White House: Quantum computers could crack encryption, so here’s what we need to do
(ZDNet) The White House has announced a set of proposals for keeping the US ahead of quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography. ZDNet contributor Liam Tung discusses the The Biden administration’s memorandum outlining its desire for the US to maintain its leaderships in quantum information science (QIS) as well as a rough timeline and responsibilities for federal agencies to migrate most of the US’s cryptographic systems to quantum-resistant cryptography. IQT-News summarizes Tung’s discussion here.
There’s no hard deadline for the post-quantum cryptographic migration, but the White House wants the US to migrate cryptographic systems to ones that are resistant to a ‘cryptanalytically’ relevant quantum computer (CRQC), with the aim of “mitigating as much of the quantum risk as is feasible” by 2035.
“Any digital system that uses existing public standards for public-key cryptography, or that is planing to transition to such cryptography, could be vulnerable to an attack by a QRQC,” the White House states.
The migration will affect all sectors of the US economy, including government, critical infrastructure, businesses, cloud providers, and basically anywhere today’s public-key cryptography is used. The memorandum protection mechanisms may include counter-intelligence and “well-targeted export controls”.
The quantum-cryptography memorandum follows the NATO Cyber Security Centre’s recent test run of secure communication flows that could withstand attackers using quantum computing.
The renewed urgency comes as China makes headway in quantum computing. “Whoever wins the race for quantum computing supremacy could potentially compromise the communications of others,” the US National Counterintelligence and Security Center warned in a white paper, noting that China wants to achieve leadership in these fields by 2030.
Despite lacking a hard deadline for the migration, the memorandum does outline roles, reporting requirements and key dates for relevant federal agencies.
The directors of the National Institute of Standards and technology (NIST) and the National Security Agency (NSA) are developing standards for quantum-resistant cryptography. The first set of these standards are slated for public release by 2024.
Within the next 90 days, the Secretary of Commerce will work with NIST to establish a working group involving industry, critical infrastructure and others on how to progress the adoption of quantum-resistant cryptography.
And within a year, the heads of all Federal Civilian Executive Branch (FCEB) agencies — all agencies except Defence and intelligence — will deliver a list of CRQC-vulnerable IT systems to CISA and the National Cyber Director. The inventory will include cryptographic methods used on IT systems, including sysadmin protocols, as well as non-security software and firmware that require upgraded digital signatures.
FCEB agencies have been instructed not to purchase any quantum-resistant cryptography systems until NIST releases its first set of standards of the technology and those standards have been implemented in commercial products. However, these agencies are encouraged to test commercial products in this category.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.