The White House has announced a series of proposals aimed at keeping the United States ahead of the global quantum computing race, while mitigating the risk that quantum computers could break public-key cryptography.
Anticipation
Quantum computers powerful enough to break public-key encryption won’t be available for years, but when they are, they could pose a major threat to national security and financial and private data.
Some projects like OpenSSH have already implemented mitigations, in case an attacker steals encrypted data today in hopes of decrypting it when such a computer exists. But so far, there are no official US standards for attack-resistant cryptography leveraging a quantum computer.
The Biden administration’s memorandum underscores its desire to see the United States retain its leadership in the field of quantum information science. The text proposes an approximate timetable for federal agencies to enable them to anticipate the migration of most American cryptographic systems to cryptography resistant to attacks supported by a quantum computer.
Large scale migration
There is no deadline for this migration, but the White House wants administrations to make the transition by 2035.
“Any digital system that uses existing standards for public-key cryptography, or plans to move to such cryptography, could be vulnerable to attack by a quantum computer,” the White House warns.
The migration will affect all sectors of the US economy, including government, critical infrastructure, enterprises, cloud providers, and anywhere public key cryptography technologies are used. The protection mechanisms discussed may include counter-intelligence and “well-targeted export controls”.
Quantum computing, a serious threat
This statement follows recent tests by the NATO Cybersecurity Center on secure communication flows that could withstand attackers using quantum computing.
This renewed urgency comes as China advances in the field of quantum computing. Last year, Chinese scientists tested two quantum computers on tasks they said were more difficult than those Google put its 54-qubit Sycamore quantum computer through in 2019.
In October, US intelligence officials named quantum computing one of the top five foreign threats. Other threats were artificial intelligence, biotechnology, semiconductors and autonomous systems.
Cipher Race
“Whoever wins the race for quantum computing supremacy has the potential to compromise the communications of others,” the US National Counterintelligence and Security Center said in a white paper. Before adding that China wants to become a leader in this field by 2030.
“Without effective mitigations, the impact of an adversary’s use of a quantum computer could be devastating to national security systems and the nation, especially in cases where such information must be safeguarded for decades. . »
Directors of the National Institute of Standards and technology (NIST) and the National Security Agency (NSA) are currently developing standards for quantum computing-resistant cryptography. The first set of these standards should be published by 2024.
Advance the adoption of new cryptographic tools
Within the next 90 days, the U.S. Secretary of Commerce will work with NIST to establish a task force of representatives from industry, critical infrastructure, and other interested parties on how to advance the adoption of new cryptographic tools.
And within one year, the heads of all federal civilian executive branch agencies will provide the United States Cyber Security Agency (CISA) and the National Director of Cyberspace with a list of computer systems vulnerable to computer-supported attacks. quantum. The inventory will include cryptographic methods used on computer systems, including sysadmin protocols, as well as non-security related software and firmware that requires updating digital signatures.
Agencies were instructed to wait until NIST publishes its first set of standards for the technology and until those standards have been implemented in commercial products before making the transition to cryptographic tools resistant to computer attacks quantum. However, these agencies are encouraged to test commercial products in this category.
Source: ZDNet.com