GlobalPlatform Latest Cryptographic Algorithm Recommendations Released!

With the rapid advancement of quantum computing technology, classical cryptographic systems are facing unprecedented security challenges. In January 2025, the international standards organization GlobalPlatform officially released Cryptographic Algorithm Recommendations Version 2.0.4, providing authoritative technical guidance for smart cards, secure elements (SE), and trusted execution environments (TEE). As a technology enterprise deeply committed to security solutions, Watchdata consistently keeps pace with international standards and integrates the latest research outcomes to offer scientifically based post-quantum migration solutions to our clients. This article provides an in-depth interpretation of the core contents of the new recommendations and discusses their significant implications for industry-wide security upgrades.

1. Graded Management of Classical Cryptographic Algorithms

To facilitate a smooth transition within the industry, the new recommendations classify cryptographic algorithms into three recommendation levels:

– Deprecated

Algorithms that no longer meet current security requirements and must be immediately phased out; products already on the market require specific care.

– Legacy  

Certain classical algorithms (for example, RSA 2048) may continue to be used until 2030 due to widespread use and compatibility reasons, but they must be upgraded to higher security levels as soon as possible.

– Recommended

Algorithms that must be adopted in any new standard, offering higher security and suitable for all new product developments; these algorithms provide a security level of at least 128 bits.

This grading strategy not only ensures a smooth transition for existing systems but also provides a clear roadmap for future security upgrades. The recommendations meticulously illustrate the recommendation level of cryptographic algorithms across multiple aspects—including block ciphers, operation modes, authenticated encryption with associated data, hash functions, MAC functions, asymmetric mechanisms, and protocols—thereby guiding enterprises on their upgrade paths. For example, algorithms such as 3DES and SHA-224 are classified as Deprecated due to insufficient security, while operational modes such as CBC, CTR, and XTS (based on AES) are explicitly recommended. In terms of asymmetric algorithms, a hybrid use of classical and PQC algorithms is required; ECC is advised to use parameters of 256 bits or more, and RSA is required to have key lengths of at least 3000 bits to ensure overall security, although RSA 2048 is still maintained as a legacy option.

It is noteworthy that, during the post-quantum migration process, a conservative approach suggests doubling the key lengths for symmetric ciphers and digest length for hash functions (for example, upgrading from AES-128 to AES-256 and from SHA-256 to SHA-512). However, most experts believe that although the Grover algorithm could theoretically attack block ciphers and hash functions, it offers little significant advantage in practical applications. Therefore, 128-bit secure symmetric algorithms can still be used, but technological advancements should be continuously monitored.

2. Requirements for Post-Quantum Cryptographic Algorithms

The rise of quantum computing poses a significant challenge to classical asymmetric algorithms, and security agencies around the world have emphasized the importance of post-quantum cryptography (PQC). The new recommendations clearly state that when adopting PQC algorithms, parameters with at least NIST Level 3 security (or higher) must be used. Although, in theory, NIST Levels 1 and 2 meet the 128-bit security requirement, their relative immaturity has led experts to advocate for higher standards to ensure long-term security. Moreover, as PQC technology gradually matures, future revisions of the recommendations may adjust the recommendation levels for PQC algorithms, but for now, a higher security level remains imperative.

3. Hybrid Construction: Achieving Transition and Upgrade

To ensure a smooth transition to quantum-safe security, the recommendations emphasize adopting hybrid modes in asymmetric mechanisms—that is, combining classical algorithms with PQC algorithms—to balance current security needs with future resistance to quantum attacks. Specifically:

– Hybrid Signatures  

By concatenating classical digital signatures with post-quantum signatures and validating them together, dual-layer security is achieved.

– Hybrid Key Exchange

This includes two modes:  

• CatKDF: First, the shared secrets from all parties are concatenated, then a key derivation function (KDF) is used to generate the final key.  

• CasKDF: KDF is executed serially, with the result of the previous round re-injected into the next computation to generate the final key.

This hybrid strategy leverages the stability of mature technologies while laying the groundwork for the eventual full adoption of quantum-resistant algorithms. The recommendations also note that it is still unclear if hybrid modes could be a long-term recommendation.

4. Key Details: Overall Security is Determined by the Weakest Link

The recommendations particularly emphasize that the overall security strength of a cryptographic scheme is determined by the weakest component among its parts. This includes:

– Alignment of Symmetric Cipher Operation Modes 

When using a specific operation mode for symmetric ciphers, the recommendation levels for all components must be consistent; the overall security level is determined by the lowest-rated component.

– Alignment of Multi-Primitive Combinations 

For schemes that employ multiple cryptographic primitives (such as MACs), the overall security is likewise constrained by the weakest primitive.

This principle serves as a reminder to developers that designing a secure cryptographic scheme requires not only focusing on the security of individual algorithms but also ensuring proper coordination and compatibility among all components, so that a weak link does not undermine the overall protection.

Conclusion

The new GlobalPlatform recommendations provide a scientific basis for the selection of cryptographic algorithms and chart a clear direction for the industry as it confronts the challenges of the quantum era. Through the graded management of classical cryptographic algorithms, the adoption of post-quantum cryptography, and the implementation of hybrid modes, these guidelines offer robust support for security upgrades in smart cards, secure elements, and trusted execution environments. We believe that only through continuous innovation and improvement in security technology can we remain competitive in the fiercely contested realm of digital security and build an impregnable defense for all industries. As a pioneer in the field of security, Watchdata remains committed to leveraging technological foresight and delivering customer value, continually pushing the boundaries of innovation to fortify information security in the digital age.