U.S. Encryption Technology & Policy in the Post-Quantum Future
By Jillian Talenda
Countries have struggled with securely transmitting information overseas for decades, but with the advent of the Advanced Encryption Standard (AES), security protocols surrounding diplomatic communications have waned. However, as tools like quantum computing become more developed, diplomats may soon be much less secure in their communications and encryptions will be cracked. This raises a technological and policy problem: how can the United States best protect its international diplomatic communications? Returning back to basics or catching up to current technologies are the strongest solutions to strengthen U.S. offensive and defensive cyber capabilities, keep the United States protected against espionage, and stay ahead in the current Great Power cyber competition.
Before a standard encryption algorithm was established, securely communicating through diplomatic channels was extremely challenging. During the World Wars especially, countries needed to find ways to communicate messages overseas without enemy interference; this escalated a matter of national security to one with international, political, and military repercussions.[1] As a result, efforts to create more complex encryption methods were pursued.
Countries that have the ability to decrypt overseas communications are the ones that have the strategic edge amidst conflict. The Zimmerman Telegram is a prime example of the importance of having strong cryptographic capabilities. British allies decrypted a message revealing German intent to annex land from U.S. territory in 1914, which spurred the entrance of the United States into World War I.[2] In World War II, the United States and allied governments’ dedicated entire teams to the effort of decrypting enemy communications, working to understand and break Enigma, the advanced cipher machine used by Nazi Germany. When they finally did so, the resulting discoveries played a pivotal role in the Battle of the Atlantic, and ultimately contributed to the end of the war.[3]
Throughout these conflicts, control of communications was constantly changing hands between countries, proving that an understanding of cryptography can alter the outcome of military and political struggles. A country can gain and lose spies, enter a war and gain enough strategic edge to end it— all depending on its ability to protect its own communications and intercept those of the enemy.
During World War II, the German Enigma machine was notorious, but a powerful encryption method using One-Time Pads was also utilized. One-Time Pad encryption is basic (it doesn’t require anything but two pages of completely random digits), yet mathematically unbreakable.[4] The sender and receiver must share the same key, which is indicated through a short string of numbers at the beginning of a pad called a key indicator. If the key indicators match up, then the receiver can use the random digits on their pad to perform simple mathematical calculations that reveal the plaincode, which can be easily translated to the original plaintext.
An issue that arose with One-Time Pads is that there is no completely secure method to exchange keys. This impracticality led to strides in the innovation of other cryptographic methods, but it is worth noting that modern technological encryption techniques are only considered secure when they are up to the standard of One-Time Pads.[5]
After World War II and the consequent invention of computers, many modern technical forms of encryption were developed. Today, the most commonly used cryptographic method to secure communications is AES.[6] AES is a symmetric encryption protocol, meaning that it uses the same key to encrypt and decrypt data. It is the standard algorithm for protecting everyday personal identifiable information, like text messages and emails.
The National Institute of Standards and Technology (NIST) declared this method of encryption as the AES for the U.S. government in 2001, but it actually uses an encryption algorithm called Rijndael.[7] This method utilizes the abstract mathematical concept of Galois fields. These are sets of irreducible polynomials, or mathematical chains of prime numbers exponentiated by random integers, which are put through multiple operations including addition, subtraction, multiplication, and division.[8]
The simplified process of encrypting plaintext, or the message being sent, is described as follows: the key is generated through a defined key generation algorithm. This produces a unique key that can both encrypt and decrypt the plaintext through a multistage process. Off of this key, a round key is generated, which is used in each iteration (or round) in which the plaintext is transcribed through a set of abstract mathematical operations.[9]
Traditional computers are unable to factor prime numbers fast enough to ever be useful— it would take millions of years to break this encryption computationally.[10] It is incredibly strong and reliable, which is why AES has been adopted as the encryption standard of the United States and remained so for the past twenty years. In fact, the international community has relaxed security protocols surrounding diplomatic communications due to having such a continuous, reliable method of encrypting and transmitting information.[11]
The problem that is now surfacing, however, is the risk that tools like quantum computers pose to standard methods of encryption. As mentioned previously, encryption algorithms involve exponentiated prime numbers, and traditional computers are not able to factor these numbers fast enough to reliably crack the encryption. What makes quantum computers so groundbreaking is the amount of information that they can process, along with their unprecedented processing speed.[12] This means that once quantum computers are developed, whoever controls this technology will have the ability to break the world’s most universal, reliable encryption method to date.
This problem— which is both a technical and policy issue— leads to the question of what can be done to best protect international diplomatic communications. U.S. diplomatic communications can be kept secure using one of two options: First, the government can focus on revitalizing old, basic techniques. Second, the government can seek to stay ahead of the curve of current technologies, which is an option that may be more pertinent in this current time. By doing this, the United States will strengthen both its offensive and defensive capabilities in cyberspace, protect itself against espionage, and ensure its place in the ongoing Great Power cyber competition.
Returning back to basics could mean utilizing the reliable but perhaps less efficient One-Time Pad, which is completely unbreakable when used correctly. As noted earlier, the issue of securely distributing the key from the user to the receiver is the only real vulnerability of this method, which makes it less practical compared to methods like AES, where this process is digitized.[13] However, the United States could work on revitalizing this technique by digitizing keys and finding more secure ways to distribute them. This would keep them ahead of developing technologies, since One-Time Pads themselves are entirely random digits and therefore largely secure.
Focusing on the research and development of post-quantum cryptographic techniques on the other hand, is a sound investment in the country’s technological future, and would allow for the United States to remain in contention with its greatest peer competitors. China is the greatest threat in the race to develop quantum computers; they publicly announced the Jinan Project as of 2017, which is their concentrated effort in Jinan, China to harness quantum technology.[14] This March, China launched quantum satellites as a part of its quest to build up a national quantum communications network.[15] Even U.S. allies should be monitored in this race: France sent out its first post-quantum cryptographic diplomatic cable— a politically sensitive, encrypted message—as of December 2022.[16] Keeping up in this quantum contest is an increasingly important matter of U.S. national security.
Aside from keeping up technologically, the United States must also stay ahead of the curve in its policies. In France, policies have already been enacted surrounding the future use and development of post-quantum cryptography. Macron’s Quantum Plan of 2021 details that $1.8 billion in funding will eventually be funneled into developing quantum technology, with $150 million devoted to post-quantum cryptography solutions.[17] Despite the fact that quantum computers have not yet been successfully created, it is important for the U.S. government to set a precedent in cyberspace— especially in terms of technology that has the potential to shift the balance of great powers.
Fortunately, the White House Office of the National Cyber Director already has its eye on creating policies for post-quantum cryptography, as well as developing other quantum technologies. National Security Memorandum 10, released one year ago, explores the quantum future of the United States, and proposes ways to mitigate the cryptographic risks of quantum computing.[18] More recently, the Quantum Computing Cybersecurity Preparedness Act was signed into law in December 2022, which encourages “federal government agencies to adopt technology that will protect against quantum computing attacks” within six months following its enactment.[19] This is a positive step, and promises that new U.S. policies will be rolled out soon.
In addition to policy changes, the United States should explore public-private partnerships as it becomes more immersed in the development of quantum technologies. Partnering with the private sector can lend a great advantage to the U.S. government— in fact, a key attribute of great cyber powers is having developed public institutions to channel the innovation, energy, and funding of the private sector.[20] Further, the private sector has fewer regulations and restrictions, and they are not held to the same standards that governments are. In France, the country’s government has partnered with the industry startup CryptoNext Security in order to develop post-quantum cryptography solutions.[21] The U.S. government should seek to follow this example, and focus on fortifying these types of relationships in future legislation to strengthen U.S. technological capabilities.
There are several policy implications that come from the United States pursuing post-quantum cryptography solutions, whether it be through revitalizing basic encryption techniques or developing new quantum-resistant ones.
By having much greater technological prowess, the United States may be able to deter cyber criminals, nonstate actors, and small state actors from attempting to intercept U.S. diplomatic communications.[22] This would provide deterrence by denial, since smaller powers will likely not have the abilities to compete in the proliferation of quantum technology. Technology thus far has only exacerbated the current trends of Great Powers, meaning that the greatest threats will come from peer rivals like China and Russia.[23]
China threatens the United States not only in its technological developments with the Jinan Project, but also in its relentless mission for espionage. China has demonstrated both the will and ability to engage in espionage against the United States, including stealing economic, military and national security secrets.[24] Viewing quantum technology as protecting U.S. communications demonstrates the country’s potential defensive capabilities, but on the other hand, quantum will greatly improve national offensive capabilities as well. In a matter like espionage, having more advanced quantum technology earlier in the race than rivals like China will improve the U.S. government’s ability to collect information. If the United States stays ahead of the curve, it has the potential to gain a strategic edge in cyber espionage against China.
Additionally, following these technological and policy recommendations will ensure the place of the United States as a Great Power against China and other peer rivals. The United States is a leader technologically, politically, militaristically, and economically, and it is of utmost importance for it to remain ahead of its peers in such an emerging and prominent field as quantum.[25]
In conclusion, the development of quantum computers poses a technological and policy problem to U.S. cryptographic security. However, the U.S. government can mitigate this risk technologically by pursuing the research and development of post-quantum cryptography solutions, through either revitalizing the One-Time Pad or developing post-quantum encryption. Policy-wise, the government should update legislation and focus on public-private partnerships. These strategies will help the United States protect its diplomatic communications, but will also keep the country ahead of Great Power rivals, gain an edge in cyber espionage, and strengthen its overall cyber capabilities.
About the author
Jillian Talenda is a second year graduate student at George Washington University, pursuing her M.A. in International Affairs with a double concentration in International Security Studies and Science and Technology Policy. She received her B.A. from Brown University in 2022. Currently, she conducts technical research for the U.S. government on post-quantum cryptography.
Endnotes
Madsen, Wayne. 2019. “Diplomatic Security Should Return to Basics.” Strategic Culture Foundation, (July). https://www.opednews.com/articles/Diplomatic-Security-Should-by-Wayne-Madsen-Ambassador_Communications_Cyber-Security_Cyber-sabotage-190717-643.html.
Madsen.
Imperial War Museums. 2023. “How Alan Turing Cracked The Enigma Code.” Imperial War Museums. https://www.iwm.org.uk/history/how-alan-turing-cracked-the-enigma-code.
Rijmenants, Dirk. 2022. “The Complete Guide to Secure Communications with the One-Time Pad Cipher.” Cipher Machines & Cryptology 8 (February): 27. https://www.ciphermachinesandcryptology.com/en/onetimepad.htm.
Rijmenants.
Rimkienė, Rūta. 2022. “What is AES Encryption and How Does It Work?” Cybernews. https://cybernews.com/resources/what-is-aes-encryption/.
SafeHouse. 2021. “AES: How the Most Advanced Encryption Actually Works.” Medium. https://medium.com/codex/aes-how-the-most-advanced-encryption-actually-works-b6341c44edb9.
SafeHouse.
Rimkienė.
Michael J. Biercuk and Richard Fontaine, “The Leap into Quantum Technology: A Primer for National Security Professionals,” War on the Rocks (17 November 2017). https://warontherocks.com/2017/11/leap-quantum-technology-primer-national-security-professionals/.
Wayne.
Biercuk and Fontaine.
Rijmenants.
Norman, Abby. 2017. “China Set to Launch the World's First Quantum Communication Network.” Futurism. https://futurism.com/china-set-to-launch-the-worlds-first-quantum-communication-network.
Jones, Andrew. 2023. “China is developing a quantum communications satellite network.” SpaceNews. https://spacenews.com/china-is-developing-a-quantum-communications-satellite-network/.
Ministry for Europe and Foreign Affairs. 2022. “France transmits its first post-quantum cryptographic diplomatic message (1 Dec. 2022).” France Diplomacy. https://www.diplomatie.gouv.fr/en/the-ministry-and-its-network/news/2022/article/france-transmits-its-first-post-quantum-cryptographic-diplomatic-message-1-dec.
Ministry for Europe and Foreign Affairs.
The White House. 2022. “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” The White House. https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/04/national-security-memorandum-on-promoting-united-states-leadership-in-quantum-computing-while-mitigating-risks-to-vulnerable-cryptographic-systems/.
U.S. Government Publishing Office. 2022. “Text - H.R.7535 - 117th Congress (2021-2022): Quantum Computing Cybersecurity Preparedness Act.” Congress.gov. https://www.congress.gov/bill/117th-congress/house-bill/7535/text.
Adam Segal, Hacked World Order: How States Fight, Trade, Maneuver, and Manipulate in the Digital Age (New York: Public Affairs, 2016), pp. 27-49.
Ministry for Europe and Foreign Affairs.
Jacquelyn G. Schneider, “Deterrence in and Through Cyberspace,” in Jon R. Lindsay and Erik Gartzke, eds., Cross-Domain Deterrence: Strategy in an Era of Complexity (New York: Oxford University Press, 2019), pp. 95-120.
Cyber Capabilities and National Power: A Net Assessment (London: The International Institute for Strategic Studies, 2021).
Gary D. Brown, “Spying and Fighting in Cyberspace: What is Which?” Journal of National Security Law & Policy, Vol, 8 (2016), pp. 621-635.
Cyber Capabilities and National Power: A Net Assessment.