NSA Issues FAQs on Quantum Computing and Post-Quantum Cryptography


As concerns regarding quantum computing and post-quantum cryptography are overtaking the forefront of cryptographic discussions, especially in areas associated with national defense, the National Security Agency (NSA) has published a document comprising of the most frequently asked questions about Quantum Computing and Post-Quantum Cryptography, in which the agency studied the probable ramifications for national security in the event of the introduction of a "brave new world" far beyond the traditional computing domain. 

This 8-page report provides a summary of quantum computing, its connection with cryptography, the Commercial National Security Algorithm Suite, Commercial Solutions for Classified (CSfC), and the National Information Assurance Partnership (NIAP), as well as forthcoming techniques and cryptography. 

With the advancements the competition for quantum computing also heats up, with a slew of players vying for quantum dominance via diverse, eccentric scientific inquiry avenues, the NSA document examines the possible security risks raised by the establishment of a “Cryptographically Relevant Quantum Computer” (CRQC). 

"NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist," it stated. 

A CRQC is the emergence of a quantum-based supercomputer strong and sophisticated enough to bypass conventional encryption techniques developed for classical computing. Whereas these strategies are practically uncrackable with existing or even prospective supercomputers, a quantum computer does not abide by the same rules given the nature of the beast, as well as the superposition, asserts readily accessible to its computing unit, the qubit. 

Considering that governments and labs are striving to develop crypto-busting quantum computers, the NSA stated it was developing “quantum-resistant public key” algorithms for private suppliers to the US government to employ, as part of its Post-Quantum Standardization Effort, which has been in operation since 2016. 

The world depends on public cryptography for strong encryption, such as TLS and SSL, which underpins the HTTPS protocol and help to safeguard user browsing data against third-party spying. 

Eric Trexler, VP of global governments at security shop Forcepoint, told The Register: "Progress on quantum computers has been steadily made over the past few years, and while they may not ever replace our standard, classical computing, they are very effective at solving certain problems. This includes public-key asymmetric cryptography, one of the two different types of cryptosystems in use today." 

Consequently, an agency such as the NSA, which guarantees the security of the United States' technological infrastructure, must cope up with both current and future risks - as one would assume, updating organizations as large as an entire country's key government systems requires an incredible amount of time. 

The NSA wrote, in theory, quantum computers can perform some mathematical calculations tenfold quicker than traditional computers. Quantum computers use “qubits” instead of regular bits, which react and interact as per the laws of quantum mechanics. This quantum-physics-based characteristic might allow a reasonably large quantum computer to do precise mathematical calculations that would have been impossible for any conventional computer to execute. 

According to the NSA, "New cryptography can take 20 years or more to be fully deployed to all National Security Systems (NSS)". And as the agency writes in its document, "(...) a CRQC would be capable of undermining the widely deployed public key algorithms used for asymmetric key exchanges and digital signatures. National Security Systems (NSS) — systems that carry classified or otherwise sensitive military or intelligence information — use public-key cryptography as a critical component to protect the confidentiality, integrity, and authenticity of national security information. Without effective mitigation, the impact of adversarial use of a quantum computer could be devastating to NSS and our nation, especially in cases where such information needs to be protected for many decades." 

In its document, the NSA rests the decision of which post-quantum cryptography would be deployed by the United States' national infrastructure solely on the shoulders of the National Institute of Standards and Technologies (NIST), which is "in the process of standardizing quantum-resistant public key in their Post-Quantum Standardization Effort, which started in 2016. This multi-year effort is analyzing a large variety of confidentiality and authentication algorithms for inclusion in future standards," the NSA says.