Cryptography and quantum computers: The White House prepares for its response

The White House has announced a series of proposals aimed at keeping the United States ahead of the global quantum computing race, while mitigating the risks that quantum computers may crack public-key cryptography.


Quantum computers powerful enough to crack public-key cryptography won’t be available for years, but when they are available, they can pose a major threat to national security and financial and private data.

Some projects like OpenSSH have already implemented mitigations, in case an attacker steals encrypted data today in hopes of decrypting it when such a computer exists. But so far, there are no official US standards for quantum computer-resistant encryption.

The Biden administration memo underscores its desire to see the United States retain its leadership in the field of quantum information science. The text suggests an approximate timeline for federal agencies to enable them to anticipate the transition of most US encryption systems to encryption that is resistant to quantum computer-enabled attacks.

Migration on a large scale

There is no deadline for this immigration, but the White House wants administrations to make the transition by 2035.

The White House warns that “any digital system that uses existing standards for public key cryptography, or plans to migrate to such encryption, may be vulnerable to attack by a quantum computer.”

Immigration will affect all sectors of the US economy, including government, critical infrastructure, enterprises, cloud service providers, and wherever public key cryptography technologies are used. The protective mechanisms discussed may include counter-intelligence and “well-targeted export controls”.

Quantum computing is a serious threat

This statement comes on the heels of recent tests by NATO’s Cyber ​​Security Center on secure communications flows that can withstand attackers using quantum computing.

This renewed urgency comes with China’s advances in quantum computing. Last year, Chinese scientists tested two quantum computers in tasks they said were more difficult than those Google put into its 54-qubit Sycamore quantum computer in 2019.

In October, US intelligence officials identified quantum computing as one of the top five external threats. Other threats were artificial intelligence, biotechnology, semiconductors, and autonomous systems.

cipher race

“Anyone who wins the race for the supremacy of quantum computing has the potential to jeopardize the communications of others,” the US National Counterintelligence and Security Center said in a white paper. Before we add that China wants to become a leader in this field by 2030.

“Without effective mitigations, the impact of an opponent’s use of a quantum computer could be devastating to national security systems and a nation, especially in cases where this information must be protected for decades.”

The directors of the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) are currently working to develop standards for encryption that are resistant to quantum computing. The first set of these standards should be published by 2024.

Proceed with the adoption of new encryption tools

Over the next 90 days, the US Secretary of Commerce will work with the National Institute of Standards and Technology (NIST) to create a task force of representatives from industry, critical infrastructure, and other interested parties on how to move forward with adoption of the new encryption tools.

Within one year, the heads of all agencies of the federal civilian executive branch will provide the US Cyber ​​Security Agency (CISA) and the National Director of Cyberspace with a list of computer systems vulnerable to computer-assisted attacks. The inventory will include encryption methods used in computer systems, including system administrator protocols, as well as non-security software and firmware that requires digital signatures to be updated.

Agencies have been instructed to wait until NIST publishes its first set of technology standards and for these standards to be implemented in commercial products before moving on to cryptographic tools that are resistant to quantum computer attacks. However, these agencies are encouraged to test commercial products in this category.


Leave a Comment

Your email address will not be published.