The NSA is worried about quantum computers. It warns that it “must act now” to ensure that encryption systems can’t be broken wide open by the new super-fast hardware.


In a document outlining common concerns about the effects that quantum computing may have on national security and encryption of sensitive data, the NSA warns that “public-key algorithms... are all vulnerable to attack by a sufficiently large quantum computer.”

Quantum computers can, theoretically, be so much faster because they take advantage of a quirk in quantum mechanics. While classical computers use bits in 0 or 1, quantum computers use “qubits” that can exist in 0, 1 or a superposition of the two. In turn, that allows it to work through possible solutions more quickly meaning they could crack encryption that normal computers can’t.


The NSA admits that it doesn’t know when the threat may become a real one, writing:

NSA does not know if or when a quantum computer of sufficient size to exploit public key cryptography will exist... There is growing research in the area of quantum computing, and enough progress is being made that NSA must act now to protect [national security services] by encouraging the development and adoption of quantum resistant algorithms.

Problem is, right now it’s unclear if any public encryption algorithms are quantum computer-proof. In the document, the NSA explains that “while a number of interesting quantum resistant public key algorithms have been proposed... nothing has been standardized... and NSA is not specifying any commercial quantum resistant standards at this time.”

Instead, it suggests that companies and government departments concerned about the threat of quantum computing use one of a number of algorithms that don’t use a public key to encrypt data where possible. As for public key encryption, it’s at somewhat of a loss:

In the area of public key algorithms the future is less clear. One area of general agreement appears to be that the key sizes for these algorithms will be much larger than those used in current algorithms. Developers should plan for storing and transmitting public key values that may be larger than those used today. Work will be required to gauge the effects of these larger key sizes on standard protocols as well.


The good news for anyone trying to avoid attack from quantum computers is that the technology is still in its infancy. Late last year, Google claimed that it had finally proved that its quantum computer actually works, but even that device is modest. The kind of quantum computers required to crack encryption will need to be thousands of times more powerful. The NSA has some breathing room yet.

[National Security Agency via Technology Review]

Image by D-Wave