The nation must address a significant future threat in the potential adversarial development and deployment of a quantum computer—a machine that extends the usual rules of computation via quantum physics. Such a deployment would potentially have grave impacts on the security of the United States and its citizens if the proper technical mitigations are not put in place. Now is the time to prepare—in four ways highlighted below—for the complex transition to post-quantum algorithms well before the advent of a quantum computer.
Imagine that an adversarial nation state deploys a quantum computer before the U.S. is prepared. Any system using current standards for public key cryptography would be vulnerable. The health of most systems would be imperiled and they would no longer be trusted to function properly and securely. Technology ranging from smart home appliances to sophisticated national security systems (NSS), which protect classified or other sensitive data, would be susceptible to attack, and the potential ripple effects could cross all sectors of life. The potential for grave health, economic and military harm to the nation is high if we do not prepare correctly.
The National Security Agency is responsible for protecting NSS against quantum computing risks. In 2015, NSA published guidance highlighting the need to prepare for the advent of a quantum computer, and encouraging the development of post-quantum cryptographic algorithms. The National Institute of Standards and Technology has just named algorithm finalists in a program to standardize post-quantum algorithms for broader government and public use. Shortly after round three of NIST’s process is completed, NSA intends to select a post-quantum algorithm suite chosen from the NIST selected algorithms, and announce a timeframe for transition. U.S. entities employing non-NSS should plan to comply with NIST standards and deadlines.
Some researchers have proposed an alternative to post-quantum algorithms—quantum communication, especially the related subfields of quantum key distribution and quantum cryptography. This type of alternative currently appears relatively expensive and insufficiently proven for securing NSS. In a paper at the website listed below, we have outlined a list of challenges for this technology and encourage further investigation by the broader research community. We recommend that NSS owners and operators focus efforts on the post-quantum algorithm transition and not invest in deploying quantum communications technology for NSS protection.
In addition to the preparations the cryptographic community is making to deliver a set of high quality post-quantum algorithms, there are four steps NSS owners and operators should take now:
Determine the potential issues their organizations and systems will likely face based on post-quantum algorithm performance characteristics;
Analyze the reliance their systems have on current public-key technology, and plan accordingly;
Maintain awareness of NSA guidance and policy (see below);
Reach out to NSA with questions, comments, or concerns regarding this significant algorithm transition process. NSA’s Cybersecurity Requirements Center can be reached via email.
As NSS owners, operators and NSA work together, protection against a quantum computer can be achieved before the quantum computing threat arrives.
For up-to-date information on NSA’s approach to protecting against a quantum computer, including its position on quantum key distribution and quantum cryptography, visit NSA’s post-quantum cybersecurity resource.
Dr. Adrian Stanger serves as the Chief of Algorithm Modernization in the National Security Agency’s Cybersecurity Directorate. He has worked in the Cybersecurity Directorate and its predecessors for 16 years.