Quantum computing will make current cryptography standards for protecting data obsolete, according to the NSA, and everyone needs to be prepared.
The NSA updated an advisory this week that discussed how quantum computer processing could threaten US national security. If quantum computers become a reality in the coming years and decades, the encryption methods that protect sensitive data could be easily broken and rendered useless. This is because such a computer would, at least in theory, be many orders of magnitude more powerful than any available today, and could easily crack the math behind modern encryption.
It calls for a move from public key crypto, the kind mostly used today, to what is called post quantum algorithms, in a bid to keep up. The NSA is unsure of when exactly the field of computer science will develop a powerful quantum computer that poses a threat. Roughly speaking, it is expected within the next 50 years.
“We are working with partners across the USG, vendors, and standards bodies to ensure there is a clear plan for getting a new suite of algorithms that are developed in an open and transparent manner that will form the foundation of our next Suite of cryptographic algorithms,” said the advisory on the NSA’s plans for developing future algorithms.
The changes will have far reaching effects if they come to pass. For example, the entire security industry will need to change its systems to incorporate these powerful new algorithms, especially firms that count government agencies among their clientele.
The NSA is not alone in its concerns. The NSA’s British peers at the Government Communications Headquarters (GCHQ), which was entangled in the NSA leaks controversy from 2013, has raised its own concerns around the advent of quantum computers.
The agency previously attempted to design a post-quantum crypto-system, but the task proved to be extremely trying, taking several years to develop and several years to test its potential quantum resistance.
“As of late 2014, when novel types of quantum-resistant cryptography are being developed for real world deployment, we caution that much care and patience will be required to ensure that each design receives a thorough security assessment,” the authors wrote at the time.
The NSA is likely to publish its own recommendations on what a new post-quantum algorithm will look like, but provided no timeline for that.
It’s not just agencies like the NSA and GCHQ that are attempting to tackle this area or feel worried about it, but since the Snowden leaks, the relationships between intelligence agencies and the cryptography and security community has been fractured, to say the least. Meanwhile start-ups like PQ Solutions have been working on a potential algorithm of their own. The race is on to future-proof our data.