NSA Says New Encryption Standards Needed to Resist Quantum Computing - Page 2

If the qubit is paired with another so that it’s entangled, then the other qubit will always have the same state. These properties enable the use of quantum algorithms that could never be executed in a classical computer.

As you can see, quantum computers have capabilities that are simply unavailable to classical computers, and it explains why all of the brute-force computing in the world can never bring to bear the computing power that is available from quantum computer. This is also why the NSA is less worried about massive computing power than it is about the special capabilities of quantum computers.

This concern has led the agency to start researching quantum resistant encryption algorithms. In the process, the NSA has developed a list of current encryption techniques that should no longer be used, including SHA-256 and AES-128. This list is in the NSA’s FAQ for the Commercial National Security Algorithm Suite and Quantum Computing.

Also in that FAQ is the list of encryption methods that are recommended for national security systems. Commercial users that aren’t working with classified information aren’t required to use those stronger encryption methods, but they are certainly allowed to and by doing so they will be ready for future encryption practices.

The next issue for commercial encryption users is how to make sure that their encryption practices meet the NSA's guidelines, especially if they’re handling information that needs to be protected, which may include some types of financial, medical or personal information. The answer is to make sure that the encryption complies with the requirements of FIPS 140-2 (federal information processing standard).

There are also a number of encryption providers that meet FIPS 140-2 or similar standards recognized by the National Institute of Standards and Technology.

However, just having good encryption isn’t enough. “It’s important to have good algorithms, properly implemented and keyed,” Ziring said. “They should use certified cryptography. It’s very important that implementations be certified as meeting FIPS 140.”

If your organization is part of the National Security System, then the NSA may be able to help you make sure you’re using the proper implementation and key management. But there are other ways that the NSA can provide help. For example, companies that are part of the U.S. critical infrastructure can ask the Department of Homeland Security for help, and the DHS can ask the NSA for help.

Likewise, organizations needing help with their financial systems can work with the Treasury Department to make sure that they’re meeting standards and Treasury can get help from the NSA.

But the real importance is that any solution has to be more than just good encryption, it also needs the proper implementation and proper key management policies..

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...