ARGUMENT: SECURING ENCRYPTIONHack Post-Quantum Cryptography Now So That Bad Actors Don’t Do It Later

Published 1 August 2022

In February, the cryptography community was stunned when a researcher claimed that an algorithm that might become a cornerstone of the next generation of internet encryption can be cracked mathematically using a single laptop. Edward Parker and Michael Vermeer write that this finding may have averted a massive cybersecurity vulnerability, but it also raises concerns that new encryption methods for securing internet traffic contain other flaws that have not yet been detected.

In February, the cryptography community was stunned when a researcher claimedthat an algorithm that might become a cornerstone of the next generation of internet encryption can be cracked mathematically using a single laptop. Edward Parker and Michael Vermeer write in Lawfarethat this finding may have averted a massive cybersecurity vulnerability, but it also raises concerns that new encryption methods for securing internet traffic contain other flaws that have not yet been detected. “One way to build trust in these new encryption methods—and to help catch any other weaknesses before they are deployed—would be to run a public contest to incentivize more people to look for weaknesses in these new algorithms,” they write, adding:

The new encryption algorithm that was just cracked was designed to be secure against quantum computers. A large-scale quantum computer may eventually be able to quickly break the encryption used to secure today’s internet traffic. If internet users don’t take any countermeasures, then anyone in possession of such a computer might be able to read all secure online communications—such as email, financial transactions, medical records, and trade secrets—with potentially catastrophic impacts for cybersecurity that the U.S. National Security Agency has described as “devastating to … our nation.”

 One defense against this future threat is post-quantum cryptography or PQC—a set of new cryptography algorithms that are expected to resist attacks from quantum computers. Since 2015, the U.S. National Institute for Standards and Technology (NIST) has been evaluating algorithms to design a new standard for this type of cryptography, which will likely be adopted eventually by communication systems worldwide. Although quantum computers powerful enough to threaten encryption are unlikely to arrive before 2030, upgrading to PQC will take years and cost billions of dollars. The U.S. government considers the swift and comprehensive adoption of PQC across its own communication systems to be an important national security imperative: Over the past two months, the White House has issued a National Security Memorandum directing all federal agencies to begin preparing for the transition. And related bills have passed the House of Representatives and been introduced in the Senate with bipartisan support.

Parker and Vermeer note that if a deployed PQC algorithm contained a security flaw, an enormous amount of sensitive information could be left vulnerable. And there could be a chaotic and costly scramble to fix the flaw throughout the communication infrastructure. “The recent claim to have found just such a flaw in one of the PQC algorithms that NIST was considering shows that this risk is not far-fetched.”

They add:

NIST and others in the cryptography community are carefully analyzing several PQC algorithms to try to catch any potential vulnerabilities. But it’s almost impossible to mathematically prove the security of most cryptography algorithms. In practice, the strongest evidencefor an algorithm’s security is simply that many experts have tried and failed to break it. The more people try to attack the new PQC algorithms and fail, the more likely it is that they are secure.

Parker and Vermeer have an idea:

One possible option for further crowdsourcing the analysis of NIST’s final candidate PQC algorithms would be a contest in which the general public is invited to try to break them.

….

Here’s one possible option for what such a contest might look like: NIST could use its recently selectedcandidate PQC algorithms to encrypt a nonsensitive document and then publicly release the encrypted ciphertext (and the algorithms used to encrypt it) along with a large bounty for its decryption. The first person—anywhere in the world—to successfully decrypt the document and explain how they did so would receive the bounty. If anyone succeeds, NIST would know that it needs to refine its algorithms before releasing the final standard.

Parker and Vermeer conclude:

It may seem counterintuitive to directly incentivize people to break cryptography that will eventually be used by government and commercial organizations. But given the incredibly high stakes of the transition to PQC, it’s absolutely critical that NIST receive every possible assurance that these algorithms are secure. If the new PQC algorithms do turn out to contain vulnerabilities like the recently discovered one, then it would be much better to find those vulnerabilities before the algorithms are rolled out widely. These PQC algorithms will eventually become the bedrock of cybersecurity for the entire internet. If a bounty helps to catch a vulnerability before it’s deployed, then the modest cost of the bounty could prevent much higher costs further down the line.