Daniel J. Bernstein, a cryptologist and computer science professor, has accused the National Security Agency (NSA) of attempting to undermine post-quantum cryptography (PQ) standards by pushing for the elimination of hybrid encryption systems. Bernstein highlights the NSA and its UK counterpart, GCHQ, as seeking to shift the focus away from dual encryption (traditional ECC+PQ) to solely PQ, which he argues could compromise security due to past vulnerabilities in PQ algorithms. He emphasizes the importance of hybrid systems and criticizes the National Institute of Standards and Technology (NIST) for its role in shaping these standards.
Bernstein also points out that the NSA has been repeatedly advocating for the weakening of hybrid systems, claiming it to be a beneficial approach. In June 2024, NSA official William Layton stated that the agency does not anticipate supporting hybrid encryption in national security systems. This has been met with resistance from industry players, such as Cisco, which recently chose to implement non-hybrid cryptography due to customer demand.
Bernstein is concerned about how the Internet Engineering Task Force (IETF) handled the adoption of non-hybrid encryption for TLS, noting that the decision process did not reflect a broad consensus. He argues that the IETF’s failure to adequately address objections undermines the integrity of the standardization process and could have significant implications for global cybersecurity. In his blog posts, Bernstein has detailed his concerns and filed a formal complaint regarding the claim of consensus in the IETF’s decision-making process.