NSA Shrugs Off Quantum’s Threat to Public Key Encryption
By Becky Bracken
The National Security Agency issued a fact sheet on quantum computing that downplayed the threat of post-quantum cryptography to public key encryption.
The spy agency acknowledged it is looking toward a post-quantum future by working on the development of standards that can protect National Security Systems (NSS) but added the viability of what the report termed a “Cryptographically Relevant Quantum Computer” is far off in the future.
“NSA does not know when or even if a quantum computer of sufficient size and power to exploit public key cryptography (a CRQC) will exist,” the quantum FAQ said. “This technology exists today and is distinct from the quantum computing technology that might one day be used to attack mathematically based cryptographic algorithms.”
It’s hard to know whether the NSA is actually not worried about the security threat of quantum computing or just posturing for some other reason, but it’s fair to say following recent catastrophic breaches of classified systems, including the infamous SolarWinds hack, the U.S. government doesn’t have a great track record on spotting cybersecurity threats.
Even months after the attack the U.S. government agencies failed to meet even basic cybersecurity standards, according to a recent Senate Oversight Report created by inspectors general.
Despite the NSA’s lack of confidence in quantum computing’s impact on data security, companies like Canadian company Quantropi Inc are throwing considerable resources behind developing quantum-secure technology.
The company along with Canada’s National Research and Education Network (NREN) just announced it successfully tested its quantum key distribution technology by sending 55,000 32-bit encryption keys per second from Ottowa to Singapore at speeds that never dipped between 14 Mbps.
Quantropi CTO Michael Redding explained how the company is developing Quantum Entropy as a Service to secure data against quantum computers, which his company is better is going to happen in the next handful of years.
“Let’s translate these results to the business world,” Redding explained. “If a 32-byte AES key is the standard, we’re transmitting anywhere from just under 400,000 (Edmonton) down to 55,000 keys per second (Singapore). To get your head around this, Google – representing ten times the traffic of any other site on the planet – requires an estimated 64,000 32-byte keys per second. So just from our small beta server in Ottawa – pre-optimization – we can support anywhere in the neighborhood of one to six Googles per second. With every single key delivered as secure from any attack – classical or quantum.”