NSA Says ‘No Backdoor’ for Spies in New US Encryption Scheme

As NIST prepares new encryption standards designed to withstand attacks by quantum computers.

Bloomberg News

May 13, 2022

3 Min Read
National Security Agency, Fort Meade, Maryland
National Security Agency, Fort Meade, MarylandAlamy

(Bloomberg) -- The US government agency that develops standards for technology is due to announce the winners of a years-long contest to establish new encryption standards potentially capable of withstanding a futuristic technology that some fear will be able to break many codes: quantum computers.

The nation’s top code-cracking agency, the National Security Agency, has been involved in parts of the process but insists it has no way of bypassing the new standards. 

“There are no backdoors,” said Rob Joyce, the NSA’s director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor.

The prospect of quantum computers includes being able to solve mathematical problems that normal computers can’t resolve, a potentially incredible feat. But it’s also one that the White House fears could allow the encrypted data that girds the U.S. economy – and national security secrets – to be hacked. 

The contest by the National Institute of Standards and Technology, or NIST, is intended to update the algorithms that underpin widespread public-key cryptography that secures emails, online banking, medical records, access to control systems, some national security work and more. That system, developed in the 1970s, allows for the private exchange of information by relying on publicly accessible algorithms.

The Biden administration last week unveiled a plan to switch the entire US economy to quantum-resistant cryptography, which will rely on new NIST algorithms, as much “as is feasible by 2035.” 

Scientists estimate viable quantum computing could arrive anywhere from five to 50 years from now, if ever.

Joyce, of the NSA, said it was a question of “when, not if.” He is among those who worry U.S. adversaries are stealing and stockpiling encrypted data intended to remain secret for decades or more in anticipation of being able to unlock it when viable quantum computing arrives. China, for one, is pouring billions of dollars of investment into developing quantum computing, according to US researchers.

NIST, which started the post-quantum contest in 2016, has taken pains to stress independence in overseeing the public competition, which is now down to seven finalists from 69 initial viable submissions “from all over the world.” While the NSA has helped design and edit NIST standards in the past, this time the institute has made all decisions about the new algorithms internally, relying on the expertise of its post-quantum cryptography team, a NIST spokesperson told Bloomberg.

The NSA already has classified quantum-resistant algorithms of its own that it developed over many years, said Joyce. But it didn’t enter any of its own in the contest. The agency’s mathematicians, however, worked with NIST to support the process, trying to crack the algorithms in order to test their merit.

“Those candidate algorithms that NIST is running the competitions on all appear strong, secure, and what we need for quantum resistance,” Joyce said. “We’ve worked against all of them to make sure they are solid.”

The purpose of the open, public international scrutiny of the separate NIST algorithms is “to build trust and confidence,” he said.

Leaked documents from former NSA contractor Edward Snowden in 2013 revealed some of the NSA’s techniques for penetrating encryption and lent credence to allegations that the algorithm it created included a backdoor. Afterward, NIST revoked its support for the algorithm.

Choosing the algorithm is only a first step. NIST will then oversee an effort to turn the winning algorithms into public standards. The plan is to make them available in 2024 so that government and industry can adopt them.

The NIST spokesperson said the final standard will also be open to scrutiny for any weakness or flaws.

“The reason they take so long to standardize is our confidence in them is a function of how many hours really smart people are taking to try to break them,” said Charles Tahan, director of the national quantum coordination office at the White House, in an interview.

Read more about:

North America

About the Author(s)

Bloomberg News

The latest technology news from Bloomberg.

Subscribe to the Data Center Knowledge Newsletter
Get analysis and expert insight on the latest in data center business and technology delivered to your inbox daily.

You May Also Like