QUANTUM COMPUTING INC. In the waning days of 2022 and the 117th
Why Prepare Cybersecurity for
Nearly everything sensitive that is transmitted or stored on computers is encrypted. For example, encryption protects our bank accounts, health records and app-based messaging. Encryption takes a block of readable data and makes it unreadable to everyone but those users who hold a cryptographic key and can decrypt it. As with a physical bike lock, encryption schemes can be decrypted even without the key. Also like a physical bike lock, as an encryption scheme becomes more and more complex, the likelihood that anyone could realistically decrypt it goes down.
Certain types of quantum computers are likely to be excellent encryption "lock-pickers" in the future. The math tells us that if such computers were ever built to scale - an event that is difficult to predict but could be over a decade away - then they would be efficient at decrypting the most widely used encryption schemes that exist today. In effect, using the most popular, modern encryption schemes is like buying an expensive bike lock with the understanding that, at some unknown point in the future, it will be worthless against thieves.
Developing Post-Quantum Cryptography / Quantum-Safe Algorithms
Quantum computers are chess grandmasters who cannot tie their shoes and forget where they put their wallets: They are very good at a certain class of problems, but lousy at others. (A quantum computer would have a hard time, for example, doing something as basic as rendering this webpage.) As a result, there is math that quantum computers are no better at than classical computers, and encryption schemes that rely on that math are more resilient to a quantum decryption attack.
In 2016, the
In recent years, there has been a substantial amount of research on quantum computers - machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for conventional computers. If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.
NIST's stated goal was "to develop cryptographic systems that are secure against both quantum and classical computers, and can interoperate with existing communications protocols and networks."
In 2022, the ongoing project identified several promising candidate algorithms, including CRYSTALS-Kyber (for key establishment) and CRYSTALS-Dilithium (for digital signatures). NIST is currently working to standardize these algorithms for wide-scale use.
The Quantum Computing Cybersecurity Preparedness Act
Quantum decryption could also compromise government secrets. So, with quantum decryption on the horizon,
The Act acknowledges the threat that quantum computing raises for national security:
(1) Cryptography is essential for the national security of
(2) The most widespread encryption protocols today rely on computational limits of classical computers to provide cybersecurity.
(3) Quantum computers might one day have the ability to push computational boundaries, allowing us to solve problems that have been intractable thus far, such as integer factorization, which is important for encryption.
(4) The rapid progress of quantum computing suggests the potential for adversaries of
Sections 2(a), 3(d)(9) (defining a "quantum computer" as "a computer that uses the collective properties of quantum states, such as superposition, interference, and entanglement, to perform calculations").
The Act requires that the Director of the Office and Management and Budget (OMB) develop and issue guidance for administrative agencies "on the migration of information technology to post-quantum cryptography." Section 4(a). This guidance must include "a requirement for each agency to establish and maintain a current inventory of information technology in use by the agency that is vulnerable to decryption by quantum computers." Section 4(a)(1).
Following that guidance, agencies will then report back to the OMB with their inventory of IT vulnerable to quantum decryption. Section 4(b). One year after NIST issues its post-quantum cryptography standards, OMB will issue further guidance to prepare agencies for the migration of their data to the new, quantum-resilient standards. Section 4(c). Throughout this period, and for the following five years, OMB will report back to
The Act exempts all national security systems. Section 5. Migrating these systems to post-quantum cryptography, however, is already underway.
While the Act will go a long way toward strengthening agency data against a quantum attack, in some respects, the cat is already out of the bag. Today's hackers can obtain encrypted data and store it for years, knowing that a future quantum computer will be able to decrypt it. This technique is sometimes called "harvest now, decrypt later," and the Act cannot protect already compromised data from later decryption. Still, the government's acknowledgement and mitigation of future threats is an important step toward protecting its data in the future.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
Mr Jacob W Schneider
11th Floor
MA 02116
Tel: 6175232700
Fax: 6175236850
E-mail: webcontent@hklaw.com
URL: www.hklaw.com
© Mondaq Ltd, 2023 - Tel. +44 (0)20 8544 8300 - http://www.mondaq.com, source
