Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
United States Encryption

US Government Urges Federal Contractors To Strengthen Encryption (bloomberg.com) 20

Companies working with the US government may be required to start protecting their data and technology from attacks by quantum computers as soon as July. From a report: The National Institute for Standards and Technology, part of the Department of Commerce, will in July stipulate three types of encryption algorithms the agency deems sufficient for protecting data from quantum computers, setting an internationally-recognized standard aimed at helping organizations manage evolving cybersecurity threats. The rollout of the standards will kick off "the transition to the next generation of cryptography," White House deputy national security adviser Anne Neuberger told Bloomberg in Cambridge, England on Tuesday. Breaking encryption not only threatens "national security secrets" but also the the way we secure the internet, online payments and bank transactions, she added.

Neuberger was speaking at an event organized by the University of Cambridge and Vanderbilt University, hosting academics, industry professionals and government officials to discuss the threats posed to cybersecurity by quantum computing, which vastly accelerates processing power by performing calculations in parallel rather than sequentially and will make existing encryption systems obsolete.

This discussion has been archived. No new comments can be posted.

US Government Urges Federal Contractors To Strengthen Encryption

Comments Filter:
  • Why listen? (Score:5, Insightful)

    by AcidFnTonic ( 791034 ) on Tuesday May 21, 2024 @04:16PM (#64488743) Homepage

    All they have ever done is steer us into vulnerabilities and problems.

  • How sure are we that the algorithms we have that we say are 'post-quantum' really are post-quantum?
    • by TechyImmigrant ( 175943 ) on Tuesday May 21, 2024 @05:36PM (#64488871) Homepage Journal

      The proofs that the algorithms are secure from a quantum computer are sound.

      However those proofs do not prove that the algorithms are secure from normal mathematical attacks by classical computers.
      During the recent PQ algorithm competition, many algorithms were shown to be insecure to classical attacks, despite them being secure from quantum computers.

      E.G. Sike (https://www.schneier.com/blog/archives/2022/08/sike-broken.html) was broken, despite it getting to a very late finalists round in the competition.
      This is evidence that there was not nearly enough cryptanalysis work done on those algorithms during the competition.

      • by gweihir ( 88907 )

        And that is exactly the problem. Cryptography needs to be secure from all attack vectors. That has not been achieved at all.

    • by gweihir ( 88907 )

      Not sure at all. Just recently some finalist for a post-quantum scheme got broken by a smart person with a laptop while the constest was still running. This stuff is, at this time, massively insecure and very risky to use.

  • On one hand, this is NIST and not the NSA, and it legitimately falls under NIST's purview (and they have been the one shepherding current development of quantum-resistant cryptography).

    On the other hand, I do have to wonder about the timing when there's no remotely-potential quantum threat on the horizon yet. The fact that the US government (along with others) has previously foisted a likely compromised encryption scheme on us before, combined with the fact that the US government (along with others) has tri

    • I'm not sure what to think. On one hand, NIST/NSA did do a superb job with DES's s-boxes, providing extremely strong encryption for such a short key space, and TDES and even 9DES is still used (9 DES is rare, but I've seen it, using nine 48 or 64 bit keys.

      I think the government's "dog in the hunt" is ensuring post-quantum security. A weak algorithm there will leave them vulnerable, and give an incredible military, economic, tactical, and strategic benefit to China and Russia, so I doubt the government is

      • NIST also was involved in the DualEC backdoor though...

        Also your game theory misses a more valuable point, if they can achieve two goals with this once in a lifetime "redo" of crypto. They will happily choose the option that is weak for everyone except a skilled user with inside strong-key selecting knowledge. Then push to all showing "they use it" as proof. Never forget the NSA has a central authority to generate strong keys for their use. You do not have such luxuries. Your keys wont be as good. This is a

    • by jonwil ( 467024 )

      How were these post-quantum algorithms that are being promoted chosen? Was it like AES where submissions were taken, thoroughly evaluated by the experts and the best option picked?

      • How were these post-quantum algorithms that are being promoted chosen? Was it like AES where submissions were taken, thoroughly evaluated by the experts and the best option picked?

        Yes. but the effort seems to have been far less. Partly because not all the cryptographers are fluent in the quantum mathematics and partly because the whole enterprise is too early and immature for people to want to be involved.

  • The NSA nominates a fourth: rot13

  • When the cost to do business with the Government goes up, the cost to the Government goes up. Keep throwing up road blocks, useful or not, we'll keep raising the price.

"Pull the trigger and you're garbage." -- Lady Blue

Working...