As the federal government struggles to protect decades of secrets belonging to the military, banks, governments and most of Earth’s population, the White House is dramatically shortening the deadline for government agencies and organizations to adopt new quantum-resistant encryption systems that will withstand attacks using quantum computers.
executive order Securing the Nation from Advanced Cryptographic Attacksrequires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key generation schemes by December 31, 2030, and to quantum secure digital signature schemes by December 31, 2031.
Avoids a significant threat
The new deadline, which is nearly five years earlier than before for many organizations, follows recent research showing that the resources and costs to build a cryptographically compatible quantum computer are far less than previous consensus estimates. In response, Google, Cloudflare and other companies recently they tightened their deadlines to move sensitive systems by 2029.
“The emergence of large-scale quantum computers, particularly in the hands of adversaries, will pose a significant threat to widely used cryptographic security systems,” Monday’s order said. “Continued cyber activity against our nation also poses the risk that adversaries may now collect information about the United States and decrypt it once large-scale quantum computers are operational.”
under a timeline The National Security Agency’s 2022 release of “National Security Systems” — a class that includes only defense and intelligence systems under the agency’s purview — was under a quantum readiness order between 2030 and 2033. Most other organizations must complete the transition by 2035. Now, many of them will be required to switch sooner.
“So for any system that falls into this new box of high-value assets and high-impact systems, their transition times are just shortened by 4-5 years (from 2035 to 2030/2031),” said Brian LaMacchia, a cryptography engineer overseeing Microsoft’s post-quantum transition. Advisory Group, Ars. “This is a significant shortening of the transition timeline for these systems and follows similar timeline revisions from Google and Cloudflare that we announced in late March/early April.”
