The White House has announced a set of proposals for keeping the US ahead in the quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography.
Quantum computers powerful enough to break public-key encryption are still years away, but when it happens, they could be a major threat to national security, and financial and private data.
Some projects such as OpenSSH have implemented mitigations for the event that an attacker steals encrypted data today, with the hope of decrypting it when such a computer exists. But so far there are no official US standards for quantum-resistant cryptography. The Biden administration's memorandum outlines its desire for the US to maintain its leadership in quantum information science (QIS), as well as a rough timelines and responsibilities for federal agencies to migrate most of the US's cryptographic systems to quantum-resistant cryptography.
There's no hard deadline for the post-quantum cryptographic migration, but the White House wants the US to migrate cryptographic systems to ones that are resistant to a 'cryptanalytically'-relevant quantum computer (CRQC), with the aim of "mitigating as much of the quantum risk as is feasible" by 2035.
"Any digital system that uses existing public standards for public-key cryptography, or that is planing to transition to such cryptography, could be vulnerable to an attack by a QRQC," the White House states.
The migration will affect all sectors of the US economy, including government, critical infrastructure, businesses, cloud providers, and basically anywhere today's public-key cryptography is used. The memorandum protection mechanisms might include counter-intelligence and "well-targeted export controls".
The quantum-cryptography memorandum follows the NATO Cyber Security Centre's recent test run of secure communication flows that could withstand attackers using quantum computing.
The renewed urgency comes as China makes headway in quantum computing. Scientists in China last year tested two quantum computers on tasks they claimed were more challenging than those that Google put its 54-qubit Sycamore quantum computer through in 2019 when it claimed to have achieved "quantum supremacy". IBM researchers contested Google's claim.
In October, US intelligence officials singled out quantum computing as one of five key foreign threats. The others were artificial intelligence, biotechnology, semiconductors and autonomous systems.
"Whoever wins the race for quantum computing supremacy could potentially compromise the communications of others," the US National Counterintelligence and Security Center warned in a white paper, noting that China wants to achieve leadership in these fields by 2030.
"Without effective mitigation, the impact of adversarial use of a quantum computer could be devastating to national security systems and the nation, especially in cases where such information needs to be protected for many decades."
Despite lacking a hard deadline for the migration, the memorandum does outline roles, reporting requirements and key dates for relevant federal agencies.
The directors of the National Institute of Standards and technology (NIST) and the National Security Agency (NSA) are developing standards for quantum-resistant cryptography. The first set of these standards are slated for public release by 2024.
Within the next 90 days, the Secretary of Commerce will work with NIST to establish a working group involving industry, critical infrastructure and others on how to progress the adoption of quantum-resistant cryptography.
And within a year, the heads of all Federal Civilian Executive Branch (FCEB) agencies – all agencies except Defence and intelligence – will deliver a list of CRQC-vulnerable IT systems to CISA and the National Cyber Director. The inventory will include cryptographic methods used on IT systems, including sysadmin protocols, as well as non-security software and firmware that require upgraded digital signatures.
FCEB agencies have been instructed not to purchase any quantum-resistant cryptography systems until NIST releases its first set of standards of the technology and those standards have been implemented in commercial products. However, these agencies are encouraged to test commercial products in this category.