The NSA’s Information Assurance Directorate left many people scratching their heads in the winter
of 2015. The directive instructed those that follow its guidelines to postpone moving from RSA
cryptography to elliptic curve cryptography (ECC) if they hadn’t already done so.
“For those partners and vendors that have not yet made the transition to Suite B elliptic curve
algorithms, we recommend not making a significant expenditure to do so at this point but instead to
prepare for the upcoming quantum-resistant algorithm transition.”
The timing of the announcement was curious. Many in the crypto community wondered if there had been
a quantum computing breakthrough significant enough to warrant the NSA’s concern. A likely candidate
for such a breakthrough came from the University of New South Wales, Australia, where researchers
announced that they’d achieved quantum effects in silicon, which would be a massive jump forward for
Since then, the crypto community has been trying to prepare for the transition to “quantum-resistant”
algorithms—that is, algorithms that are secure against an attack by a quantum computer. Let’s look at
some of the likely candidates for those algorithms and how they’ll be fitted into the Transport Layer
Security (TLS) protocol that we all use today with HTTPS.