[Cryptography] A thought about backdoors and quantuum-resistant encryption

Theodore Ts'o tytso at mit.edu
Fri Aug 28 13:04:40 EDT 2015 

I don't know if this is possible, because I don't know enough about
quantuum computing, and I don't know enough a about "quantuum
resistant encryption".

Suppose quantuum computing is a thing, and suppose NSA^H^H^H NIST
supplies us with a quantuum-resistant encryption algorithm.  Would it
be possible to create an encryption algorithm which is resistant to
quantuum computing --- except for someone with a quantuum computer
*AND* knowledge of some secret quantuum state stored in a quantuum
computer only available to the NSA.

Even more, would it be possible to create such a thing in such a way
that NSA^H^H^H NIST could introduce non-transparently in such a way
that the public world *thinks* that that the encryption algorithm
against all quantuum computers, but in fact there is a trapdoor that
only the NSA could utilize --- but no one knows this?

Of course, people wouldn't have to use the new quantuum resistant
encryption algorithms, but if quantuum computer were a thing, they
would be screwed if they kept on using AES, so the NSA would be quite
happy with that outcome.

And of course, if it was introduced non-transparently, then China and
Russia and Iran would be able to demand that a backdoor be engineered
for them, because no one would know that the backdoor existed.  And if
someone future Snowden leaks this, all of the current fear-mongering
from James Comey and Keith Alexander would help prepare the ground in
case it does leak.  (Or maybe they plan to introduce this
transparently, if they've learned their lesson from the Snowden
disclosures.)

All of this is premised by the hypothesis that it is possible to
create quantuum-resistant encryption system for everyone but NSA, and
preferably (for the NSA) in such a way that it's not possible to
modify the encryption system so that backdoor can't be removed or
changed so that China and Russia could have their own
quantuum-backdoored encryption algorithm, and force companies who want
to do business in those countries to use their alternate-backdoored
encryption.   Is this possible?

						- Ted

More information about the cryptography mailing list