NSA’s Cybersecurity Perspective on Post-Quantum Cryptography Algorithms
In response to requests from our National Security Systems (NSS) partners, NSA Cybersecurity has been asked to share its view on the remaining algorithms in the NIST post-quantum standardization effort, which can be found below. Sharing this analysis publicly represents one aspect of NSA’s efforts to be more transparent in the way we secure NSS. We thank NIST for all their efforts to help advance the adoption and deployment of secure post-quantum cryptography, which are vital to the defense of our nation.
NSA has reviewed the security analysis and performance characteristics of the proposals, and we are confident in those lattice-based schemes with strong dependence on well-studied mathematical problems and in hash-based signatures for certain niche solutions. Read more about NSA's Cybersecurity perspective on lattice based cryptography and hash based signatures.
NSA's Cybersecurity perspective on quantum key distribution and quantum key cryptography
Quantum key distribution utilizes the unique properties of quantum mechanical systems to generate and distribute cryptographic keying material using special purpose technology. Quantum cryptography uses the same physics principles and similar technology to communicate over a dedicated communications link.
NSA continues to evaluate the usage of cryptography solutions to secure the transmission of data in National Security Systems. NSA does not recommend the usage of quantum key distribution and quantum cryptography for securing the transmission of data in National Security Systems (NSS) unless the limitations below are overcome. Read about these limitations in our complete QKD and QC guidance.