(Bloomberg) — The US is readying new encryption standards that will be so ironclad that even the nation’s top code-cracking agency says it won’t be able to bypass them.
The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards.
“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.
The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today’s computers can’t. But it’s also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked.
Scientists estimate viable quantum computing could arrive anywhere from five to 50 years from now, if ever.
The contest by the National Institute of Standards and Technology, or NIST, is intended to update the algorithms that underpin widespread public-key cryptography that secures emails, online banking, medical records, access to control systems, some national security work and more. That system, developed in the 1970s, allows for the private exchange of information by relying on publicly accessible algorithms. Announcement of the winners is imminent, officials said.
The Biden administration last week unveiled a plan to switch the entire US economy to quantum-resistant cryptography, which will rely on new NIST algorithms, as much “as is feasible by 2035.”
Joyce, of the NSA, said it was a question of “when, not if.” He is among those who worry U.S. adversaries are stealing and stockpiling encrypted data intended to remain secret for decades or more in anticipation of being able to unlock it when viable quantum computing arrives. China, for one, is pouring billions of dollars of investment into developing quantum computing, according to US researchers.
NIST, which started the post-quantum contest in 2016, has taken pains to stress independence in overseeing the public competition, which is now down to seven finalists from 69 initial viable submissions “from all over the world.” While the NSA has helped design and edit NIST standards in the past, this time the institute has made all decisions about the new algorithms internally, relying on the expertise of its post-quantum cryptography team, a NIST spokesperson told Bloomberg.
The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit.
“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,” Joyce said. “We’ve worked against all of them to make sure they are solid.”
The purpose of the open, public international scrutiny of the separate NIST algorithms is “to build trust and confidence,” he said.
Leaked documents from former NSA contractor Edward Snowden in 2013 revealed some of the NSA’s techniques for penetrating encryption and lent credence to allegations that the algorithm it created included a backdoor. Afterward, NIST revoked its support for the algorithm.
Choosing the algorithm is only a first step. NIST will then oversee an effort to turn the winning algorithms into public standards. The plan is to make them available in 2024 so that government and industry can adopt them.
The NIST spokesperson said the final standard will also be open to scrutiny for any weakness or flaws.
“The reason they take so long to standardize is our confidence in them is a function of how many hours really smart people are taking to try to break them,” said Charles Tahan, director of the national quantum coordination office at the White House, in an interview.
(Updates with new lead and timing of winner announcement in sixth paragraph.)
More stories like this are available on bloomberg.com
©2022 Bloomberg L.P.