America's National Security Agency has published an FAQ about quantum cryptography, saying it does not know "when or even if" a quantum computer will ever exist to "exploit" public-key cryptography.
In the document, titled Quantum Computing and Post-Quantum Cryptography, the NSA said it "has to produce requirements today for systems that will be used for many decades in the future." With that in mind, the agency came up with some predictions [PDF] for the near future of quantum computing and their impact on encryption.
Is the NSA worried about the threat posed by a "cryptographically relevant quantum computer" (CRQC)? Apparently not too much.
"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist," it stated, which sounds fairly conclusive though in 2014 the agency splurged $80m looking for a quantum computer that could smash current encryption in a program titled Owning the Net, so the candor of the paper's statements is perhaps open to debate.
What the super-surveillance agency seems to be saying is that it's not a given that a CRQC capable of breaking today's public-key algorithms will ever emerge, though it wouldn't be a bad idea to consider coming up with and using new techniques that could defeat a future CRQC, should one be built.
It's almost like the NSA is dropping a not-so-subtle hint, though why it would is debatable. If it has a CRQC, or is on the path to one, it might want to warn allies, vendors, and citizens to think about using quantum-resistant technologies in case bad people develop a CRQC too. But why would the spies tip their hand so? It's all very curious.
Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems
Eric Trexler, VP of global governments at security shop Forcepoint, told The Register: "Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems. This includes public-key asymmetric cryptography, one of the two different types of cryptosystems in use today."
Public-key cryptography is what the world relies on for strong encryption, such as TLS and SSL that underpin the HTTPS standard used to help protect your browser data from third-party snooping.
In the NSA's summary, a CRQC should one ever exist "would be capable of undermining the widely deployed public key algorithms used for asymmetric key exchanges and digital signatures" and what a relief it is that no one has one of these machines yet. The post-quantum encryption industry has long sought to portray itself as an immediate threat to today's encryption, as El Reg detailed in 2019.
"The current widely used cryptography and hashing algorithms are based on certain mathematical calculations taking an impractical amount of time to solve," explained Martin Lee, a technical lead at Cisco's Talos infosec arm. "With the advent of quantum computers, we risk that these calculations will become easy to perform, and that our cryptographic software will no longer protect systems."
Given that nations and labs are working toward building crypto-busting quantum computers, the NSA said it was working on "quantum-resistant public key" algorithms for private suppliers to the US government to use, having had its Post-Quantum Standardization Effort running since 2016. However, the agency said there are no such algos that commercial vendors should adopt right now, "with the exception of stateful hash signatures for firmware."
Smart cookies will be glad to hear that the NSA considers AES-256 and SHA-384 "safe against attack by a large quantum computer."
Jason Soroko, CTO of Sectigo, a vendor that advertises "quantum safe cryptography" said the NSA report wasn't conclusive proof that current encryption algos were safe from innovation.
"Quantum computers alone do not crack public key cryptography," he said, adding that such a beast would need to execute an implementation of Shors algorithm. That algo was first described in 1994 by an MIT maths professor and allows for the calculation of prime factors of very large numbers; a vital step towards speeding up the decryption of the product of current encryption algorithms.
"Work on quantum resistant cryptographic algorithms is pushing forward based on the risk that Universal quantum computers will eventually have enough stable qubits to eventually implement Shors algorithm," continued Soroko. "I think its important to assume that innovation in both math and engineering will potentially surprise us."
While advances in cryptography are of more than merely academic interest to the infosec world, there is always the point that security (and data) breaches occur because of primarily human factors. Ransomware, currently the largest threat to enterprises, typically spreads because someone's forgotten to patch or decommission a machine on a corporate network or because somebody opens an attachment from a malicious email.
Or there's the old joke about rubber hose cryptanalysis, referring to beating the passwords out of a captured sysadmin.
Talos' Lee concluded: In a world where users will divulge their passwords in return for chocolate or in response to an enticing phishing email, the risk of quantum computers might not be our biggest threat.
- Opportune moment for indigenous development of 5G NSA & SA by C-DOT: Prakash - United News of India - September 5th, 2021
- A Softening Economy Will Be Buffeted By Stimulus Withdrawal And Delta-Variant Surge - Forbes - September 5th, 2021
- Actions of IT giants pave the way for states to monopolize data Snowden - TASS - September 5th, 2021
- Microsoft's Azure Government Top Secret Cloud: All you need to know - TechHQ - September 5th, 2021
- The Scandalous History of the Last Rotor Cipher Machine - IEEE Spectrum - September 5th, 2021
- The NSA Does Not Deny Reading Tucker Carlsons Emails - July 12th, 2021
- Home, but Not Free: NSA Whistleblower Reality Winner Adjusts to Her Release From Prison - The Intercept - July 12th, 2021
- Congress newest subcommittee is focusing on cyber troops and JEDI - Federal News Network - February 11th, 2021
- End the war on whistleblowers - The Week - February 11th, 2021
- NSA Warned Russia to Stay Out Of 2020 Election And Got SolarWinds Hack Instead - NPR - February 1st, 2021
- Biden administration will build on the Quad: NSA Jake Sullivan - The Hindu - February 1st, 2021
- William P. Crowell, Former Deputy Director of the National Security Agency, Joins LookingGlass Advisory Board - HSToday - February 1st, 2021
- SolarWinds Is Not the 'Hack of the Century.' Its Blowback for the NSA's Longtime Dominance of Cyberspace - Common Dreams - February 1st, 2021
- NSA fumes over the violation of coronavirus safety protocols - GhanaWeb - February 1st, 2021
- A Top Biden Cybersecurity Aide Donated Over $500000 to AIPAC as an NSA Official Mother Jones - Mother Jones - February 1st, 2021
- What to expect from NASS and NASED conferences - Politico - February 1st, 2021
- Companies Pay Criminal Penalties And Compensation For Undermining Competition - JD Supra - February 1st, 2021
- Split Up NSA and CYBERCOM - Defense One - December 28th, 2020
- Edward Snowden Pardon and the SolarWinds Hack | - City Journal - December 28th, 2020
- Edward Snowden and wife share photos of newborn son amid push for Trump to pardon NSA leaker - Washington Times - December 28th, 2020
- NSA Year in Review: Election Security, Cybersecurity, and More - HSToday - December 28th, 2020
- No, the United States Does Not Spend Too Much on Cyber Offense - Council on Foreign Relations - December 28th, 2020
- The US has suffered a massive cyberbreach. It's hard to overstate how bad it is - The Guardian - December 28th, 2020
- Satoshi Nakamoto from NSA, AntiChrist and Other Bitcoin Conspiracy Theories - Cryptonews - December 28th, 2020
- How A Cybersecurity Firm Uncovered The Massive Computer Hack - NPR - December 28th, 2020
- Snowden and Assange Deserve Pardons. So Do the Whistleblowers Trump Imprisoned. - The Intercept - December 28th, 2020
- National Security Agency - Wikipedia - October 10th, 2020
- Talks with China will not help says USA NSA on situation on Ladakh - Oneindia - October 10th, 2020
- How to choose the right multifactor authentication program - Federal News Network - October 10th, 2020
- UofL to launch health care cybersecurity curriculum with $6.3 million from National Security Agency, pilot focused on veterans and first responders -... - October 10th, 2020
- National Storage Affiliates Trust Announces Date of its Third Quarter 2020 Earnings Release and Conference Call - Business Wire - October 10th, 2020
- NSA announces new Autumn webinar series 'Feeding the flock and getting it right' - The Scottish Farmer - October 10th, 2020
- How the NSA is disrupting foreign hackers targeting COVID-19 vaccine research - TechCrunch - September 18th, 2020
- Crime Prevention and Community Outreach, Common Goals for NSA and NYPD Commissioner - Abasto, Food and Beverage Industry News - September 18th, 2020
- Deputy NSA gets one year extension - The Hindu - September 18th, 2020
- Exceeding All Expectations: A Journey of Adversity, Triumph and Eternal Optimism - Worth - September 18th, 2020
- Huge threat to national security as hackers attack NIC computers, steal sensitive information - DNA India - September 18th, 2020
- Police: 2 more held in Agra boys kidnap-murder, NSA to be invoked - The Indian Express - September 18th, 2020
- NSA to be invoked against miscreants involved in killing Malihabad farmer: Lucknow DM - Outlook India - September 18th, 2020
- Did the NSA spy on Congress? RT The World According to Jesse - RT - September 5th, 2020
- Nebraska native, 101, defied convention: She served in South Pacific, with MacArthur and at NSA - Omaha World-Herald - September 5th, 2020
- NSA Ajit Doval reviews situation at India-China border - The New Indian Express - September 5th, 2020
- NSA Webinar Part 3: Skills Development and the future of learning during and post the Covid-19 pandemic - Mail and Guardian - September 5th, 2020
- ICE Robotics Expands Offering With NSA Partnership - CleanLink - September 4th, 2020
- National Security Agency | History, Role, & Surveillance ... - August 16th, 2020
- The NSA and FBI Expose Fancy Bear's Sneaky Hacking Tool - WIRED - August 16th, 2020
- NSA and FBI Expose Russian Previously Undisclosed Malware Drovorub in Cybersecurity Advisory FBI - Federal Bureau of Investigation - August 16th, 2020
- Shah Faesal reached out to NSA before he quit party; open to IAS return - Hindustan Times - August 16th, 2020
- How has the pandemic impacted work at the NSA? - C4ISRNet - August 10th, 2020
- Election interference efforts have shifted, NSA and Cyber Command election threats leads say - CyberScoop - August 10th, 2020
- Did Hedge Funds Make The Right Call On National Storage Affiliates Trust (NSA)? - Yahoo Finance - August 10th, 2020
- National Speakers Association Inducts Mary Kelly, Ph. D. into the Speaker Hall of Fame - The Grand Junction Daily Sentinel - August 10th, 2020
- For 2020 Election, Threat is Bigger than Russia > US DEPARTMENT OF DEFENSE - Department of Defense - August 10th, 2020
- The White House reportedly quashed part of an intelligence report that showed Russia is helping the Trump campaign - MSN Money - August 10th, 2020
- GFA Express Appreciation To NSA | General Sports - Peace FM Online - August 10th, 2020
- NSA O'Brien Says US Has 'Sanctioned The Heck Out Of Russia' - Newsmax - August 10th, 2020
- DHS Warns of a Persistent Cyber Threat Targeting Critical Infrastructure in the U.S. - CPO Magazine - August 10th, 2020
- Money Explodes; Gold Glitters; The Recovery Slows - Forbes - August 10th, 2020
- NSA Reports on New Cyber Vulnerability in Computers - ExecutiveGov - August 10th, 2020
- The Trump administration reportedly quashed an intelligence report that showed Russia is helping him win the 2020 election - MSN Money - August 10th, 2020
- There Will Be Blowback - Forbes - August 10th, 2020
- What and how are you thinking? Anything is possible - Martins Ferry Times Leader - August 10th, 2020
- TikTok and National Security: The Need for a Comprehensive U.S. Privacy Law - Security Boulevard - August 10th, 2020
- Buhari to overhaul the nation's security apparatus, says NSA - TheCable - August 10th, 2020
- Trump quashed report section showing Russia is helping him win 2020 - Business Insider - Business Insider - August 9th, 2020
- NSA Sheep 2020 to be a virtual sheep show - South West Farmer - August 8th, 2020
- All you need to hijack a Mac is an old Office document and a .zip file - TechRadar - August 8th, 2020
- Silicon Valley's Vast Data Collection Should Worry You More Than TikTok - Jacobin magazine - August 8th, 2020
- T-Mobile Is The First Carrier Globally To Launch Nationwide Standalone (SA) 5G - Forbes - August 7th, 2020
- The Room Where It Happened: Former US NSA exposes the frailties of the Trump administration - The Financial Express - August 4th, 2020
- NSA Sheep 2020 to go virtual over two days - FarmingUK - July 31st, 2020
- Protect Our Power Urges Vigilance in Response to NSA and CISA Warning on Critical Infrastructure - PRNewswire - July 31st, 2020
- A "Time of Heightened Tensions": Homeland Security and National Security Agency Issue Joint Cybersecurity Alert - JD Supra - July 31st, 2020
- Amid 'heightened tensions,' US government issues warning to critical infrastructure providers - Utility Dive - July 31st, 2020
- Garmin Hack, Glitch in Flight Navigation and an NSA Warning: The Massive Threat of WastedLocker - News18 - July 31st, 2020
- Netflix is looking to Splinter Cell for its next big video game adaptation - The Verge - July 31st, 2020
- US real GDP to expand by 15% in Q3 TDS - FXStreet - July 31st, 2020
- Two Rebels Against the Establishment: Oliver Stone and Edward Snowden - CounterPunch - July 31st, 2020
- Orange announces it will launch 5G later this year - Explica - July 31st, 2020
- Privacy Shield Struck Down: Schrems II Just When You Thought it Was Safe to Go Back in the Harbor - JD Supra - July 31st, 2020