Quantum computers CQCL
The NSA is warning that quantum computing will pose a significant threat to public-key encryption, and is advising US firms to make sure their data is protected by quantum-resistant encryption iStock

Experts at the National Security Agency are deeply worried that the current security cryptography used to protect almost all electronic data over the past 50 years will easily be unravelled by hackers once quantum computers become a reality.

Public-key cryptography systems are currently used to protect everything from emails to online payment transactions, as well as confidential health and financial records. These systems offer end-to-end encryption using two separate keys, one private and one public, that are linked mathematically by complex algorithms that are difficult for computers today to solve.

Although quantum computers are still only a concept, many computer scientists believe that the super-powerful computers will be available within the next 50 years, and that they will be able to solve extremely large numbers quickly, such as seen in recent demonstrations of Shor's algorithm.

Since complex mathematical problems like integer factorisation, discrete logarithm mod primes and elliptic curve discrete logs are essential to public key encryption systems, quantum computing puts them at risk.

Focus on quantum-resistant encryption

The NSA, which developed the Digital Signature Algorithm (DSA) standard in the 1970s, has long been advising US firms and agencies to use Suite B cryptographic algorithms, which include 3072 bit RSA encryption, Advanced Encryption Standard (AES) 256 bit keys and Elliptic Curve P-384 to secure their computer systems.

However, now the NSA is advising companies and government agencies that haven't yet invested in these protections to consider focusing instead on quantum-resistant algorithms. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, which has made it clear that elliptic curve cryptography is not the long-term solution many once hoped it would be. Thus, we have been obligated to update our strategy," the NSA said in its release.

"It is important to note that we aren't asking vendors to stop implementing the Suite B algorithms and we aren't asking our national security customers to stop using these algorithms. Rather, we want to give more flexibility to vendors and our customers in the present as we prepare for a quantum safe future."

NSA seriously worried about quantum computers

The NSA states that companies, particularly those using layered commercial solutions to protect classified national security information, should start implementing key agreement schemes that use large symmetric pre-shared keys – currently the only way to make confidential information quantum-resistant.

Of course, the NSA's reputation hasn't been great with the public since Edward Snowden's revelations, and even before that, the US agency alienated cryptographers when it was discovered in 2013 that its Dual_EC_DRBG standard contained a backdoor allowing NSA to decrypt data.

And yet, the NSA seems to be genuinely worried about what quantum computers could do in the wrong hands. "Our ultimate goal is to provide cost effective security against a potential quantum computer," stressed the NSA.

"We are working with partners across the USG, vendors, and standards bodies to ensure there is a clear plan for getting a new suite of algorithms that are developed in an open and transparent manner that will form the foundation of our next Suite of cryptographic algorithms."