Outstanding Bitcoin developer Peter Todd alleged on Monday, October 6, that the US Nationwide Safety Company (NSA) is “trying to backdoor crypto once more” through the rollout of so-called quantum-secure algorithms—this time by pushing deployments that exclude tried-and-tested classical cryptography.
“Tl;dr: the NSA is clearly trying to backdoor crypto once more with the rollout of “quantum safe” algorithms. The apparent technique to implement them is AND: conventional AND quantum safe. So it’s essential break each. The NSA is making an attempt to take away that seatbelt: quantum-only,” Todd wrote.
Is The NSA Plotting A Quantum Backdoor Into Bitcoin?
Todd’s feedback got here as cryptographer Daniel J. Bernstein (DJB) revealed a pair of weblog posts—on October 4 and 5—criticizing present Web Engineering Job Drive (IETF) processes and warning that “weakened cryptography” may very well be standardized by procedural adjustments that suppress dissent.
In “MODPOD: The collapse of IETF’s protections for dissent,” Bernstein argues {that a} new moderation framework allows content-based censorship of objections, together with objections to eliminating “hybrid” deployments that mix classical and post-quantum schemes. He provides there may be “helpful motion” stakeholders can take by Tuesday, October 7 to oppose these adjustments.
On the coronary heart of the dispute is whether or not migrations to post-quantum cryptography (PQC) ought to favor hybrid combos—e.g., classical ECDH and PQ key encapsulation—fairly than quantum-only switches. Hybrids hedge the unknowns of newly standardized PQC by requiring an attacker to interrupt each elements to compromise a session or signature. The IETF formalized the time period “hybrid” in June 2025 (RFC 9794), and NIST’s personal steering and FAQs likewise describe and permit hybrid key-establishment modes throughout transition. That context underpins Todd’s declare that pushing “quantum-only” is a harmful deviation from greatest observe.
Bernstein’s companion submit on October 4 particulars real-world hybrid deployments—Google’s CECPQ1/2 experiments (ECC+NewHope, ECC+NTRU, ECC+SIKE), multi-vendor SSH help for ECC+sntrup761, and immediately’s browser utilization dominated by ECC+ML-KEM (Kyber)—as proof that hybridization is already mainstream and operationally possible at Web scale. The submit argues that eliminating hybrids would decrease security margins exactly when new PQC remains to be maturing.
NIST, for its half, has led the worldwide PQC program since 2016 and in August 2024 finalized requirements for ML-KEM (Kyber) and two signature schemes (ML-DSA/Dilithium and SLH-DSA/SPHINCS+), with further algorithms resembling HQC chosen in 2025. All through its supplies, NIST acknowledges hybrid modes as authentic transition mechanisms and has hosted devoted workshops on KEM steering—positions that lower towards a blanket “quantum-only” mandate.
Why this issues for Bitcoin and broader crypto is twofold. First, Bitcoin’s ecosystem depends closely on standardized primitives and community protocols—hashes, signatures, handshakes—whose evolution is formed by NIST and IETF outputs even when implementation happens in open-source codebases. Second, Todd grounds his warning in historical past: the NSA’s alleged position within the Dual_EC_DRBG fiasco 20 years in the past, the place a NIST-endorsed random quantity generator was later withdrawn amid credible backdoor considerations, together with studies that RSA made it the default in its toolkit following a secret cost. “Endorsement of backdoored crypto has occurred earlier than on the behest of the NSA,” Todd wrote, including “It’s not a theoretical threat. They’re clearly gearing as much as do it once more.”
There’s, nevertheless, no public proof that the NSA is at present inserting a selected backdoor into NIST’s PQC requirements or IETF drafts. NIST continues to publish open steering, workshops, and public remark processes round PQC, together with express documentation of hybrid approaches. Developer Fudmottin (@Fudmottin) objected to Todd: “If NIST endorsed cryptographic algorithms resembling SHA-256 prove to have again doorways or a weak spot, then NIST is finished. Nobody will even ask them in regards to the time of day (sure, NIST retains that commonplace for the USA).”
The fast name to motion comes from Bernstein’s posts urging stakeholders to interact IETF mechanisms by Tuesday, October 7 (any time zone) to object to MODPOD-style moderation and to defend hybrid cryptography because the default transition path. Todd’s amplification into the Bitcoin neighborhood underscores a longstanding distrust of intelligence-led cryptographic coverage—formed by Dual_EC and different episodes—and a need to maintain consensus-critical programs insulated from requirements that will weaken defense-in-depth.
At press time, Bitcoin traded at $134,545.
Featured picture created with DALL.E, chart from TradingView.com
Editorial Course of for bitcoinist is centered on delivering totally researched, correct, and unbiased content material. We uphold strict sourcing requirements, and every web page undergoes diligent evaluation by our workforce of prime expertise consultants and seasoned editors. This course of ensures the integrity, relevance, and worth of our content material for our readers.