NSA and IETF: Can an attacker purchase standardization of weakened cryptography?
14 hours ago
- #post-quantum cryptography
- #IETF controversy
- #security standards
- Post-quantum cryptography is being rolled out as an extra layer of security alongside traditional pre-quantum cryptography, not as a replacement.
- Examples include Google's CECPQ1 (ECC + NewHope1024) and CECPQ2 (ECC + NTRUHRSS701 or SIKEp434).
- Current browser usage of post-quantum cryptography is approaching 50% of Cloudflare connections, with ECC+MLKEM768 dominating.
- Keeping ECC as a backup layer is compared to wearing a seatbelt—it mitigates risks if post-quantum algorithms fail.
- Historical examples like SIKE's collapse in 2022 highlight the importance of hybrid encryption (ECC+PQ).
- NSA and GCHQ are pushing for standards that weaken ECC+PQ to just PQ, raising security concerns.
- IETF TLS WG debates hybrid vs. non-hybrid drafts, with objections citing security risks, procedural violations, and lack of consensus.
- Legal and antitrust considerations emphasize the need for fair standards development, including resolving objections transparently.
- Despite objections, IETF chairs declared consensus for non-hybrid adoption, sparking controversy over due process.