In February, a researcher sent a shock wave through the cryptography community by claiming that an algorithm that might become a cornerstone of the next generation of internet encryption can be cracked mathematically using a single laptop. This finding may have averted a massive cybersecurity vulnerability. But it also raises concerns that new encryption methods for securing internet traffic contain other flaws that have not yet been detected. One way to build trust in these new encryption methods—and to help catch any other weaknesses before they are deployed—would be to run a public contest to incentivize more people to look for weaknesses in these new algorithms.
The new encryption algorithm that was just cracked was designed to be secure against quantum computers. A large-scale quantum computer may eventually be able to quickly break the encryption used to secure today’s internet traffic. If internet users don’t take any countermeasures, then anyone in possession of such a computer might be able to read all secure online communications—such as email, financial transactions, medical records, and trade secrets—with potentially catastrophic impacts for cybersecurity that the U.S. National Security Agency has described as “devastating to … our nation.”
One defense against this future threat is post-quantum cryptography or PQC—a set of new cryptography algorithms that are expected to resist attacks from quantum computers. Since 2015, the U.S. National Institute for Standards and Technology (NIST) has been evaluating algorithms to design a new standard for this type of cryptography, which will likely be adopted eventually by communication systems worldwide. Although quantum computers powerful enough to threaten encryption are unlikely to arrive before 2030, upgrading to PQC will take years and cost billions of dollars. The U.S. government considers the swift and comprehensive adoption of PQC across its own communication systems to be an important national security imperative: Over the past two months, the White House has issued a National Security Memorandum directing all federal agencies to begin preparing for the transition. And related bills have