Summary
CRYPTOGRAPHY AND THE INTELLIGENCE COMMUNITY
Encryption is a process for making information unreadable by an adversary who does not possess a specific key that is required to make the encrypted information readable. The inverse process, making information that has been encrypted readable, is referred to as decryption. Encryption and decryption are facets of a broad scientific field referred to as cryptography.1 (See Box S.1 for definitions.2) For most of recorded history, encryption was an arcane process used primarily by governments, the military, and a few commercial organizations that sought to protect their communications from disclosure.3 Today, cryptography has become widespread and is used by private as well as governmental actors. It also enables authentication (verifying the identities of people, software, and the origins of transactions), and underlies the safe use of the Internet and computer systems by individuals and organizations worldwide. Emerging cryptographic technologies offer capabilities such as the ability to process encrypted information without first decrypting it. Cryptography is a complex and specialized subject: Chapter 2 of the body of this report introduces aspects of cryptography for readers who are not familiar with it, and the National Institute of Standards and Technology’s (NIST’s) glossary is a useful reference.4
The U.S. Intelligence Community, like intelligence organizations worldwide, uses encryption to protect sensitive information from unauthorized disclosure or modification, and it also has to decrypt encrypted information that it collects as part of its mission. The protective use of encryption is referred to as “defensive” and the task of defeating encryption as “offensive.” The defensive role of the U.S. Intelligence Community extends to setting standards and/or creating systems for the encryption of classified U.S. national security information and advising on the creation of standards for the encryption of unclassified government and private sector information. The offensive role involves the collection of intelligence about the activities of governments and non-state actors that pose a potential threat to the interests of the United States.
The Office of the Director of National Intelligence (ODNI) requested that the National Academies of Sciences, Engineering, and Medicine establish a committee to identify potential scenarios that would describe the
___________________
1 D. Boneh and V. Shoup, 2020, “A Graduate Course in Applied Cryptography,” Version 0.5, January, http://toc.cryptobook.us.
2 J. Katz and Y. Lindell, 2021, Introduction to Modern Cryptography, Boca Raton, FL: Chapman & Hall/CRC Press, Taylor & Francis Group.
3 D. Khan, 1967, The Codebreakers: The Story of Secret Writing, New York: Macmillan.
4 National Institute of Standards and Technology (NIST), 2019, Glossary of Key Information Security Terms, NISTIR 7298 Revision 3, https://nvlpubs.nist.gov/nistpubs/ir/2019/NIST.IR.7298r3.pdf.
balance between encryption and decryption over the next 10 to 20 years and to assess the national security and intelligence implications of each scenario. The committee’s objective is to identify the range of possible developments and their implications, and to provide the Intelligence Community with guidance on ways of identifying which future scenarios are most likely to emerge so that the Intelligence Community and the U.S. government as a whole can respond to and take advantage of these changes. Given the wide range of possible futures, the report does not attempt to predict what specific developments will occur or become dominant over the next 10 to 20 years or specifically when those developments might occur.
The committee’s work dealt only with cryptographic systems and technologies described by public sources and did not involve access to classified information. Given that governments and national security organizations worldwide are major users of commercial and public systems (including their security mechanisms), dealing with these systems and technologies is a significant consideration and challenge for the Intelligence Community.
TRENDS AND MOTIVATIONS
The committee’s work is well motivated by the importance of cryptography to the Intelligence Community and by the scope and variety of encryption-related changes in government policies and commercial technology. However, one technical issue stands out as a particular motivator—the potential development of quantum computers—computational systems that would rely on phenomena of quantum physics to perform computation in a fundamentally different way from the computers that have been built since the 1940s. Research results5 have shown that a sufficiently large-scale working quantum computer could be programmed to defeat current asymmetric6 (or public-key) encryption systems that are fundamental to the security of the Internet.7,8
Researchers, governments, and industry are well aware of the potential impact of quantum computers, and work is under way to identify, standardize, and implement “post-quantum” asymmetric encryption systems that are believed not to be subject to attack by a quantum computer.9 However, the transition from current encryption systems to post-quantum encryption systems will require the replacement of a vast amount of software and some hardware that is fundamental to the operation of Internet-connected computer systems. The potential impact of quantum computers and the implications of the transition to post-quantum encryption systems were major subjects of the committee’s work.
IDENTIFYING SCENARIOS TO DESCRIBE THE FUTURE OF ENCRYPTION
The statement of task (see Appendix A) requires the committee to identify scenarios for the future of encryption and potential areas of technology surprise. Alternative scenarios result from combinations of technical and other “drivers” that influence the direction of technology as well as the decisions and actions of individuals and governments.
To identify scenarios of interest to the Intelligence Community, the committee used a mix of approaches commonly found in the work of futurists, strategic foresight firms, and academic researchers. The committee first identified technical and non-technical drivers whose possible future states are important to the future of encryption. The committee then used combinations of the extreme endpoint values of those future states to define potential
___________________
5 P.W. Shor, 1997, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Journal on Computing 26(5):1484–1509, https://doi.org/10.1137/s0097539795293172.
6 Unlike encryption systems whose origins go back millennia, asymmetric encryption systems apply a public key that can be shared widely to encrypt information, and a separate private key, related to the public key by a hard-to-solve mathematical problem, to decrypt information. Most websites and services on the Internet rely on asymmetric encryption to achieve user authentication and data protection.
7 S. Goldwasser and S. Micali, 1984, Probabilistic encryption, Journal of Computer and System Sciences 28(2):270–299, https://doi.org/10.1016/0022-0000(84)90070-9.
8 National Academies of Sciences, Engineering, and Medicine, 2019, Quantum Computing: Progress and Prospects, Washington, DC: The National Academies Press, https://doi.org/10.17226/25196.
9 NIST, “Post-Quantum Cryptography,” Computer Security Resource Center, Information Technology Laboratory, https://csrc.nist.gov/projects/post-quantum-cryptography, accessed October 12, 2021.
scenarios. This report focuses on the potential scenarios that the committee determined to be most informative and to cover the broadest range of plausible futures. Once those potential scenarios had been identified, the committee assessed their implications for the Intelligence Community and considered potential actions in response to each selected scenario.
DRIVERS AND SCENARIOS
The Intelligence Community confronts a future of encryption that will result from developments that span technology, the dynamics of society and policy, and the marketplace. Specific technical breakthroughs may have significant impact on the effectiveness of encryption or on intelligence organizations’ abilities to defeat encryption or both. The ability and willingness of organizations to trust allied governments and their own employees will also have a significant impact. Last, organizations’ ability and willingness to create and operate robust, reliable products will also affect the effectiveness of the encryption and decryption capabilities upon which the Intelligence Community relies.
The committee identified three major drivers that it believes will greatly influence the future of encryption over the next 10 to 20 years:
- Scientific Advances: The emergence of new theoretical breakthroughs or significant technologies that affect cryptography. The creation of a large-scale quantum computer might be one such advance. Others include new mathematical attacks on asymmetric encryption, advances that enable efficient computation on encrypted data, and technologies that use quantum properties for encryption. The endpoints of the state of future scientific advances could be either predictable or disruptive.
- Society and Governance: The policies, politics, and points of view that influence the way cryptography is used and the way that individuals and organizations apply and manage it. The actions of governments could bear heavily on the future use of cryptography: government commitments to protect their citizens’ privacy might be implemented by requiring that all personal information about citizens be encrypted and/or processed only in encrypted form. Governments might also try to enforce restrictions on citizens’ use of encryption. Or governments might withdraw from intelligence-sharing agreements with other nations that have historically supported offensive attacks on adversaries’ encryption. Individuals’ trust and confidence in their own governments might also erode, leading citizens to seek encryption solutions that would protect their information from their own governments or making it difficult for governments to find trustworthy people to create, operate, and manage their encryption systems. The two endpoints of the future of society and governance could be either global or fragmented.
- Systems: The soundness of the products and technology that implement, embed, or support encryption. Products and network protocols that incorporate encryption could be correct, reliable, and “bug free,” or they could be laden with design and implementation errors that require constant patching and that would undermine security, even if the mathematical theories underlying the basic encryption mechanisms are sound. For example, developers might integrate otherwise sound cryptographic building blocks in a way that makes a final system insecure, or they might create software that fails to protect encryption keys. At the endpoints, future cryptographic systems could be either mature or chaotic.
SCENARIOS FOR THE FUTURE OF ENCRYPTION
As noted above, the committee considered the two endpoints for each of the three drivers. Although no actual future will manifest precisely according to the outcome represented by any of the combinations of endpoints, focusing on these extremes enabled the committee to explore plausible outcomes and their potential impacts. Focusing on attributes of the endpoints will also enable the Intelligence Community to identify, calibrate, and evaluate the observable trends that are shaping the future of encryption.
Taken together, the combinations of the endpoints of the three drivers define eight possible scenarios for the future of encryption.10 The committee selected three of those eight for in-depth exploration based on the objectives of covering especially plausible futures and of exploring scenarios that resulted in the most challenges and opportunities for the Intelligence Community. These chosen scenarios, the endpoint descriptions of their associated drivers, and brief descriptions of each scenario are included in Table S.1.
TABLE S.1 Scenario Descriptions
| Scenario Title | Driver Endpoints | Highlight |
|---|---|---|
| A Brave and Expensive New World |  |
A breakthrough in quantum computing is balanced with more secure systems and software and an orderly transition to post-quantum encryption. |
| Scenario Description | ||
|
This scenario posits that a breakthrough in quantum computing is offset by an orderly transition to post-quantum encryption and other emerging cryptographic techniques, because of earlier investments in systems and cybersecurity. Overall, the balance now favors defense. However, the global political picture remains fragmented. The bottom line for the Intelligence Community is that offensive cryptography efforts have become more difficult, and the alliance structure that is a major plus for U.S. intelligence is less reliable and more fluid. In this scenario, a major issue for U.S. intelligence will be its ability to discern, far enough in advance, the development of a reliable, large-scale quantum computer. This is of crucial importance to this scenario, which posits the development of more secure systems because governments and the private sector take seriously the need for improved cybersecurity and invest in the development and deployment of much more robust systems. Even if such a quantum computing breakthrough did not occur, there are obvious benefits in enhanced systems and cybersecurity. If these steps are taken early enough and on a wide basis, then the transition to a post-quantum world would be orderly. It will be important for U.S. intelligence to be able to discern in advance the development of a reliable large-scale quantum computer both to ensure that progress toward post-quantum encryption is sufficient for defensive purposes and to assess potential offensive opportunities. International relations in this scenario fragment into a small number of blocs composed of a few major powers (the United States, the European Union, China) and a large number of dependent powers that, for the most part, rely on a major power for economic, technological, and defense support. Technology and encryption are similarly fragmented, with blocs sharing common approaches to encryption and inter-bloc communications relying on weak “least common denominator” encryption. Within blocs, government surveillance is the norm, although some governments and some private companies use new capabilities for processing encrypted data to protect sensitive processing. |
||
| Scenario Title | Driver Endpoints | Highlight |
|---|---|---|
| The Known World, Only More So |  |
With no major breakthroughs and a continued lack of focus on systems and security, breaches remain common; meanwhile, the slow pace of technology change has allowed emerging competitors the chance to “catch up.” |
| Scenario Description | ||
|
This scenario posits that there are no major breakthroughs regarding a quantum computer, as well as a continued lack of focus on systems and security. Therefore, system breaches remain common. Also, the slow pace of technology change has allowed emerging competitors the chance to “catch up.” The overall balance continues to favor offense. The key issue under this scenario for U.S. intelligence is the broadening of the threat. Already the world is one in which many states and a growing number of non-state actors pose threats to U.S. and allied interests. These threats will likely increase in number and severity in this scenario, potentially compounded by weakening of traditional alliances and partnerships. At the same time, a world of this sort remains a “target rich” environment for U.S. intelligence collection efforts. The constantly growing Internet of Things (IoT) also adds to this threat and to the opportunity. There is also the question of what tools, if any, the Intelligence Community should develop to respond to/retaliate against such attacks. Policies and decisions to do so belong to the policy community, but the Intelligence Community should be prepared to offer a range of responsive options. Success in this scenario requires a very serious assessment of U.S.—meaning government at all levels and the private sector—vulnerabilities, in order to take steps to ameliorate or eliminate them. Given that this is the largely known world at present, it may be difficult to motivate people and organizations to make changes that appear to be expensive and time consuming for perhaps modest gains in security. Private sector firms may also be wary, if not suspicious, about government efforts to foster changes. The measures in the Biden administration’s executive order are largely voluntary. Legislation may be necessary (like seat belt and speed limit laws) to foster real change. The Intelligence Community could be asked to give advice as to what measures are needed, although this sort of participation by U.S. intelligence is likely to foster greater suspicion about backdoors or other means of great government intrusion. Engaging the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) in the discussion might make recommendations more broadly acceptable and allay some of these concerns about intrusion. |
||
___________________
10 See Appendix C for a summary of the eight possible scenarios.
| Scenario Title | Driver Endpoints | Highlight |
|---|---|---|
| Colony Collapse |  |
A breakthrough in factoring and a lack of focus on cryptographic systems and security puts information at risk. Despite advances in computing on encrypted data, public trust remains low. |
| Scenario Description | ||
|
This scenario posits a breakthrough in the form of a new classical factoring algorithm. Such a breakthrough would render the public key encryption algorithms currently relied on more easily attacked with much less effort than today, including by conventional computers. In this case, there would be much less need for a quantum computer. A roomful of powerful servers might be sufficient. Compared to a quantum computing breakthrough, a factoring breakthrough would probably have less advance notice, be easier to keep secret, and be attainable by more countries. In addition, a lack of focus on systems and security puts information at risk in this scenario. Despite advances in computing on encrypted data, trust remains low. This suggests, overall, a much more chaotic world combined with, as in the other scenarios, a more fragmented world politically. In this scenario, the Intelligence Community has to be on the lookout for a breakthrough that will be less easily discerned and more easily hidden than a large-scale quantum computer. Such a breakthrough could come via the efforts of a government or from academic cryptographic researchers. In either case, there might not be advance notice that such a breakthrough was about to occur or had occurred. Experts will debate the likelihood of such a factoring breakthrough, but it seems prudent to ask what would happen should it occur and what steps would need to be taken at that point. As in the other scenarios, much would depend on the ability of the U.S. government to mobilize the private sector to take the necessary steps as well. As with the other scenarios, international fragmentation—of technical standards as well as governmental relations—complicates the challenges for the Intelligence Community. Many governments react to internal tensions and fragmentation by weakening or imposing limits on the use of encryption, further facilitating attacks on encryption. In some respects, the results in this scenario are potentially more widespread and more dangerous than in the other two scenarios, giving added urgency to examinations of the likelihood and consequences of this breakthrough happening. |
||
COMMON TRENDS AND KEY FINDINGS
As directed by the statement of task, the committee identified trends that are common across some or all scenarios and potential responses to those trends. This report documents these trends in findings that identify risks, opportunities, and actions. Attention to the findings should enable the Intelligence Community to prepare for the future and to recognize emerging trends and developments and respond appropriately. Chapter 7 enumerates the full set of findings, risks, opportunities, and actions.
This section presents several key findings that result from overarching considerations and trends. These considerations and trends span most or all scenarios and are especially important to the future that the Intelligence Community and society will likely face.
Chaotic Systems Are Likely to Undermine the Security of Encryption
The wide dependence of governments, companies, and individuals on commercial information-technology products amplifies the importance of those products’ implementation and applications of encryption. This dependence is reflected in the Systems Driver.
Today, the state of the Systems Driver is chaotic. Vulnerabilities, bugs, and other errors are frequent. Those errors can often enable attackers to bypass or undermine encryption.11,12 Such vulnerabilities have been reported in
___________________
11 D. Bleichenbacher, 1998, “Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1,” pp. 1–12 in Advances in Cryptology—CRYPTO ‘98, https://doi.org/10.1007/bfb0055716.
12 R. Cramer and V. Shoup, 1998, “A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack,” pp. 13–25 in Advances in Cryptology—CRYPTO ‘98, https://doi.org/10.1007/bfb0055717.
hardware and in both commercial and open source cryptographic software and can compromise the confidentiality and/or integrity of information.13,14
The transition to post-quantum encryption will be delayed by chaotic systems, and when the transition is complete, chaotic systems may have made the resulting products less trustworthy. To the extent that this situation does not change—and in the committee’s view there is little reason for optimism—it has an extremely significant effect in enabling offense (attacking cryptography) to prevail over defense. In other words, breaking systems will be easier than protecting them.
It is possible that some countries, vendors, or open-source projects could achieve mature systems while others do not, but the market has not historically been kind to products or companies that prioritized security over performance, usability, and time to market. In response to this situation, a recent U.S. government executive order seeks to push vendors to create more mature systems, but it is far too soon to predict its impact.
Key Findings
FINDING 4.8: In every scenario, bugs in software and other issues outside the underlying cryptographic algorithms and protocols are the weakest links in security.15
FINDING 4.9: Communications and storage depend on a software stack: hypervisor (a program that allows a computer to run several operating systems simultaneously), operating system, libraries, and application. While quantum computers or mathematical advances are important research topics, bugs or operational mistakes in this stack are the biggest source of system insecurity. Exploiting these errors is, and likely will remain, the biggest opportunity for offense, and minimizing them the highest priority for defense and risk management.
FINDING 4.13: The complexity of the transition to post-quantum cryptography will likely introduce a range of new security vulnerabilities.
FINDING 4.15: 5G may introduce a number of new systems issues in practice, owing to both complex new suites of software and operator inexperience in distributed cloud environments.
FINDING 4.16: Many Internet of Things (IoT) components are poorly secured and easy to subvert, with an extremely wide range of consequences that are difficult to predict but potentially very high impact for the Intelligence Community and broader society. Because IoT will likely bring significant improvements to many aspects of life, however, more money and energy may be devoted to securing such devices going forward.
Fragmented Society and Governance Are Likely to Degrade the Security of Systems and Organizations That Rely on Encryption
The breakdown of international cooperation that is likely to follow from fragmented society and governance will have significant effects on the trustworthiness and effectiveness of encryption. The recent Global Trends report produced by the National Intelligence Council, released as the committee finalized its work, depicts scenarios that are almost all fragmented.16 The committee found that distrust among nations and groups, and the breakdown of national alliances, will lead to wider use of cryptography, less sharing of information (and, in particular, less
___________________
13 C. Cimpanu, 2020, “Microsoft Fixes Windows Crypto Bug Reported by the NSA,” ZDNet, January 14, https://www.zdnet.com/article/microsoft-fixes-windows-crypto-bug-reported-by-the-nsa.
14 Wikipedia, 2021, “Heartbleed,” Wikimedia Foundation, July 10, https://en.wikipedia.org/wiki/Heartbleed.
15 T. Armerding, 2016, “The OPM Breach Report: A Long Time Coming,” CSO Online, October 13, https://www.csoonline.com/article/3130682/the-opm-breach-report-a-long-time-coming.html.
16 The Global Trends 2040 report (National Intelligence Council, 2021, Global Trends 2040: A More Contested World, Office of the Director of National Intelligence, March, https://www.dni.gov/index.php/gt2040-home) is summarized in Appendix D.
sharing of intelligence), and the proliferation of a variety of exclusive national post-quantum encryption standards. Many of these trends are likely to make the offensive task more challenging.
Fragmented society and governance will also affect citizens’ trust in and loyalty to their governments. Degradation in trust and loyalty favors offense, making potential targets of those individuals who are trusted with access to cryptographic systems, mechanisms, and keys. The potential introduction of law enforcement access mandates intended to defeat encryption under specific circumstances is a double-edged sword. It may provide law enforcement agencies with expanded access (an offensive advantage) but has been criticized by many in the technical community because of the likelihood that it will introduce a defensive weakness in the form of a target for adversaries who would seek to use the available law enforcement access mechanisms in unauthorized and unintended ways.
Key Finding
FINDING 4.6: Governmental regulation, for better or worse, of communications technology may lead to fragmentation on national lines. National security concerns have the effect, whether specifically intended or not, of creating competing national technologies—by limiting the exports of sensitive technology or by curtailing imports of equipment that may permit surreptitious surveillance by a foreign manufacturer or its government. Potent forces are present, for both beneficial and malicious reasons that could predispose the global arrangement toward individual nationalistic or regional solutions to issues bearing on encryption. In many countries, there is growing support for “digital sovereignty,” a term that can mean various things ranging from having regulatory decisions made nationally instead of by Silicon Valley, and support for protectionist trade policies, to segmenting the Internet by blocking communications with other countries. In addition, national regulations to promote online competition, enhance cybersecurity, curtail hate speech, and protect citizens’ data privacy might well vary significantly around the globe and even in geopolitical regions where there might otherwise be commonality. A rise in citizens’ mistrust of governments (especially in the area of surveillance) might lead to a corresponding growth in the use of encrypted communications (both to avoid government surveillance and in response to general privacy concerns). Moreover, individual countries or blocs of like-minded countries might impose (or continue to impose) substantive communications content requirements enabled by technological distinctions at national levels, including, for example, banning or discouraging end-to-end encryption (so as to permit government surveillance), or mandating a variety of governmental access to otherwise encrypted communications (perhaps through required turnover of encryption keys to authorities or insisting on the use of specified encryption schemes).
Addressing the Challenges Posed by Encryption Requires Technical Talent That Is in Short Supply
It is a truism in the technology industry that cybersecurity talent is in short supply. Both government and industry are pursuing initiatives aimed at enlarging the pool of cybersecurity talent and filling hundreds of thousands or millions of openings.17,18 The initiatives that make headlines are broad, focusing on roles ranging from system administrators to incident response personnel to software developers. But the need for talent also applies to the smaller and more highly trained populations of engineers who create secure software and systems and the researchers who develop and analyze new encryption algorithms and protocols. Addressing this need for talent will be a major challenge for the United States in the decades to come. While the Internet has enabled broader dissemination of knowledge about cryptography and security, the high-level research training and careers required to understand and contribute to the state of the art require real investment in research infrastructure from government and industry.
___________________
17 D. Santos, 2021, “National Initiative for Cybersecurity Education (NICE),” National Institute of Standards and Technology, December 3, https://www.nist.gov/itl/applied-cybersecurity/nice.
18 A. Counts, 2021, “Microsoft Wants 250,000 More Workers in Cybersecurity.” Protocol—The People, Power and Politics of Tech, October 29, https://www.protocol.com/bulletins/microsoft-cybersecurity-talent-shortage.
Key Findings
FINDING 4.1: Most of the current public scientific expertise in algorithm design, cryptanalysis, and other areas of applied cryptography is outside the United States, largely in Europe. In contrast, within the United States, cryptography is taught as an area of theoretical computer science. The specific areas of expertise necessary to guide and facilitate the transition to post-quantum cryptography are relatively new and will require a more robust educational pipeline to train new talent.19 Public research investment, through the National Science Foundation and other organizations, would encourage this process, while strict U.S. export control regulations have historically discouraged talent from locating in the United States.
FINDING 4.10: The United States needs far more data security expertise than is currently available, and these needs are growing substantially. The failure to meet these needs could have significant and widespread ramifications both for national security and the private sector. All software developers and computer scientists require basic competence in computer security. In addition, a growing number of people will require deep expertise in security. The required skills are not easy to teach, as students need both security-focused knowledge and a deep technical knowledge across multiple subjects and layers of abstraction. If the U.S. educational system does not meet these needs, or if the United States becomes a less attractive destination for students, researchers, and entrepreneurs born in other countries, the shortage will be much worse. Technological changes may rapidly increase demand for rare skills or may reduce demand by enabling tasks that currently require exceptionally skilled individuals to be performed by a broader range of people.
A Mathematical Breakthrough Could Threaten Current Encryption Algorithms
As discussed above, much of the current concern about the future of encryption has been motivated by the potential for development of working, large-scale quantum computers. The findings in this report discuss approaches to detecting progress toward an adversary’s use of quantum computers. However, a disruptive breakthrough in mathematics that would improve the performance of conventional computers on specific problems relevant to decryption (such as factoring and discrete logarithms) would be much less costly and visible than the construction of a quantum computer and could provide significant offensive advantage.
Key Findings
FINDING 4.2: An improvement in asymmetric cryptanalysis algorithms could have a significant effect on the security of public key encryption algorithms that are in wide use today. Such an improvement would enable more efficient attacks on encrypted information using conventional computers rather than requiring the construction of a quantum computer. Furthermore, it could potentially be exploited in secret and with little or no advance notice.
FINDING 4.14: A new classical cryptanalysis algorithm or quantum computing development could result in rushed and disorganized efforts to replace widely used public key algorithms or other cryptographic standards. Such a breakthrough would require mitigation efforts that would be more complex than fixing typical software bugs, such as the coordinated deployment of major protocol updates across implementations and services.
The Lead of the Intelligence Community in Encryption Is Diminishing
The United States, and U.S. intelligence, have long been leaders in encryption and related areas, relative to foreign adversaries. As a result, in the absence of significantly increasing technical challenges that threatened to
___________________
19 To understand the cryptographic landscape, one must receive a Ph.D. in cryptography with at least 3–5 years of highly specialized training in graduate school. Even though the information is freely available on the Internet, the sheer volume of information and high degree of specialization means that without hands-on advising, it is nearly impossible to learn the skillset necessary to become proficient in cryptography.
thwart its mission, the Intelligence Community had the luxury of continuing its relative superiority in this area. But the days of this superiority appear to be drawing to an end.
Key Finding
FINDING 6.1: With more adversary nations (especially China) seeking and making advances in encryption and as academic researchers (especially in Europe) continue to invest in cryptography and advance the theory and practice of encryption, the advantage that the Intelligence Community enjoyed in this area will diminish if not disappear.
Computing on Encrypted Data Has the Potential to Improve Security and Privacy for Individuals and Organizations
Historically, information had to be decrypted before it could be processed on computer systems. While decrypted, the information was a potential target for cyberattacks and subject to potential misuse by authorized system users. In recent years, there have been significant advances in algorithms that enable some kinds of processing of information without requiring that the information be decrypted. Computation on encrypted data at scale has the potential to enhance the sharing of intelligence products and enable intelligence activities that better protect individuals’ privacy.
Key Finding
FINDING 2.4: The research community continues to make improvements in the technology of computation on encrypted data. Such improvements can be expected to enable new ways of securely sharing both government and private-sector information.
