The cybersecurity director of the National Security Agency last week caused some smiles among cyber professionals when he told Bloomberg that the new encryption standards will not have any backdoors that his agency is working on with National Institute of Standards and Technology (NIST).
When it comes to cybersecurity, backdoor is a deliberate flaw in a system or software that can be secretly used by an attacker. In 2014, there were rumors that the encryption standard developed by the NSA contained a backdoor, leading to the algorithm being repealed as a federal standard.
“Backdoors can help law enforcement and national security, but they also represent vulnerabilities that can be exploited by hackers and are subject to potential abuse by the agencies they are supposed to help,” said John Gunn, CEO of Rochester, New York. Tokena manufacturer of biometric-based authentication rings, told TechNewsWorld.
“Any backdoor in encryption can and will be detected by others,” added John Bambenek, chief bounty hunter. Netanrichan IT and digital security company in San Jose, California.
“You can trust the U.S. intelligence community,” he told TechNewsWorld. “But will you trust the Chinese and the Russians if they gain access to the backdoor?”
Trust, but come true
Lawrence Gassman, President and Founder Inside quantum technology, of Croesus, Virginia, a provider of information and intelligence on quantum computing, argues that the public has good reason to be skeptical of NSA officials. “The intelligence community is not known for telling the absolute truth,” he told TechNewsWorld.
“The NSA has some of the best cryptographers in the world, and for many years there have been well-founded rumors about their efforts to place backdoors in encryption software, operating systems and hardware,” added Mike Parkin, an engineer from Cyber Volcanoa SaaS provider for corporate cyber risk management, in Tel Aviv, Israel.
“The same is true of software and firmware from other countries that have their own agencies that are interested in what’s going on in cross-network traffic,” he told TechNewsWorld.
“Whether it’s in the name of law enforcement or national security, the authorities have long despised encryption,” he said.
“There should be a trust approach, but checks when it comes to encryption and security in general,” advised Dave Candiff, CISO’s Civatormanufacturer of automated cybersecurity management platform, in Irvine, California.
“Organizations may have the best intentions, but don’t understand those intentions to the end,” he told TechNewsWorld. “Government organizations are bound by law, but this does not guarantee that they will not introduce backdoor intentionally or unintentionally.”
“The community as a whole needs to test and verify any of these mechanisms to make sure they can’t be compromised,” he said.
Taming of prime numbers
One of the guiding factors of the new encryption standards is the threat of quantum computing, which could disrupt the commonly used encryption schemes used today.
“As quantum computers become massive, it will make modern public key encryption algorithms obsolete and inadequate, as shown in the Shore algorithm,” said Jasmine Henry, director of field security. JupiterOnea provider of cyber asset management and governance solutions in Morrisville, North Carolina.
Shore’s algorithm is a quantum computer algorithm for calculating prime factors of integers. Prime numbers are the basis of encryption used today.
“Encryption depends on how hard it is to work with really large primes,” Parkin explained. “Quantum computing has the potential to make the search for prime numbers based on encryption trivial. What it would take generations to calculate on a regular computer is now being revealed in a matter of moments. ”
This poses a major threat to modern public key encryption technology. “The reason that is so important is that public key cryptography is often used to transmit“ symmetric ”key encryption. These keys are used to pass on confidential data, ”said Andrew Barratt, Head of Decision and Investigation at Coal firea cybersecurity advisory service provider from Westminster, Colorado.
“This has significant implications for almost all encryption transfers, as well as for everything else that requires digital signatures, such as blockchain technologies that support cryptocurrencies such as Bitcoin,” he told TechNewsWorld.
Gann argued that most people misunderstand what quantum computing is and how it differs significantly from the classical computing we have today.
“Quantum computing will never be in your tablet, phone or wristwatch, but for specific applications using specialized algorithms for tasks such as finding and decomposing large prime numbers,” he said. “Performance improvements are in the millions.”
“Using the Shore algorithm and future quantum computers, AES-256, an encryption standard that protects everything online and all our financial transactions online, will be violated in a short period of time,” he added.
Barratt argued that once quantum computing became available for general use, the crypto would have to move from mathematics based on prime numbers to systems based on elliptical cryptography (ECC). “However,” he continued, “it is only a matter of time before the basic algorithms that support ECC become vulnerable on a scale for quantum computing, developing quantum systems specifically for their hacking.”
What NIST is developing with the help of the NSA are quantum-stable algorithms. “Requirements for quantum-stable algorithms can include extremely large signatures, processing loads, or massive keys that can create problems for implementation,” Henry told TechNewsWorld.
“Organizations will have to contend with new challenges to implement quantum-stable protocols without facing performance issues,” she added.
It is unclear when the quantum computer will become available.
“It seems that we have not reached the point of inflection in practical application, to say with certainty what the deadlines are,” said Kandif.
“However, this turning point may happen tomorrow, which allows us to say that quantum computing will be widely available in three years,” he told TechNewsWorld, “but until it makes sense to go beyond theoretical and practical, that’s all.” still possible in ten years. “
Gassman said he believes the world will see the quantum computer sooner rather than later. “Quantum computer companies say it will happen in 10-30 years,” he said. “I think it will happen before 10 years, but not before five years.”
Moore’s Law – which predicts that computing power doubles every two years – does not apply to quantum computing, Gassman said. “We already know that quantum development is moving faster,” he said.
“I say we will have a quantum computer sooner than 10 years from now,” he continued. “You won’t find many people who agree with me, but I think we need to worry about that now – not just because of the NSA, but because there are much worse people than the NSA who want to use this technology.”