In a document titled Quantum Computing and Post-Quantum Cryptography, the NSA said it needs to formulate requirements for future systems now. With this in mind, the agency has made some predictions about the future of quantum computing and their impact on encryption.
The CRQC, a utopia?
The NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will one day exist. The sincerity of these statements may be open to debate knowing that the agency has spent $80 million on quantum computer-focused research that could break the current encryption in a program called Owning the Net. It was in 2014.
Progress on quantum computers has been steadily made over the past few years. And while they may never replace standard conventional computing, they are very effective in solving certain problems. This includes the asymmetric public key cryptographyone of two different types of cryptosystems in use today.
Post-quantum encryption seen as a threat
Public key cryptography is what the world relies on for strong encryption, such as TLS and SSL. These underpin the HTTPS standard used to help protect your browser data from third-party spying. A CRQC, if one exists, would be capable of undermining widely used public-key algorithms for asymmetric key exchanges and digital signatures according to the NSA.
And what a relief that nobody still owns one of these machines. The post-quantum encryption industry has long sought to portray itself as an immediate threat to today’s encryption. The cryptography and hashing algorithms currently in use are based on certain long-to-solve mathematical calculations. With the advent of quantum computers, these calculations will become easy to perform.and cryptographic software will no longer be able to protect systems.
Work on quantum-resistant public key algorithms
Since countries and labs are working on building anti-crypto quantum computers, the NSA said it is working on quantum-resistant public key algorithms. Private U.S. government vendors could use them, with post-quantum standardization underway since 2016. However, the agency said there are no such algos that commercial vendors can adopt right now. , except stateful hash signatures for firmware.
Although advances in cryptography are of more than just academic interest to the infosec world, there is still a point where security (and data) breaches occur due to primarily human factors. And in a world where users easily disclose their passwords or are easily tricked by a phishing email, some experts believe that quantum computers may not pose the biggest threat.