SandboxAQ Unveils Sandwich, An Open-Source Meta-Library Of Cryptographic Algorithms

Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

SandboxAQ, an AI-driven quantum technology platform, has unveiled “Sandwich,” an open-source framework that aims to reshape contemporary cryptography management. As per the company, the platform intends to propel organizations toward cryptographic agility. 

It furnishes developers with a unified API, enabling the integration of chosen cryptographic algorithms into applications. According to SandboxAQ, this agility permits adaptation to evolving technologies and threats and mitigates the necessity for code rewrites.

Moreover, Sandwich empowers developers with heightened observability and control over cryptographic operations, fortifying overall cybersecurity protocols. 

“The traditional way of managing cryptography has not kept pace with the demands of new technology stacks and agile development practices,” Graham Steel, head of product at SandboxAQ’s quantum security group, told VentureBeat. “Compounding this is the need for greater cryptographic agility to help protect organizations against current and future threats posed by quantum computers. Our API helps make it easy for developers to avoid the mistakes typically made when manipulating cryptography at a low level, and allows audit teams to rapidly verify that cryptography is used according to policy.”


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.

Register Now

Crypto-agile architecture

Steel underscored the fact that Sandwich’s abstraction of cryptography from application code engenders a crypto-agile architecture, enabling developers to fluidly update and replace algorithms as needed. The API facilitates cryptography layer updates, ensuring application integrity without the apprehension of disruptions or supplemental coding demands.

The framework incorporates libOQS, streamlining access to novel post-quantum cryptography (PQC) algorithms devised by The National Institute of Standards and Technology (NIST). 

Additionally, it supports multiple languages (C/C++, Rust, Python, and Go) and operating systems (MacOS, Linux), providing developers with the flexibility to work in their preferred environment and easily access several popular cryptographic libraries (OpenSSL, BoringSSL), including new post-quantum cryptography (PQC) algorithms from NIST.

“By supporting multiple languages, operating systems and cryptographic libraries, we aim to make it easier for developers to securely implement cryptography into their applications while giving them the flexibility to work in their preferred coding environment,” Steel told VentureBeat. “Cryptographic libraries only offer predefined functions and typically lack flexibility or customization options. Sandwich creates an abstract layer between these libraries and the developer’s preferred programming environment, managed by the Sandwich API.”

Streamlining cryptographic security and management

Steel asserts that Sandwich expedites the implementation of application-based cryptography by embracing modern DevOps practices. The framework offers industry-standard protocols, simplifying the adoption and integration of proven cryptographic methods into applications. These methods are available at runtime as cohesive cryptographic objects referred to as “sandwiches.”

As per the company, the framework facilitates a three-step process, streamlining “sandwich” creation and reducing implementation complexity. Developers select the desired protocol (TLS 1.3) and the preferred implementation (OpenSSL+libOQS). Sandwich then constructs these components into a Sandwich object, establishing a secure tunnel that interfaces with the application via the Sandwich API.

“Our API helps ensure that the application’s cryptography is implemented correctly and securely, checking newly updated cryptography for configuration errors, performance issues, and vulnerabilities,” Steel told VentureBeat. “It also facilitates crypto-agility by enabling developers to quickly swap out cryptographic libraries as technologies and threats evolve, without having to re-write any code.”

Programming flexibility

Steel explained that the framework’s abstraction provides programming flexibility and safeguards developers from the intricacies of cryptographic library utilization. Once integrated, the Sandwich framework empowers developers to swiftly and effortlessly update their cryptography through the API, eliminating the need for code rewrites. 

He asserts that this approach expedites the transition of applications to production, eliminating bottlenecks in cryptography management.

“Crypto-agility will become a necessity with the emergence of fault-tolerant quantum computers, which will require the adoption of PQC algorithms,” he added. “With Sandwich, developers can take a self-serve approach to implementing cryptography without direct input from cryptographers or other security experts. We aim to enable developers to quickly swap out cryptographic libraries as technologies and threats evolve — without having to re-write any code and help ensure that the application’s cryptography is implemented correctly and securely, checking newly updated cryptography for configuration errors, performance issues, and vulnerabilities.”

Steel claims that Quantum computers’ ability to break public-key encryption will necessitate a global shift to NIST’s new post-quantum cryptography (PQC) algorithms to protect sensitive personal, business and government data. 

Extended access to PQC algorithms

Steel emphasized that incorporating the libOQS library into Sandwich extends developers’ effortless access to NIST’s PQC algorithms. This facilitates experimentation with the integration of cutting-edge cryptographic techniques at the application level, enabling the identification of the optimal balance between security and performance.

“Fully transitioning an organization to PQC and implementing crypto-agility could take years, depending on the size and complexity of the organization’s IT infrastructure,” said Steel. “However, by building crypto-agility directly into their applications, organizations can get a head-start on their PQC transition and strengthen this key element of their overall cybersecurity posture.”

SandboxAQ also announced that it has launched its Security Suite, which handles the discovery and remediation of cryptographic vulnerabilities through crypto-agile encryption management. 

Faster, easier transition to PQC

The company claims that a broad range of U.S. government agencies and enterprises are already using Security Suite — including the U.S. Air Force, the Defense Information Systems Agency (DISA), the U.S. Department of Health and Human Services, SoftBank, Vodafone, Cloudera, Informatica and several other global banks and telecommunication providers.  

SandboxAQ also highlighted its internal use of the Sandwich library across multiple dimensions, catalyzing research and development efforts while infusing crypto-agility into its products.

“Our framework makes it easy for organizations to swap cryptographic elements, and the API ensures that they’re not overlooking any crucial steps that would make their applications — and their organization — more vulnerable to cyber-attacks,” Steel told VentureBeat. “By embedding a crypto-agile architecture into their applications, developers can help make their organization’s overall transition to PQC easier and faster.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.