Government sets out plan for post-quantum encryption
The Biden administration has made a policy commitment to promote US leadership in the emerging technology of quantum computing.
The National Security Memo on quantum computing, published last week, directs US federal agencies to prepare for the advent of both quantum computing and the related technology of quantum-resistant cryptography.
The policy commitment is important because it puts the weight of US federal government spending into a nascent technology that represents a paradigm shift in how computers work.
Quantum computers rely on the properties of quantum states – such as superposition or entanglement – rather than the simple binary states (0 or 1) of current PCs and servers.
When combined with quantum algorithms the technology can be expected to solve some mathematical problems, such as integer factorization, in short order.
This poses a threat to current encryption schemes, data from which might be vulnerable to “capture now, decrypt later” attacks enabled by the quantum computers of the future.
Fortunately, cryptographers and computer scientists are aware of the threat and are already working with the US National Institute for Standards and Technology (NIST) in selecting a preferred algorithm for post-quantum encryption.
Ahead of formal ratification, several viable schemes have already been proposed. Developers of the OpenSSH secure networking utility are ‘future-proofing’ the technology by adopting the NTRU Prime algorithm, a scheme designed to protect against brute-force attacks mounted by the more capable quantum computers of the future.
The Biden administration’s National Security Memo directs NIST to establish a “migration to post-quantum cryptography project” at the National Cybersecurity Center of Excellence, as well as an open working group within the industry to generate further research and to promote the adoption of quantum-resilient cryptographic standards and technologies.
The policy also sets requirements for federal agencies to update cryptographic systems. Specifically, by the end of next year US federal agencies should have a policy for hardening security against quantum computers that can easily crack encryption keys.
Industry experts welcomed the US government’s commitment to quantum computing as timely.
Mike DeVries Vermeer, a scientist who writes about tech policy for the non-profit RAND Corporation, told The Daily Swig: “[The] timeline for quantum computing varies, but data-in-transit now is vulnerable if it needs to stay secret for a long time.”
Vermeer concluded: “Transitions like this take decades.”