Prominent Bitcoin developer Peter Todd has accused the U.S. National Security Agency (NSA) of attempting to “backdoor crypto again” through the introduction of so-called quantum-secure algorithms that could exclude traditional cryptographic safeguards.
“Tl;dr: the NSA is clearly looking to backdoor crypto again with the rollout of ‘quantum secure’ algorithms. The obvious way to implement them is AND: traditional AND quantum secure. So you need to break both. The NSA is trying to remove that seatbelt: quantum-only,” Todd posted on X.
His remarks followed a series of blog posts by cryptographer Daniel J. Bernstein (DJB) on October 4 and 5, warning that procedural shifts within the Internet Engineering Task Force (IETF) could lead to the standardization of “weakened cryptography.” Bernstein argued that a new moderation framework—outlined in “MODPOD: The collapse of IETF’s protections for dissent”—might silence critical feedback, including objections to removing hybrid cryptographic models that combine classical and post-quantum methods.
The debate centers on whether post-quantum cryptography (PQC) should transition via hybrid mechanisms—using both classical encryption (like ECDH) and PQ algorithms—or move directly to “quantum-only” systems. Hybrid models offer added protection by requiring attackers to compromise both components. The IETF formalized “hybrid” as a standard concept in June 2025 (RFC 9794), and NIST has similarly supported hybrid key exchange as part of its transition guidance.
Bernstein’s companion post also cited real-world hybrid implementations such as Google’s CECPQ1/2 trials, multi-vendor SSH support, and current browser deployments of ECC+ML-KEM (Kyber)—evidence that hybrid cryptography is already functional at Internet scale. Removing hybrids, he warned, could reduce security precisely when new PQC schemes are still being validated.
Since 2016, NIST has led the global PQC initiative and, as of August 2024, finalized standards for ML-KEM (Kyber) and signature schemes ML-DSA (Dilithium) and SLH-DSA (SPHINCS+), with HQC to follow in 2025. NIST documentation continues to recognize hybrid deployments as legitimate transitional tools, contrasting with an all-quantum-only mandate.
For Bitcoin and the wider crypto ecosystem, this discussion holds particular importance. Bitcoin’s infrastructure depends on standardized cryptographic primitives and protocols shaped by NIST and IETF outputs—even when integrated via open-source implementations. Todd’s concerns echo historic distrust stemming from the Dual_EC_DRBG controversy two decades ago, when an NSA-linked random number generator was withdrawn after allegations of a hidden backdoor.
“Endorsement of backdoored crypto has happened before at the behest of the NSA,” Todd wrote. “It’s not a theoretical risk. They’re clearly gearing up to do it again.”
However, there is no public evidence suggesting the NSA is currently inserting a backdoor into NIST’s PQC or IETF standards. NIST maintains open documentation, public workshops, and community feedback mechanisms supporting hybrid cryptography. Developer Fudmottin (@Fudmottin) countered Todd’s claims, saying: “If NIST endorsed cryptographic algorithms such as SHA-256 turn out to have back doors or a weakness, then NIST is done. No one will even ask them about the time of day (yes, NIST keeps that standard for the USA).”
Bernstein’s posts call for stakeholders to use IETF channels by Tuesday, October 7, to oppose moderation changes and protect hybrid cryptography as the default transition model. Todd’s warning reignites long-standing concerns within the Bitcoin community about government influence in cryptographic standards and reinforces the sector’s push for transparency and decentralized oversight.
At press time, Bitcoin (BTC) traded at $134,545.
