APIs enable developers to embed post-quantum cryptography (PQC) directly into applications and swap cryptographic algorithms and libraries without rewriting code
PALO ALTO, Calif., August 8, 2023 — SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. With an intuitive, unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and to change them as technologies and threats evolve – without rewriting code.
Sandwich enables developers to create their own stack, or “sandwich,” of protocols and implementations that becomes available as a cohesive cryptographic object. It supports multiple languages (C/C++, Rust, Python and Go), operating systems (MacOS, Linux), and cryptographic libraries (OpenSSL, BoringSSL and libOQS), with future additions planned based on feedback from the open source and cybersecurity communities.
“Modern cryptography management and cryptographic agility are essential for organizations of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s security group. “With Sandwich, we’re empowering developers to experiment with different types of cryptography – including the new post-quantum cryptography algorithms soon to be standardized by NIST – so they can achieve the right balance of security and performance.”
“All enterprises need to have more observability and control over how encryption is managed across their systems, and ensuring that all applications leverage the best possible cryptography is a key aspect of improving cybersecurity posture,” said Nadia Carlsten, Vice President of Product at SandboxAQ. “Sandwich provides developers with an easy set of tools to integrate the latest cryptography standards to reduce the number of vulnerable applications that security-minded organizations have to worry about.”
“Properly implementing cryptography is challenging for developer teams of any size and skill, requiring significant time and effort for design, implementation, and testing. This will only be exacerbated by the need to transition to new PQC standards,” said Taher Elgamal, developer of the Elgamal encryption protocol, partner at Evolution Equity Partners and a SandboxAQ advisor. “With Sandwich, SandboxAQ has created an elegant solution that enables developers to easily implement cryptography and cryptographic agility into their applications.”
Sandwich empowers developers to create their own “sandwich” of protocols and implementations, making them available at runtime as a cohesive Sandwich object. It also lets users change configurations without breaking their applications or having to re-compile code. This provides a much simpler process to create a cryptographic object, such as a secure tunnel, and helps organizations implement crypto-agility. Additionally, Sandwich’s high-level API helps to make it easy for developers to avoid the mistakes typically made when manipulating cryptography at a low level, and allows audit teams to rapidly verify that cryptography is used according to policy.
The libOQS library that is included in Sandwich gives easy access to new post-quantum cryptography (PQC) algorithms from NIST, which will be critical to protect government entities and corporations against threats posed by quantum computers. By supporting multiple languages and cryptography libraries, Sandwich makes it easy for developers to use cryptography securely in the most popular programming languages, and its simple API allows for easy integration.
Future iterations will enable the creation of multi-layered, stacked sandwiches with broader functions, such as providing access to cryptography at different abstraction levels. Other planned features will allow users to create smaller sandwiches to access fundamental cryptographic primitives, or larger sandwiches to access functionalities like authentication, virtual private networks (VPNs), or key management services (KMS).
SandboxAQ recently launched its Security Suite which handles discovery and remediation of encryption vulnerabilities. A broad range of U.S. government agencies and enterprises are already using the SandboxAQ Security Suite, which can be adopted incrementally, providing immediate benefits without the need for a long ramp-up. Customers include the U.S. Air Force, the Defense Information Systems Agency (DISA), the U.S. Department of Health & Human Services, SoftBank, Vodafone, Cloudera, Informatica, and other global banks and telecommunication providers.
To access Sandwich and review the documentation, visit the SandboxAQ GitHub repository. For additional information visit our website at https://www.sandboxaq.com/solutions/sandwich. For inquiries about Sandwich please email email@example.com.
SandboxAQ is an enterprise SaaS company, providing solutions at the nexus of AI and Quantum technology (AQ) to address some of the world's greatest challenges. The company's core team and inspiration formed at Alphabet Inc., emerging as an independent, growth-capital-backed company in 2022. SandboxAQ is backed by T. Rowe Price, Eric Schmidt (chairman of SandboxAQ), Breyer Capital, Guggenheim Partners, Marc Benioff, Thomas Tull, Paladin Capital Group, and other leading investors. For more information, visit https://www.sandboxaq.com.