Neal Koblitz and Alfred J. Menezes have just released an update to their paper reading into the NSA’s public anticipation of quantum cryptography.

In August, the NSA released a major policy statement on the need for a post-quantum cryptography. Careful readers noticed this paragraph:

For those partners and vendors that have not yet made the transition to Suite B algorithms [41], we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition…. Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy.

Koblitz and Menezes’ highly readable open source article uses this announcement as a jumping off point for an interesting and insightful look into the NSA’s evaluation of contemporary cryptography. Along the way, they detail the NSA’s history with contemporary elliptical curve cryptography (ECC)  and propose a number of theories of what the NSA might be anticipating.

Image: NSA Headquarters, Fort Meade, Maryland.