Cryptography is fundamental to Dutch society. Our highly digitalised society is dependent on the availability, integrity and confidentiality that cryptography can offer. Moreover, cryptography plays a key role in the strategic autonomy of the Netherlands. There are three aspects that are important to the practical implementation of cryptography resulting in a cryptographic end-product: (1) the underlying mathematics; (2) implementation of the software and hardware; and (3) embedding the end-product in the organisation. In practice, a cryptographic end-product is an all-in package of mathematics, software and hardware. All these specialist disciplines are links in the cryptography value chain. Mathematics makes a distinction between two types of cryptography: unilateral, where two parties exchange information while keeping it secret from a third party, and multilateral, where multiple parties carry out calculations while keeping information secret from each other. Furthermore, without good implementation of the cryptographic protocol in both software and hardware, secure use of cryptography is impossible. Good implementation involves meeting many requirements—the problem is that they are sometimes contradictory. Ultimately, what matters is the correct embedding in the organisation and therefore the correct use of the cryptographic end-product. Certification can offer aids for the deployment of the right product at the right security level, but this means the cryptographic end-product has to be controllable. There are many different cryptographic end-products, each with its own functionality. We categorise them in terms of data at rest, data in use and data in transit. The Netherlands mainly uses two well-known cryptographic end-product taxonomies: that of the Nationaal Bureau voor Verbindingsbeveiliging (Netherlands National Communications Security Agency – NBV) and that of the Common Criteria. This survey compares these two lists by linking them with the three identified data categories. It becomes apparent that not all product categories under the Common Criteria are covered by NBV-assessed products. The important point is that existing cryptographic end-products do not always keep pace with the development and acceptance of new digital technology. The product categories that are not served represent gaps where there is insufficient coverage. The cryptography landscape in the Netherlands is constantly evolving. The Netherlands holds a strong lead and has many pioneering scientists of international renown. A number of Dutch medium-sized enterprises supply cryptographic end-products. In the Common Criteria taxonomy it can be noticed that products approved for use in the Netherlands are predominantly supplied by foreign companies. New developments are constantly changing the backdrop in cryptography. At present, we discern four developments in the field of cryptography that we think are going to pose the greatest threat and offer the greatest opportunities over the next few years (see Figure).

TNO

Meijaard, Y., van Heesch, M., Cramer, R., & Groenland, J. (2021, May). Netherlands Cryptolands;
Starting point of the crypto-communications roadmap: an overview of 4 important developments in cryptography.