
China has announced that it will spurn US-led efforts to develop encryption algorithms that are resistant to quantum computers, instead choosing to develop its own standards. This may be because China doesn’t want to use algorithms developed in the US in case they contain secret “back doors” allowing access by US intelligence agencies – or it could be that the country wants to develop algorithms with its own back doors.
The encryption algorithms we use to protect data today are practically impossible for even the largest supercomputers to crack, but when quantum computers become reliable and powerful enough, they will be at risk. Because of this, the US National Institute of Standards and Technology (NIST) has been running a project to standardise a new generation of post-quantum cryptography (PQC) algorithms to protect against this risk.
Now, China’s Institute of Commercial Cryptography Standards (ICCS) has , aiming to create standards for Chinese government departments and companies.
Advertisement
One expert in developing technology standards, who works with NIST but asked to remain anonymous, says that NIST is largely transparent, but that it should be remembered that it works closely with the necessarily opaque US National Security Agency (NSA). Leaks by NSA contractor Edward Snowden in 2013 revealed that the NSA potentially does work to weaken encryption techniques, giving it back doors for potential spying. There are fears that the NSA has attempted to do the same with NIST’s PQC algorithms, a charge that NIST has denied.
China’s intelligence agencies are also likely to be working to weaken encryption, says the expert.“If they have made discoveries, they’re not going to tell us. They’re going to be siphoning off our data for years to come and decrypting it as soon as they’re able,” they say. “And if they’re able to already, then they’re doing it.”
at NIST says that there have been previous efforts by the Chinese state to select PQC algorithms, which ended in the adoption of several that were “very similar to what we ended up with”. Moody says it’s unclear what’s driving this new effort, but that China’s approach to standardisation is less transparent and there isn’t a lot of public information released by the state.
“In the larger picture, it’s not surprising to us that they are doing their own standards,” says Moody. “Historically, China hasn’t trusted the cryptography standards the US puts out and have developed their own. I think this is also true with regards to Russia.”
NIST’s standards are primarily aimed at US organisations, but their decisions are commonly and widely adopted elsewhere. “The rest of the world is usually pretty open and supportive of our efforts and will probably end up using our algorithms,” says Moody.
Moody says that NIST will keep a watchful eye on the Chinese PQC process and would certainly not rule out adopting any interesting algorithms they come across. “If it offers enough of an improvement, we could potentially do something about it,” he says.
at security research organisation says that China may just want to develop standards that better suit its purposes, but that security is also likely to be playing a part. “Edward Snowden’s revelations are still present in several peoples’ minds,” he says.
The ICCS did not respond to a request for comment.