Over the years, the Information System Authority has ordered a number of different reports on the life cycle of cryptographic algorithms in order to facilitate the development of Estonian IT solutions and replace the current cryptographic algorithms with new and more secure ones over time.
-
Show Hide By the order of the Information System Authority (RIA), Cybernetica researchers have prepared a fresh overview of the current state of cryptographic tools.
The research report belongs to the same series as previous reports that were prepared in 2011-2021. Regular research has grown out of the need to have an overview of cryptographic tools and the security level of their use. This time, great emphasis has been placed on quantum computer-proof cryptography and the current status of its deployment.
The study is necessary for the safe development of information systems in daily use.
The study is in Estonian and can be read here:
- Krüptoalgoritmid ning nende tugi teekides ja infosüsteemides (pdf, 1360.652 KB).
-
Show Hide In 2021, the National Information System Agency ordered a study from the researchers of AS Cybernetica, the purpose of which is to provide an overview of the current status and good practice of using cryptographic tools. This time, we will pay more attention to various common cryptographic protocols and the most important circumstances of their use. We also describe common cryptographic libraries and support for cryptographic tools on common development platforms.
The report focuses of the following main topics:
In Section 2, we look at cryptographic primitives, their strength, and recommended key lengths.
In Section 3, we look at transport protocols.
In Section 4, we look at the most common formats and describe how the formats are affected by changes in crypto primitives.
In Section 5, we describe the most common authentication and delegation protocols.
In section 6, we describe the current situation of free cryptographic libraries, including from the point of view of the most popular development and operating environments that have emerged recently.The report is in Estonian and can be viewed here:
- Krüptoalgoritmid ning nende tugi teekides ja infosüsteemides (pdf, 710.72 KB).
-
Show Hide At the end of 2018, the Estonian Information System Authority ordered the researchers of AS Cybernetica to conduct a post-quantum cryptography review, which provides a brief overview of quantum computers by comparing them with classical (traditional) computers and explains why crypto algorithms based on ellipt curves and RSA are refractible with quantum computers. It also provides an overview of the current state of post-quantum cryptography.
The report is in Estonian and can be viewed here:
- Postkvant-krüptograafia ülevaade (pdf, 245.94 KB).
-
Show Hide At the end of 2017, the Information System Authority ordered a Cryptographic Algorithms Lifecycle Report from AS Cybernetica which focuses on three main subjects:
- the current status of cryptographic algorithms
- a description of an ID-card incident
- an overview of blockchains as cryptographic applications
“This report is a necessary tool for us,” commented Taimar Peterkop, Head of RIA, “helping us map the situation and choose important directions for ensuring cybersecurity as well as promoting the field of eID.”
The report is in Estonian and can be viewed here:
- Krüptograafiliste algoritmide elutsükli uuring (pdf, 246 KB).
-
Show Hide In the 2016 report, we give an overview of the main types of exposure and discovered errors of the applications using cryptography published within a year, the opportunities and costs of breaking RSA, the security situation of hash functions, the possibility of cloud computing in the context of different dependency models, post-quantum cryptography as well as the security of the solutions used daily for identifying and authorising persons.
The report also contains a thorough overview of quantum computers and the possibility of their use in breaking cryptography.
The report is in English and can be viewed here:
- Cryptographic Algorithms Lifecycle Report (PDF, 1.02 MB)
-
Show Hide “Cryptography is gradually eroding according to the growth of computing capacity,” said Toomas Vaks, Deputy Director General of RIA Cyber Security. “We must all abandon up to 1024-bit keys in the event of RSA and cryptosystems based on discreet logarithm. Within the next five years, 2048-bit keys and, in the medium term, at least 3072-bit keys are suitable for use.”
The report is in Estonian and can be viewed here:
- Krüptograafiliste algoritmide uuring_2015 (PDF, 616KB)
The report was conducted by Cybernetica AS and ordered by the Information System Authority (RIA).
This version has more than 10 authors and 109 source references.
-
Show Hide The report gives many recommendations and instructions on how to prevent possible cryptography-related weaknesses in public authorities as well as in the private sector based on scientific literature and international reports.
The report contains specific recommendations on which widely used algorithms to trust in the coming years and which should be avoided. In five years the cryptographic methods TDEA/3DES and in two years SHA-1 and RSA-1024 methods must be renewed. For example, the keys of RSA-1024 and 3DES are still used in some personal identification documents (ID-cards, digi-ID and mobile-ID issued before 2011).
Due to the weakening of SHA-1, RIA has set a goal to promote the implementation of the digital signature in BDOC format during 2014 and give up using DDOC digital signatures in ID-card basic software within 2015. Unlike DDOC format, BDOC format supports using stronger SHA-2 family hashes.
The report has been prepared in Estonian and can be viewed here:
The report was written in 2013 with a five year horizon.
The report was conducted by Cybernetica AS and ordered by the Information System Authority (RIA).
-
Show Hide he report presents recommendations for using cryptographic methods in ensuring security of information systems. The results of the report are aimed at software architects, IT auditors and other technical specialists, who participate in creating new information systems and organising information security.
The report includes symmetric and asymmetric encryption algorithms and hash function algorithms, and gives recommendations for the use, use times, parameters as well as use restrictions of various algorithms. The report also contains an analysis of the effect of changing algorithms to web servers, public key infrastructure and major information systems. The report recommends using verifiably secure protocols.
The report has been prepared in Estonian and can be viewed here:
The report was written in 2011 with a five year horizon.
The report was ordered by the Information System Authority in cooperation with the Ministry of Economic Affairs and Communications and was conducted by AS Cybernetica.
The report was financed by the European Regional Development Fund under EU structural funds support scheme “Raising Public Awareness of the Information Society”.