[Cryptography] NSA looking for quantum-computing resistant encryption. How will encryption be affected by quantum computing

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Sep 3 01:26:41 EDT 2015

ianG <iang at iang.org> writes:

>1.  NSA has mandate to protect USG agencies.  It also has a mission to breach
>everyone (else) but let's ignore that for the moment.
>2.  NSA knows more about quantum than anyone else, in the sense that it has
>the budget to know, and has been spending that budget.

2-alt: NSA has a couple of guys who have a bee in their bonnet about quantum.

3-alt: One or more of these guys are in influential decision-making positions.

4-alt: <what we're seeing now>


2-even-more-alt: The aliens the NSA keeps in the basement have told them that
                 the other aliens who got away have quantum computers.

3-even-more-alt: <what we're seeing now>

The truth is that we really have no idea.  Since the NSA never makes any of
its procedures or reasoning public, it could be absolutely anything.  The
principle of least surprise says it's 2-alt (based on a combination of the
unlikelihood of the NSA knowing something about QC that the entire rest of the
world doesn't, and having worked with government departments and seen how a
single manager with a fixation on something can skew how its treated), but in
practice who knows...

>All the other governments and supra-national orgs like IETF will fall into
>line with NSA's threat model because their approach is best practices, not
>security modelling.

Too true, unfortunately.

>But there's no need, there's no hurry, and if you spend a dime on it, you
>wasted that dime, and the opportunity to spend it on your real threats.



More information about the cryptography mailing list