limit for the statement post PQC conversion and 𝑒.𝑚𝑒𝑚𝑆𝑐ℎ𝐼 is estimated memory limit for the statement post PQC conversion.
𝑒.𝑡𝑖𝑚𝑒𝑆𝑐ℎ𝐼=(𝑟.𝑡𝑖𝑚𝑒𝑆𝑐ℎ𝐼Σ𝑟.𝑡𝑖𝑚𝑒𝑆𝑐ℎ𝐼𝑠𝐼=1)∗𝐶(𝑇) ………………………….(10)
𝑒.𝑚𝑒𝑚𝑆𝑐ℎ𝐼=(𝑟.𝑚𝑒𝑚𝑆𝑐ℎ𝐼Σ𝑟.𝑚𝑒𝑚𝑆𝑐ℎ𝐼𝑠𝐼=
1)∗𝐶(
𝑀)
…………….…………..(11) 20
[040]
At step 210 of the method 200, the PQC allocator module 126 when executed by the one or more hardware processors 102 are configured by the programmed instructions to identify a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the enterprise objectives is less than the computed PQC 25 conversion limit, wherein the plurality of security levels and the plurality of risk values associated with the identified plurality of potential PQC schemes are obtained.
[041]
At step 212 of the method 200, the PQC allocator module 126 when executed by the one or more hardware processors 102 are configured by the 30
17
programmed instructions to
iteratively select a potential PQC scheme from among the plurality of potential PQC schemes based on the plurality of constraints, wherein the plurality of constraints comprises the plurality of enterprise objectives, the security level and the risk value.
[042]
At step 214 of the method 200, the PQC allocator module 126 when 5 executed by the one or more hardware processors 102 are configured by the programmed instructions to obtain an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme.
[043]
At step 216 of the method 200, the PQC allocator module 126 and 10 PQC constraint compliance module 128 when executed by the one or more hardware processors 102 are configured by the programmed instructions to iteratively obtain an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying security level associated with each of the plurality of potential PQC schemes until a predefined security threshold and (ii) by 15 reducing the enterprise objective values until the predefined objective threshold.
[044]
At step 218 of the method 200, the PQC allocator module 126 when executed by the one or more hardware processors 102 are configured by the programmed instructions to update the initial allocation for each of the plurality of applications with plurality of optimal PQC schemes. 20
[045]
The PQC allocator module is explained in conjunction with FIG. 5 and the and the constraint compliance module is explained in conjunction with FIG. 6. Now referring to FIG. 5, each of the plurality of application statements with classical schemes, a PQC option (PQC scheme and security level) is selected from a plurality of PQC schemes which satisfies the predefined security threshold, risk 25 values and results in minimal values of enterprise objectives by a ranking based distance computation method. For example, in case of NIST (National Institute of Standard and Technology) PQC algorithm the different security levels includes 1 to 5.
[046]
where the selection of the most optimal PQC option from a plurality 30 of options filtered based on pre-defined security threshold and risk values is done
18
by evaluating the objective values of each PQC option and constructing an ideal
solution by taking the minimal value of each objective with enterprise defined priorities, and the PQC option which is at minimal distance from the ideal solution is selected. For each application statement from among a plurality of statements and for the selected PQC option, the values of objectives are compared with 5 estimated values of the objectives given by the limit setter such that, for values of the selected PQC option exceeding estimated values for an application statement, another application statement is chosen from among a plurality of statements such that for the second statement, a PQC option has been already selected and the objective values given by the corresponding PQC option (for the second statement) 10 minimally exceeds estimated limits in terms of number of objectives and magnitude thereby changing the selection of PQC option for the second statement with a new PQC option from among a plurality of options in the filtered table (filtered based on pre-defined security threshold and risk values) such that the new PQC option leads to reduction in values for those objectives for which the selected PQC option 15 for the first statement has exceeded corresponding estimated limits while restricting the increase in value of other objectives for the second statement within permitted thresholds.
[047]
Now referring to FIG. 6, for each of the plurality of objectives found to violate its corresponding constraints in the PQC allocation solution, a plurality 20 of allocations is selected from the PQC allocation solution which exceed estimated limits for each of the plurality of objectives whereby, for each of the plurality of such allocations other PQC options belonging to the same PQC scheme is searched and selected from the filtered table (filtered based on predefined security threshold and risk value) such that this PQC option lowers the value of each of the plurality 25 of objectives violating their constraints in the allocation solution, provided that other objectives not violating corresponding constraints in allocation solution do not violate their constraints now and, changing these allocations with the selected PQC schemes till the value of the objectives are reduced/lowered such that constraints are not violated. 30
19
[048]
At step 220 of the method 200, the recommendation module 130 when executed by the one or more hardware processors 102 are configured by the programmed instructions to provide recommendation to each of the plurality of classical cryptographic schemes based on the plurality of optimal PQC schemes using a recommendation system. 5
[049]
Experimentation: Considering three sample applications: spring-crypto-utils-1.3.4, 1.3.5, 1.3.6, shown in Table 1, wherein each application has a format shown in Fig 7. The crypto statements in the application are associated with classical cryptographic schemes like RSA, ECDSA, DES, SHA, MAC, AES. It was assumed that each of the statements has message size between [5 KB, 5 MB]. The 10 instructions associated in the statement lie in the range [5000, 50000] Million Instructions. The processor used to execute these statements are AWS EC2 VM series. The data transfer bandwidth is 0.1 GB/s. These values are obtained based on benchmark data in (Li et al., 2016). All parameters are configurable as the recommender model is highly generalized. 15
[050]
It is assumed in the experiments that each statement in the application requires highest security. Each application in the pipeline is assumed to have a risk score: 𝑅𝑖𝑠𝑘(𝐴𝑖). The risk scores for each application is provided as input to the recommender using the methods mentioned in patent (Application No 202321067239, titled METHODS AND SYSTEMS FOR ESTIMATING RISK 20 OFENTERPRISE APPLICATION FOR QUANTUMCRYPTOGRAPHY MIGRATION, filed on October 6 2023). For all applications in the pipeline, normalized risk scores/values are obtained using equations (12) and (13):
normr(𝐴𝑖)=𝑅𝑖𝑠𝑘(𝐴𝑖)max(𝑅𝑖𝑠𝑘(𝐴𝑖)) ………………………(12)
𝑠𝑒𝑐𝑖= normr(𝐴𝑖) …………………….(13) 25
Explanation: For application with higher risk score, the vulnerability is higher. Hence the required security level threshold is kept higher. The normalized values are substituted as security threshold for the application to be used as filtering PQC security levels for each classical scheme in the application (used in category mapper). For example: Consider three applications in the pipeline (spring-crypto-30 utils-1.3.4, 1.3.5, 1.3.6) shown in Table 1. The number of classical schemes for each
20
application is: RSA (18), ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0).
Table 1
Applications
Risk scores
Normalized values
spring-crypto-utils-1.3.4
1.9
1.0
spring-crypto-utils-1.3.5
0.84
0.42
spring-crypto-utils-1.3.6
1.66
0.87
[051]
In an embodiment, each of the statements in an application is 5 considered to require a minimal security threshold for that application while selecting PQC scheme and security levels. For example, each statement in spring-crypto-utils-1.3.4, spring-crypto-utils-1.3.5, spring-crypto-utils-1.3.6 has minimal security thresholds of 1.0, 0.42, 0.87.
[052]
If there arrive new applications with higher risk scores than spring-10 crypto-utils-1.3.4, then the value of max(𝑅𝑖𝑠𝑘(𝐴𝑖)) changes and this consequently changes the value of normalized scores for the applications in the pipeline. This strategy helps to always select stronger security for the current application with the highest risk score in the pipeline.
[053]
If historic data on the category level usage for each of these 15 applications are available, generalized relationships between objectives and statement size with classical schemes are obtained by equations (8), (9) for each application. Otherwise, equations (1) to (6) can be used to obtain objective values for each statement with classical schemes for each application in the pipeline. Once the objective values for each statements for each application using classical 20 schemes are determined, equations (10), (11) are used to obtain estimated limits on these objectives.
[054]
The results obtained for the above experimentation is explained as follows: Considering any instance of the application spring-crypto-utils. The
21
number of classical schemes for each application is: RSA (18),
ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Mean attack arriving per unit time slot (time slot is generally an hour for VMs) is used to obtain security threshold (equation 7). The value is kept 1. Total execution time for running sample application spring-crypto-utils-1.3.4 with classical schemes is 198 seconds 5 (obtained by equation (1)). The different values of security level threshold are set by application owner as given in Table 2.
Table 2
Input: Security level threshold
Input: Classical Schemes
Output: Recommended PQC Schemes
PQC Total Exec Time (sec), Memory (KB), Comm cost ($), Comp Cost ($)
0.999
RSA, , ECDSA DES, SHA , MAC
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
0.9
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
0.8
RSA, ECDSA , DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
0.7
RSA, ECDSA , DES, SHA, MAC
Kyber 768, Dilithium 5, AES 192, SHA-256, SHA-256
371, 1385.00, 0.15, 19.12
22
0.6
RSA, ECDSA, DES, SHA, MAC
Kyber 768, Dilithium 3, AES 192, SHA-256, SHA-256
309, 1253.37, 0.14, 19.11
0.5
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
0.4
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
0.3
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
0.2
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
0.1
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
[055]
Further, obtaining a deadline for PQC conversion for a given application is analyzed using Table 3. Application name is spring-crypto-utils-1.3.4. Permitted vulnerability (%) = 0. Mean attacks arriving per unit time = 1. The
23
number of classical schemes for each application is
= RSA (18), ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Total execution time with classical schemes = 198s. From the observations given in Table 3, it is observed that the deadline should be at least 400s.
Table 3 5
Input: Deadline (s)
Input: Classical schemes
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S), Memory (KB), Comm cost ($), Comp Cost ($)
200
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
300
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
400
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
500
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
[056]
In an embodiment, the PQC conversion for three applications are compared as shown in Table 4. Application name = spring-crypto-utils-1.3.4,
24
spring
-crypto-utils-1.3.5, spring-crypto-utils-1.3.6. Permitted vulnerability (%) = 0. Mean attacks arriving per unit time = 1. Deadline = 400s. The number of classical schemes for each application is = RSA (18), ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). From Table 4, it was observed that for applications with higher normalized scores in the pipeline, i.e. for applications with higher risk 5 scores, higher security levels are selected which gives higher resource utilization overheads.
Table 4
Input: Applications
Input: Classical schemes
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S) , Memory (KB), Comm cost ($), Comp Cost ($)
spring-crypto-utils-1.3.4
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
spring-crypto-utils-1.3.5
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
spring-crypto-utils-1.3.6
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
[057]
Further, impact of vulnerability in the system is compared using 10 Table 5. Application name: spring-crypto-utils-1.3.4. Deadline = 400s. Mean attacks arriving per unit time = 1. The number of classical schemes for each
25
application is: RSA (18),
ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Total execution time with classical schemes = 198s. Now referring to Table 5, it was observed that the recommender helps to understand relative vulnerability of an application compared to other applications, when lower security levels are selected. 5
Table 5
Input: Permitted Vulnerability (%)
Input: Classical schemes
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S) , Memory (KB), Comm cost ($), Comp Cost ($)
5
RSA, ECDSA, DES, Hash, MAC
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
10
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
20
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
30
RSA, ECDSA, DES, SHA, MAC
Kyber 768, Dilithium 5, AES 192, SHA-256, SHA-256
371, 1385.00, 0.15, 19.12
26
[058]
Further, the impact of vulnerability for different schemes in the application are compared using Table 6. Here, the application name is spring-crypto-utils-1.3.4. Deadline = 400s. Mean attacks arriving per unit time = 1. The number of classical schemes for each application is: RSA (18), ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Total execution time with 5 classical schemes 198s. Now referring to Table 6, it was observed that the permitted vulnerability is between [0, 20] %. For most classical schemes, the highest PQC levels get selected. When permitted vulnerability for some schemes is permitted to some extent, lower security levels are selected, such that overhead is low.
Table 6 10
Input: Classical schemes, Permitted Vulnerability (%)
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S) , Memory (KB), Comm cost ($), Comp Cost ($)
RSA(20), ECDSA(0), DES(0), SHA(0), MAC(0)
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
RSA(20), ECDSA(20), DES(0), SHA(0), MAC(0)
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
RSA(20), ECDSA(20), DES(20), SHA(0), MAC(0)
Kyber 1024, Dilithium 5, AES 192, SHA-512, SHA-512
375, 1500.05, 0.15, 19.12
RSA(20), ECDSA(20), DES(20), SHA(20), MAC(0)
Kyber 1024, Dilithium 5, AES
371, 1385.00, 0.15, 19.12
27
192, SHA-384, SHA-384
RSA(20), ECDSA(20), DES(20), SHA(20), MAC(20)
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
371, 1385.00, 0.15, 19.12
[059]
Further, it was experimented to obtain recommended PQC scheme for an application directly from the conversion result of another application. Here, the application considered is spring-crypto-utils-1.3.4. Deadline = 400s. Mean attacks arriving per unit time = 1. The number of classical schemes for each 5 application is: RSA (18), ECDSA {Sign, Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Total execution time with classical schemes = 198s. Now referring to Table 7, permitted vulnerability of 50% is considered unsafe. But if a new application arrives with normalized score half of that of the spring-crypto-utils-1.3.4, then one can directly use the recommendation of the first row without any 10 computation.
Table 7
Input: Deadline (s), Permitted Vulnerability (%)
Input: Classical schemes
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S) , Memory (KB), Comm cost ($), Comp Cost ($)
(300, 50)
RSA, ECDSA , DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
28
(400, 10)
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
(500, 0)
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-512, SHA-512
391, 1702.17, 0.15, 19.12
[060]
Further, the different values of mean arrival of attack and the PQC recommendation are compared using Table 8. Application name is spring-crypto-utils-1.3.4. Permitted vulnerability (%) = 0. Deadline = 400s. The number of classical schemes for each application is: RSA (18), ECDSA {Sign, Verify} (3), 5 DES (18), SHA (9), MAC (9), AES (0). Now referring to Table 8, it was observed that, when the mean arrival of attacks per unit time increases, higher security levels are recommended with higher overheads.
Table 8
Input: Mean arrival of attacks
Input: Classical schemes
Output: Recommended PQC schemes
Post PQC conversion: Total Execution Time (S), Memory (KB), Comm cost ($), Comp Cost ($)
0
RSA, ECDSA, DES, SHA, MAC
Kyber 512, Dilithium 2, AES 192, SHA-256, SHA-256
269, 892.71, 0.14, 19.11
29
1
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391, 1702.17, 0.15, 19.12
2
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
2.5
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 256, SHA-512, SHA-512
392, 1708.83, 0.15, 19.12
[061]
Furthermore, the performance of processor speed with post PQC conversion execution time is analyzed using Table 9. Application name = spring-crypto-utils-1.3.4. Deadline = 400s. Mean attacks arriving per unit time =1. The number of classical schemes for each application is: RSA (18), ECDSA {Sign, 5 Verify} (3), DES (18), SHA (9), MAC (9), AES (0). Total execution time with classical schemes: 198s. Recommended PQC conversion: Mapping: Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384. Now referring to Table 9, it was observed that, to reduce overhead (like Total Execution Time and increase in overheads like VM memory, communication and computation costs) for 10 applications with highest normalized scores and permitted vulnerability = 0%, one can migrate to higher processing capacity VM.
Table 9
VM types
Processing Capacity (MIPS)
Memory VM (GiB)
Post PQC conversion: Total Execution Time (S) , Memory (KB), Comm cost ($), Comp Cost ($)
30
c3.large
8800
3.75
391, 1702.17, 0.15, 19.12
c3.xlarge
17600
7.5
301, 1708.83, 0.3, 19.26
c3.2xlarge
35200
15
255, 1708.83, 0.6, 19.56
c3.4xlarge
70400
30
233, 1708.83, 1.18, 20.16
c3.8xlarge
140800
60
221, 1708.83, 2.37, 21.34
[062]
The recommendation given by the recommender is given in Table 10. Here, the application considered is spring-crypto-utils-1.3.4. Permitted vulnerability (%) = 0. Mean attacks arriving per unit time = 1. The number of classical schemes for each application is: RSA (18), ECDSA {Sign, Verify} (3), 5 DES (18), SHA (9), MAC (9), AES (0). Total execution time with classical schemes: 198s. Deadline = 500s. The results are obtained for different sets of input values generated randomly in the same data range.
Table 10
Observation
Input: Classical Schemes
Output: Recommended PQC Schemes
Post PQC conversion: Total Execution Time (S), , Memory (KB), Comm cost ($), Comp Cost ($)
Observation 1
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
403.28, 1708.83, 1.16, 21.24
Observation 2
RSA, ECDSA,
Kyber 1024, Dilithium 5, AES
428.34, 1708.83, 1.16, 21.6
31
DES, SHA, MAC
192, SHA-384, SHA-384
Observation 3
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
463.77, 1708.83, 0.13, 18.95
Observation 4
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
437.04, 1708.33, 0.16, 18.6
Observation 5
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
334.35, 1708.83, 0.17, 19.7
Observation 6
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
462.62, 1708.83, 0.19, 18. 88
Observation 7
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
391.00, 1708.83, 0.17, 20.59
Observation 8
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
487.99, 1708.83, 0.17, 17.86
32
Observation 9
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
296.09, 1708.83, 0.14, 16.4
Observation 10
RSA, ECDSA, DES, SHA, MAC
Kyber 1024, Dilithium 5, AES 192, SHA-384, SHA-384
485.18, 1708.83, 0.19, 19.34
[063]
The written description describes the subject matter herein to enable any person skilled in the art to make and use the embodiments. The scope of the subject matter embodiments is defined by the claims and may include other modifications that occur to those skilled in the art. Such other modifications are 5 intended to be within the scope of the claims if they have similar elements that do not differ from the literal language of the claims or if they include equivalent elements with insubstantial differences from the literal language of the claims.
[064]
The embodiments of the present disclosure herein address the unresolved problem of recommending quantum safe cryptographic operations in 10 applications. The present disclosure helps to recommend application code currently using any classical cryptographic algorithms to PQC algorithms. The set of PQC algorithms can be extended in future. The recommender of the present disclosure can decide allocation for new PQC algorithms without the need of separately running such algorithms to understand time, memory, cost requirements. Any new 15 application can be input for PQC recommendation and conversion by estimating the time, memory and cost requirements based on message size. The recommendation using a simultaneous PQC allocation and localized repair approach to keep the time, memory and cost requirements within bounds without extensively checking all allocation combination. The final repair procedure also 20 helps in constraint satisfaction by minimal allocation changes and reducing search time.
33
[065]
It is to be understood that the scope of the protection is extended to such a program and in addition to a computer-readable means having a message therein such computer-readable storage means contain program-code means for implementation of one or more steps of the method when the program runs on a server or mobile device or any suitable programmable device. The hardware device 5 can be any kind of device which can be programmed including e.g., any kind of computer like a server or a personal computer, or the like, or any combination thereof. The device may also include means which could be e.g., hardware means like e.g., an application-specific integrated circuit (ASIC), a field-programmable gate array (FPGA), or a combination of hardware and software means, e.g. an ASIC 10 and an FPGA, or at least one microprocessor and at least one memory with software modules located therein. Thus, the means can include both hardware means, and software means. The method embodiments described herein could be implemented in hardware and software. The device may also include software means. Alternatively, the embodiments may be implemented on different hardware 15 devices, e.g., using a plurality of CPUs, GPUs and edge computing devices.
[066]
The embodiments herein can comprise hardware and software elements. The embodiments that are implemented in software include but are not limited to, firmware, resident software, microcode, etc. The functions performed by various modules described herein may be implemented in other modules or 20 combinations of other modules. For the purposes of this description, a computer-usable or computer readable medium can be any apparatus that can comprise, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device. The illustrated steps are set out to explain the exemplary embodiments shown, and it should be anticipated that 25 ongoing technological development will change the manner in which particular functions are performed. These examples are presented herein for purposes of illustration, and not limitation. Further, the boundaries of the functional building blocks have been arbitrarily defined herein for the convenience of the description. Alternative boundaries can be defined so long as the specified functions and 30 relationships thereof are appropriately performed. Alternatives (including
34
equivalents, extensions, variations, deviations, etc., of those described herein) will
be apparent to persons skilled in the relevant art(s) based on the teachings contained herein. Such alternatives fall within the scope and spirit of the disclosed embodiments. Also, the words “comprising,” “having,” “containing,” and “including,” and other similar forms are intended to be equivalent in meaning and 5 be open ended in that an item or items following any one of these words is not meant to be an exhaustive listing of such item or items or meant to be limited to only the listed item or items. It must also be noted that as used herein and in the appended claims, the singular forms “a,” “an,” and “the” include plural references unless the context clearly dictates otherwise. Furthermore, one or more computer-10 readable storage media may be utilized in implementing embodiments consistent with the present disclosure. A computer-readable storage medium refers to any type of physical memory on which information or data readable by a processor may be stored. Thus, a computer-readable storage medium may store instructions for execution by one or more processors, including instructions for causing the 15 processor(s) to perform steps or stages consistent with the embodiments described herein. The term “computer-readable medium” should be understood to include tangible items and exclude carrier waves and transient signals, i.e. non-transitory. Examples include random access memory (RAM), read-only memory (ROM), volatile memory, nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, 20 disks, and any other known physical storage media.
[067]
It is intended that the disclosure and examples be considered as exemplary only, with a true scope of disclosed embodiments being indicated by the following claims.
WE CLAIM:
1. A processor-implemented method (200), the method comprising:
receiving (202), via one or more hardware processors, an application pipeline for Post Quantum Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion comprises a plurality of application statements;
identifying (204), via the one or more hardware processors, a plurality of classical cryptographic schemes associated with each of the plurality of applications by analyzing an associated plurality of application statements and an associated plurality of enterprise objectives using an analyzer;
identifying (206), via the one or more hardware processors, a plurality of potential classical cryptographic schemes for PQC conversion by mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with a plurality of PQC schemes based on a plurality of application constraints, wherein the plurality of application constraints comprises an algorithm category, an associated security level and a risk value and, wherein the plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined security level threshold and (ii) the risk value greater than a predefined risk threshold;
computing (208), via the one or more hardware processors, a PQC conversion limit for each of the plurality of applications based on the associated plurality of enterprise objectives using a proportional matching based limit setter;
identifying (210), via the one or more hardware processors, a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the associated plurality of enterprise objectives is less than the computed PQC conversion limit, wherein a plurality of security levels and a plurality of risk

values associated with the identified plurality of potential PQC schemes are obtained;
iteratively selecting (212), via the one or more hardware processors, a potential PQC scheme from among the plurality of potential PQC schemes based on a plurality of constraints, wherein the plurality of constraints comprises the associated plurality of enterprise objectives, the security level and the risk value;
obtaining (214), via the one or more hardware processors, an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme;
iteratively obtaining (216), via the one or more hardware processors, an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying the security level associated with each of the plurality of potential PQC schemes until the predefined security level threshold and (ii) by reducing enterprise objective values until the predefined objective threshold;
updating (218), via the one or more hardware processors, the initial allocation for each of the plurality of applications with plurality of optimal PQC schemes; and
providing recommendation (220), via the one or more hardware processors, as an alternative to each of the plurality of classical cryptographic schemes based on the plurality of optimal PQC schemes using a recommendation system.
2. The method as claimed in claim 1, wherein the plurality of enterprise objectives comprises an execution time, an associated memory space occupied, a computation cost and a communication cost.
3. The method as claimed in claim 1, wherein the application related parameters comprises a statement size associated with each of the plurality of application statements and the plurality of classical cryptographic schemes.

4. The method as claimed in claim 1, wherein the steps for mapping the
plurality of classical cryptographic schemes associated with each of the
plurality of application statements with the plurality of PQC schemes based
on the algorithm category using a category mapper comprises:
receiving the plurality of application statements associated with each of the plurality of applications;
identifying a category associated with each of the plurality of classical cryptographic schemes corresponding to each of the plurality of application statements using pattern matching; and
obtaining the plurality of PQC schemes, an associated security level and an associated risk value pertaining to each identified category based on a plurality of enterprise security requirements, wherein the plurality of enterprise security requirements comprise a mean arrival of attacks per unit time, a required security level of the code statement, a security level provided by the plurality of PQC schemes, a mandatory security threshold and an execution time of the code statement.
5. The method as claimed in claim 1, wherein the steps for computing the PQC
conversion limit for each of the plurality of applications based on the
plurality of enterprise objectives using a proportional matching based limit
setter comprises:
receiving a dataset comprising a plurality of historical applications, wherein each of the plurality historical applications comprises the plurality of classical cryptographic schemes, an associated plurality of historical enterprise objectives and a statement size associated with each of a plurality of historical application statements;
clustering the plurality of classical cryptographic schemes associated with the plurality historical applications based on a plurality of cryptographic algorithmic categories;
extracting a plurality of relationship information for each of a plurality of category clusters, wherein the relationship information is

extracted between the plurality of historical enterprise objectives and the associated statement size; and
computing the PQC conversion limit for each of the plurality of applications by dividing each of the plurality of relationship information by a sum of the plurality of relationship information associated with the corresponding application. 6. A system (100) comprising:
at least one memory (104) storing programmed instructions; one or more Input /Output (I/O) interfaces (112); and one or more hardware processors (102) operatively coupled to the at least one memory (104), wherein the one or more hardware processors (102) are configured by the programmed instructions to:
receive an application pipeline for Post Quantum Cryptography (PQC) conversion, wherein each of a plurality of applications associated with the application pipeline for PQC conversion comprises a plurality of application statements;
identify a plurality of classical cryptographic schemes associated with each of the plurality of applications by analyzing an associated plurality of application statements and an associated plurality of enterprise objectives using an analyzer;
identify a plurality of potential classical cryptographic schemes for PQC conversion by mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with a plurality of PQC schemes based on a plurality of application constraints, wherein the plurality of application constraints comprises an algorithm category, an associated security level and a risk value and, wherein the plurality of PQC schemes having similar algorithm category are selected only if (i) the associated security level is greater than a predefined security level threshold and (ii) the risk value greater than a predefined risk threshold;

compute a PQC conversion limit for each of the plurality of applications based on the associated plurality of enterprise objectives using a proportional matching based limit setter;
identify a plurality of potential PQC schemes from among the plurality of PQC schemes based on a plurality of application related parameters only if the associated plurality of enterprise objectives is less than the computed PQC conversion limit, wherein a plurality of security levels and a plurality of risk values associated with the identified plurality of potential PQC schemes are obtained;
iteratively select a potential PQC scheme from among the plurality of potential PQC schemes based on a plurality of constraints, wherein the plurality of constraints comprises the associated plurality of enterprise objectives, the security level and the risk value;
obtain an initial allocation for each of the plurality of applications by allocating each of the plurality of classical cryptographic schemes with the selected potential PQC scheme;
iteratively obtain an optimal PQC scheme for each of the plurality of classical cryptographic schemes by (i) varying the security level associated with each of the plurality of potential PQC schemes until the predefined security level threshold and (ii) by reducing enterprise objective values until the predefined objective threshold;
update the initial allocation for each of the plurality of applications with plurality of optimal PQC schemes; and
provide recommendation, as an alternative to each of the plurality of classical cryptographic schemes based on the plurality of optimal PQC schemes using a recommendation system. 7. The system of claim 6, wherein the plurality of enterprise objectives comprises an execution time, an associated memory space occupied, a computation cost and a communication cost.

8. The system of claim 6, wherein the application related parameters comprises a statement size associated with each of the plurality of application statements and the plurality of classical cryptographic schemes.
9. The system of claim 6, wherein the steps for mapping the plurality of classical cryptographic schemes associated with each of the plurality of application statements with the plurality of PQC schemes based on the algorithm category using a category mapper comprises:
receiving the plurality of application statements associated with each of the plurality of applications;
identifying a category associated with each of the plurality of classical cryptographic schemes corresponding to each of the plurality of application statements using pattern matching; and
obtaining the plurality of PQC schemes, an associated security level and an associated risk value pertaining to each identified category based on a plurality of enterprise security requirements, wherein the plurality of enterprise security requirements comprise a mean arrival of attacks per unit time, a required security level of the code statement, a security level provided by the plurality of PQC schemes, a mandatory security threshold and an execution time of the code statement.
10. The system of claim 6, wherein the steps for computing the PQC conversion
limit for each of the plurality of applications based on the plurality of
enterprise objectives using a proportional matching based limit setter
comprises:
receiving a dataset comprising a plurality of historical applications, wherein each of the plurality historical applications comprises the plurality of classical cryptographic schemes, an associated plurality of historical enterprise objectives and a statement size associated with each of a plurality of historical application statements;
clustering the plurality of classical cryptographic schemes associated with the plurality historical applications based on a plurality of cryptographic algorithmic categories;

extracting a plurality of relationship information for each of a plurality of category clusters, wherein the relationship information is extracted between the plurality of historical enterprise objectives and the associated statement size; and
computing the PQC conversion limit for each of the plurality of applications by dividing each of the plurality of relationship information by a sum of the plurality of relationship information associated with the corresponding application.