White House: Quantum computers could crack encryption, so here’s what we need to do
(ZDNet) Liam Tung, an enterprise tech, security, and telecommunications journalist with ZDNet Australia.discusses the set of recent proposals from the White House for keeping the US ahead in the quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography. IQT-News summarizes below:
Some projects such as OpenSSH have implemented mitigations for the event that an attacker steals encrypted data today, with the hope of decrypting it when such a computer exists. But so far there are no official US standards for quantum-resistant cryptography.
There’s no hard deadline for the post-quantum cryptographic migration, but the White House wants the US to migrate cryptographic systems to ones that are resistant to a ‘cryptanalytically’-relevant quantum computer (CRQC), with the aim of “mitigating as much of the quantum risk as is feasible” by 2035.
The migration will affect all sectors of the US economy, including government, critical infrastructure, businesses, cloud providers, and basically anywhere today’s public-key cryptography is used. The memorandum protection mechanisms might include counter-intelligence and “well-targeted export controls”.
The quantum-cryptography memorandum follows the NATO Cyber Security Centre’s recent test run of secure communication flows that could withstand attackers using quantum computing.
The renewed urgency comes as China makes headway in quantum computing.
In October, US intelligence officials singled out quantum computing as one of five key foreign threats. The others were artificial intelligence, biotechnology, semiconductors and autonomous systems.
“Whoever wins the race for quantum computing supremacy could potentially compromise the communications of others,” the US National Counterintelligence and Security Center warned in a white paper, noting that China wants to achieve leadership in these fields by 2030.
Despite lacking a hard deadline for the migration, the memorandum does outline roles, reporting requirements and key dates for relevant federal agencies.
The directors of the National Institute of Standards and technology (NIST) and the National Security Agency (NSA) are developing standards for quantum-resistant cryptography. The first set of these standards are slated for public release by 2024.
Within the next 90 days, the Secretary of Commerce will work with NIST to establish a working group involving industry, critical infrastructure and others on how to progress the adoption of quantum-resistant cryptography.
And within a year, the heads of all Federal Civilian Executive Branch (FCEB) agencies – all agencies except Defence and intelligence – will deliver a list of CRQC-vulnerable IT systems to CISA and the National Cyber Director.
FCEB agencies have been instructed not to purchase any quantum-resistant cryptography systems until NIST releases its first set of standards of the technology and those standards have been implemented in commercial products.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.