NSA Says “Don’t Rush Quantum-Proof Encryption”; Here’s Why
Don’t Rush Quantum-Proof Encryption, Warns NSA Research Director
+ Though NSA isn’t directly involved in the NIST competition, Frincke and her team are closely following its progression. The security community works to defend today’s information ecosystem against tomorrow’s codebreakers but Frincke noted it’s important cryptographers don’t rush their work. Quantum computers may pose a substantial threat to digital security, she said, but deploying new encryption schemes too quickly could create additional own risks.
“There are two ways you could make a mistake with quantum-resistant encryption: One is you could jump to the algorithm too soon and the other is you jump to the algorithm too late,” she said.
+ If a group rolls out a new encryption scheme before it’s been thoroughly vetted, they might overlook vulnerabilities that quantum computers—or even classical machines—could exploit, according to Frincke. Without proper guidance, it’s also fairly easy to make a mistake when implementing the algorithms themselves, she said, which could lead to even more weaknesses.
+ Even after NIST selects its winners, the threats posed by quantum computers won’t simply disappear, according to Frincke. Cryptography schemes are only effective until people find a way to break them, and it’s possible new vulnerabilities will emerge years down the line, especially after viable quantum computers become a reality, she said.
+ In June 2020, NIST plans to narrow the pool to about a dozen algorithms and conduct further testing, according to Dustin Moody, the NIST mathematician who’s spearheading the competition. The agency expects to select about four to six “winning” algorithms and publish guidelines for using them some time in 2022, Moody told Nextgov.
Content may have been edited for style and clarity.