Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    NSA Says New Encryption Standards Needed to Resist Quantum Computing

    By
    Wayne Rash
    -
    May 25, 2017
    Share
    Facebook
    Twitter
    Linkedin
      Data Encryption Key 2

      Chances are that you’re familiar with the National Security Agency as the U.S. government organization that listens in on foreign communications and cracks their encrypted messages for useful intelligence.

      While foreign communications surveillance is agency’s main purpose, no everyone knows that it’s also heavily involved with protecting sensitive government communications from interception and decryption by foreign intelligence agencies.

      This means the NSA is deeply involved in developing encryption standards that are as uncrackable as possible. But not just uncrackable now, the encryption standards have to  withstand the test of time and remain uncrackable long into the future. That test of time can include developing cryptography that can defeat the potential massive power of a large quantum computer, even though nothing of that sort currently exists.

      “A lot of classified data has a long lifetime,” said Neal Ziring, NSA Capabilities Technical Director. He said that this is because it’s in hardware that takes a long time to get into the field and that once put into service, lasts a long time. Such items may include Navy ships (which remain in service for decades) or spacecraft (which can be in service even longer).

      Because the data the government uses can last a very long time, the NSA is already working on ways to protect the data against capabilities that currently exist only in a very limited form. Such a capability is quantum computing, which might be limited  today, but promises to be a critical technology in the decades to come.

      Ziring said that for commercial users that don’t necessarily have to consider such long timeframes, it’s still worth preparing for post-quantum security because the industry and the markets are heading in that direction. He said standards bodies that certify encryption are working on such standards and that the industry needs to be ready to implement encryption that can withstand assaults by quantum computers when the capability arrives.

      The reason that the NSA and other security and encryption researchers worry about quantum computing isn’t just because it can result in very fast computers. It’s because such computers can run complex algorithms that can’t be used efficiently using classical digital computers. That’s because quantum computers can use quantum superposition.  

      A qubit, or a quantum bit, is a quantum unit of information which can have many positions between the normal states of 0 and 1, and in fact can occupy all of those states at the same time. This means that a qubit can encode an infinite amount of information, at least until the state of the qubit is observed at which point it collapses into a single state.

      If the qubit is paired with another so that it’s entangled, then the other qubit will always have the same state. These properties enable the use of quantum algorithms that could never be executed in a classical computer.

      As you can see, quantum computers have capabilities that are simply unavailable to classical computers, and it explains why all of the brute-force computing in the world can never bring to bear the computing power that is available from quantum computer. This is also why the NSA is less worried about massive computing power than it is about the special capabilities of quantum computers.

      This concern has led the agency to start researching quantum resistant encryption algorithms. In the process, the NSA has developed a list of current encryption techniques that should no longer be used, including SHA-256 and AES-128. This list is in the NSA’s FAQ for the Commercial National Security Algorithm Suite and Quantum Computing.

      Also in that FAQ is the list of encryption methods that are recommended for national security systems. Commercial users that aren’t working with classified information aren’t required to use those stronger encryption methods, but they are certainly allowed to and by doing so they will be ready for future encryption practices.

      The next issue for commercial encryption users is how to make sure that their encryption practices meet the NSA’s guidelines, especially if they’re handling information that needs to be protected, which may include some types of financial, medical or personal information. The answer is to make sure that the encryption complies with the requirements of FIPS 140-2 (federal information processing standard).

      There are also a number of encryption providers that meet FIPS 140-2 or similar standards recognized by the National Institute of Standards and Technology.

      However, just having good encryption isn’t enough. “It’s important to have good algorithms, properly implemented and keyed,” Ziring said. “They should use certified cryptography. It’s very important that implementations be certified as meeting FIPS 140.”

      If your organization is part of the National Security System, then the NSA may be able to help you make sure you’re using the proper implementation and key management. But there are other ways that the NSA can provide help. For example, companies that are part of the U.S. critical infrastructure can ask the Department of Homeland Security for help, and the DHS can ask the NSA for help.

      Likewise, organizations needing help with their financial systems can work with the Treasury Department to make sure that they’re meeting standards and Treasury can get help from the NSA.

      But the real importance is that any solution has to be more than just good encryption, it also needs the proper implementation and proper key management policies..

      Wayne Rash
      https://www.eweek.com/author/wayne-rash/
      Wayne Rash is a freelance writer and editor with a 35-year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He is the author of five books, including his most recent, "Politics on the Nets." Rash is a former Executive Editor of eWEEK and a former analyst in the eWEEK Test Center. He was also an analyst in the InfoWorld Test Center and editor of InternetWeek. He's a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×