NSA Releases Post-Quantum Algorithms, Aims for Full Implementation by 2035


The National Security Agency worked in conjunction with NIST to prepare stakeholders for upcoming quantum cryptographic requirements. 

The National Security Agency became the latest federal agency to begin its digital migration to quantum-resistant networks, as the emerging technology poses major cybersecurity threats to unprepared digital systems.

Released in an advisory document on Wednesday, NSA officials notified National Security Systems owners and vendors of the future post-quantum algorithmic requirements needed on classical networks that harbor sensitive data related to national security. 

“This transition to quantum-resistant technology in our most critical systems will require collaboration between government, National Security System owners and operators, and industry,” said NSA Cybersecurity Director Rob Joyce. “Our hope is that sharing these requirements now will help efficiently operationalize these requirements when the time comes.”

The NSA’s new encryption standards are outlined in its Commercial National Security Algorithm Suite 2.0, denoted as CNSA 2.0. The upgraded algorithm includes new public and symmetric key encryption and software and firmware updates. CNSA 2.0 algorithms were analyzed and deemed secure against classical and quantum computers.

Officials are releasing these algorithms now to encourage entities using NSS to plan and budget their post-quantum cryptographic systems migrations. 

“We want people to take note of these requirements to plan and budget for the expected transition, but we don’t want to get ahead of the standards process,” Joyce added.

NSA further noted that there will be a transition period for all NSS participants, and that NSS owners and operators shouldn’t deploy the new quantum-resistant algorithms until they have been approved by officials at the National Institutes of Standards and Technology and National Information Assurance Partnership.

Post-quantum encryption has been an increasingly popular requirement for public systems, as nations race to develop a viable quantum computer, which stands to be significantly more powerful than classical computers. NIST had previously identified four quantum-resilient algorithms in July to help both public and private networks prepare for the advent of quantum computing.

Dustin Moody, a mathematician at NIST, has been at the helm of the agency’s efforts to develop more post-quantum cryptographic algorithms. He said that the steps the NSA announced appear reasonable and that they were looking to partner with NIST to standardize the quantum-resistant algorithms. 

He also appreciated the note to wait for accompanying standards to be published before implementing the algorithms, and that NSA’s timeline of complete quantum-resistant algorithm implementation among NSS owners by 2035 works with President Biden’s national security memo.  

“I hope their announcement continues to increase awareness of the transition to PQC [post-quantum cryptography] algorithms,” Moody told Nextgov.