Text settings
Story text
SizeSmallStandardLargeWidth *StandardWideLinksStandardOrange
\* Subscribers only
Minimize to nav
The White House is drastically shortening the deadline for government agencies and organizations to adopt new quantum-resistant encryption systems that will withstand attacks that use quantum computers, as the federal government seeks to protect decades’ worth of secrets belonging to militaries, banks, governments, and most individuals on Earth.
The executive order, titled Securing the Nation against Advanced Cryptographic Attacks, requires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key establishment schemes by December 31, 2030, and to quantum-safe digital signature schemes by December 31, 2031.
Heading off a significant threat
The new deadline, which for many organizations is about five years sooner than the previous one, comes on the heels of recent research showing that the resources and cost for building a cryptographically relevant quantum computer are far less than previous consensus estimates. In response, Google, Cloudflare, and other companies recently tightened their timelines for moving off vulnerable systems to 2029.
“The advent of large-scale quantum computers, particularly in the hands of adversaries, will pose a significant threat to widely used cryptographic security systems,” Monday’s executive order stated. “Ongoing cyber activity against our Nation also presents the risk of adversaries collecting United States information now, and decrypting it later once large-scale quantum computers are operational.”
Under a timeline the National Security Agency published in 2022, “National Security Systems”—a class including only defense and intelligence systems under the authority of the agency—were under orders to be quantum-ready between 2030 and 2033. Most other organizations had until 2035 to complete the transition. Now, many of them will be required to transition much sooner.
“So, for any system that falls into this new bucket of high-value assets and high-impact systems, their transition timelines just got shortened by 4-5 years (from 2035 to 2030/2031),” Brian LaMacchia, a cryptography engineer who oversaw Microsoft’s post-quantum transition from 2015 to 2022 and now works at Farcaster Consulting Group, told Ars. “That is a significant shortening of the transition timeline for these systems, and it follows similar timeline revisions from Google and Cloudflare that we saw announced back in late March/early April.”
The order also:
- Establishes a government-wide transition coordination process to be led by the Director of the Office of Management and Budget and the National Cyber Director. Each federal agency will designate a point person responsible for reporting quantum transition progress to them.
- Directs the Secretary of State to work with the National Institute of Standards and Technology, the Department of Defense and Homeland Security, the National Cyber Director, and the Director of National Intelligence to “identify and engage foreign governments and industry groups in key countries to encourage their transition to PQC algorithms standardized by NIST.”
- Directs NIST and the Cybersecurity and Infrastructure Security Agency to issue guidance on the release of a CBOM (cryptographic bill of materials), which lists all components, libraries, and modules in an encryption system.
- Establishes new procurement rules that appear to be aimed at requiring “covered contractors” to meet the same quantum-readiness deadlines and implement vulnerability disclosure policies.
“Critical infrastructure owners and operators can now expect support in developing their PQC migration plans,” Jordan Kenyon, senior quantum scientist at Booz Allen, told Ars. “Covered contractors could face future requirements from proposed rules to incorporate PQC compliant algorithms required by FIPS by the end of 2030 and incorporate reports of cryptographic vulnerabilities in their disclosures.” FIPS is short for Federal Information Processing Standards, a set of standards shepherded by NIST for use in computer systems of non-military US government agencies and contractors.
No one knows when a cryptographically relevant quantum computer will arrive. Experts have made wide-ranging guesses for more than three decades. A key barrier is creating a system with the required number of qubits—the quantum equivalent of a bit in classical computing—that operates correctly even in the presence of errors that occur when they interact with their environment.
In March, researchers said they discovered a way to break ECC-256, used to secure the bitcoin and ethereum blockchains, using only 30,000 physical qubits in 10 days.
That same month, a Google research team said it developed two quantum circuits that could solve the elliptic-curve discrete logarithm problem using roughly 500,000 physical qubits, half of what the same team estimated last June was needed to break 2048-bit RSA, which has a much larger key size.
In 2012, most estimates were that breaking a 2048-bit RSA key would require a billion physical qubits. By 2019, the estimate was lowered to 20 million physical qubits. The steady march of progress, as demonstrated by these latest research papers, is prodding organizations with the most to lose to err on the side of Q Day—the day a cryptographically relevant quantum computer arrives—coming sooner rather than later.
Two of the most widely used public key cryptography algorithms—RSA and elliptic curve cryptography—are based on factoring composites, which are the product of two or more primes, and the discrete logarithm, respectively. These mathematical problems are simple to solve in one direction and nearly impossible in the other. A quantum computer with sufficient resources can run Shor’s algorithm to solve these problems in polynomial time, specifically cubic time, far faster than the exponential time provided by today’s classical computers. The post-quantum algorithms replacing RSA and elliptic curve cryptography are based on problems that quantum computers have no advantage over classical computers in solving.
Contrary to what many people assume, substituting quantum vulnerable algorithms for PQC ones is anything but a drop-and-replace exercise. Public key sizes for ML-KEM—one of the replacements for RSA—are roughly three times bigger. The difficulty and scale of the work ahead is the reason the federal government is taking the move so seriously.
Separately, the White House published a second executive order directing the federal government, in partnership with private industry, to support quantum computing. Among other things, it established a “national effort” to develop the world’s first quantum computer powerful enough to “initiate the era of quantum-enabled scientific discovery.”
Dan Goodin Senior Security Editor
Dan Goodin Senior Security Editor
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.
Comments
Loading comments...
Customize
Sign in dialog...
Read Original at Ars Technica →