New Deadline for Quantum-Proof Encryption
As the federal government aims to safeguard extensive secrets held by the military, banks, and individuals worldwide, the White House is expediting the timeline for agencies to adopt new quantum-resistant encryption systems. These systems are designed to fend off attacks using quantum computers.
The executive order titled Protecting the nation from advanced cryptographic attacks mandates that “high-value assets” and “high-impact systems” must transition to a post-quantum cryptographic key establishment by December 31, 2030, and a quantum-secure digital signature scheme by December 31, 2031.
Avoid Serious Threats
This revised timeline, which is roughly five years ahead of previous deadlines for numerous organizations, follows new research indicating that the development of quantum computers relevant to cryptography is more feasible and cost-effective than previously thought. Consequently, tech companies like Google and Cloudflare have also adjusted their timetables to ensure vulnerable systems migrate by 2029.
The executive order warns that large-scale quantum computers pose a significant risk to established cryptographic security systems, especially if they’re accessed by hostile entities. The order notes, “Continued cyber operations against our country also pose a risk that adversaries could collect U.S. intelligence now and decipher it once large-scale quantum computers are operational.”
According to a timeline released by the National Security Agency in 2022, the “National Security System,” which includes defense and intelligence systems, was expected to become quantum-enabled between 2030 and 2033, with other organizations initially given until 2035. Now, many will need to speed up their efforts.
Brian LaMacchia, a cryptographic engineer formerly leading Microsoft’s post-quantum transition, stated that for systems categorizing as high-value and high-impact, the migration period will be reduced by four to five years, shifting from 2035 to 2030/2031. He mentioned that this is a “significant reduction” aligning with similar adjustments made by tech giants Google and Cloudflare earlier this year.
