Will quantum computers be able to crack RSA this decade? Maybe. But figuring out that exact date is not really what you and your organisation should worry about. A memorandum issued by the White House reveals when the quantum computing apocalypse will begin as far as information security boots on the ground are concerned. We take a deep dive into this document and its ramifications in this episode of The Post-Quantum World.
I’m your host, Konstantinos Karagiannis. I lead quantum computing services at Protiviti, where we’re helping companies prepare for the benefits and threats of this exploding field. I hope you’ll join each episode as we explore the technology and business impacts of this post-quantum era.
Welcome to this rare, solo episode of The Post-Quantum World. Since starting about two years ago, we’ve done 45 interviews with guests who brought us direct insight into areas of the industry they’re involved in. Occasionally, I’ve wanted to go deep into topics that didn’t quite match up with a particular guest. This episode covers a topic where I probably could never have someone close to the source material. I think Joe Biden and his team might have better things to do. Why am I mentioning the President? Because we’ll be talking about the infamous “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems.” Quite a mouthful. We also call it NSM-10. This document will affect everyone, not just government agencies, and we’ll get to why that is.
First, what is the document? At a high level, this mouthful of a title does capture the contents. There are policies and initiatives identified for how the US would like to remain a leader in using quantum computing. And there are steps outlined for how the US will prepare for the coming cryptographic apocalypse posed by systems that reach the level of being CRQCs or cryptanalytically relevant quantum computers.
We won’t delve much into the first promise of the title. Listeners know that in the past couple of years, quantum computers have begun delivering on promises of world-changing use cases in areas such as optimisation, machine learning, and simulation. After NSM-10 covers some basics, its Section 2 provides plans for investing in quantum computers and related technology and the education of the quantum workforce. The main takeaway is that federal agencies involved with Quantum Information Science, or QIS, will liaise with the National Quantum Coordination office regarding best practices. It seems this will benefit everyone if it encourages funding and increased quantum education. Enough said on that.
Section 3 is where things get interesting. It’s called Mitigating the Risks to Encryption. This is where we start to delve into what the government expects federal agencies to do to prepare for the arrival of a CRQC. At a high level, the plan is to mitigate the risk these quantum computers pose by moving federal infrastructure and systems to post-quantum cryptography or PQC by 2035. They cite that NIST, or the National Institute of Standards and Technology, is working alongside the NSA on finalising new cryptographic technical standards for PQC by 2024. Those are two significant dates revealed here, so let’s pause to see what each one means.
2024 is going to be a significant year for post-quantum cryptography. As we’ll get to in a moment, NSM-10 highlights a timeline of actions that federal agencies must take once these NIST standards are published. As you listen to the timeline described in this podcast, remember that regulatory bodies within each industry are likely to model their requirements on NSM-10. The government is being proactive here, and we have to believe a lot of time and money went into the provided recommendations and requirements. Regulators are likely to take advantage of this heavy lift that has already occurred. What follows may contain the same milestones your organisation will have to meet in the private sector. At the very least, you can expect them to be similar. This all means 2024 will be the year that the problem of Y2Q or the quantum apocalypse becomes the practical headache for CISOs and everyone else involved in cryptography and information security in an organisation.
Recall that the other date of interest is 2035, which is when PQC must be in place. That’s 11 years after the standards are published, so it doesn’t sound that bad. However, there are milestones to meet along the way. Before we break those down, it’s worth stating that 2035 might be too lax a deadline. Listeners of this show know that QIS is advancing more rapidly than anyone could have predicted. We see constant surprises in methods for improving qubit fidelity, including potential game-changer qubit types such as the Majorana fermion. And don’t discount the potential impact of interconnect. Numerous guests have agreed that getting quantum computers to work as one will significantly increase scaling capabilities. All these factors could result in thousands of quality qubits available within this decade.
We might not have 12 years from today to protect RSA 2048. The Toffoli-based modular multiplication approach to factoring numbers requires only 4098 error-corrected qubits to crack that. A different approach threatens blockchain with only 2500 qubits. And, while it’s controversial and still unproven, there’s that Chinese paper we’ve mentioned in the past that calls for only 372 qubits to crack RSA 2048. I’ll have links to all these papers in the show notes.
But for better or worse, 2035 is the target for now. And 2024 is the year real tangible steps will have to be taken toward what we call cryptographic agility, which enables future updates to cryptographic algorithms and standards without the need to modify or replace the surrounding infrastructure. Some hardware and software will have no practical path forward to PQC, and these risky entities will need to be identified early.
Last year, a couple of milestones were already met, including creating a working group that shares guidance and best practices with government agencies. NIST also created the Migration to Post-Quantum Cryptography Project to work with the private sector and includes partners such as AWS (which has a hybrid PQC implementation), Microsoft, and ten other companies.
November 2022 was another milestone where the Office of Management and Budget or OMB was to put forth its own memorandum to help agencies comply with NSM-10. This did happen on November 18, and the M-23-02 memo, as it is called, gives specific dates for accomplishing inventorying and other benchmarks. We won’t go down that tangent, but the additional document is interesting reading to see how something like NSM-10 is beginning implementation.
We’re still not to the release of the NIST standards, but another significant milestone is looming for the government. The 1st anniversary of NSM-10 is May 4. On this day, agencies have to have completed a cryptographic inventory of IT systems that remain vulnerable to CRQCs, which is, well, almost all of them, depending on how you define vulnerable. This is a logical first technical step and should be part of any cryptographic agility assessment. My team does this for customers as part of the process. This inventory will have to be done annually in the future, according to NSM-10.
The last pre-NIST-finalist milestone is coming on October 18, 2023. On that day and annually after, the National Cyber Director will deliver a status report on progress made by Federal Civilian Executive Branch or FCEB Agencies on migration to PQC. This combination of annual inventory and annual progress is something we may see in the private sector in anticipation of a future industry event like Y2Q.
And then finally, the NIST standards appear on the milestone list. Within 90 days of the standards’ release and annually after, the Secretary of Commerce will put out a proposed timeline for the deprecation of quantum-vulnerable cryptography. This is the first critical technical deadline that regulators will have to take note of. If a cryptographic cipher has a deprecation date set by NIST for federal agencies, it’s a no-brainer that this exact date will appear across the industry as a target. Do you have quantum deniers in your organisation? Remind them that it doesn’t matter if they believe CRQCs are a century away. Deprecated cryptography needs to be put to pasture. They don’t have to utter the Q word.
As a bonus during this 90-day window after the standards, the Director of NIST is supposed to work with the industry to encourage the interoperability of commercial cryptographic approaches. This is something all industries will benefit from.
Within one year of the NIST standards, the Director of OMB will issue a policy memorandum requiring FCEB Agencies to develop a plan to upgrade their systems to PQC. Regulators may require private sector industries to do something similar. The federal version of these plans will first address the most significant risks—a ranked remediation approach that anyone involved in infosec understands well.
The NSM-10 document is practical and forward-thinking, but I was also impressed by the statement that until the NIST standards are released, FCEB agencies shall not purchase any commercial PQC solutions. It’s okay to run tests of PQC hardware and software for interoperability and performance, but agencies should only buy after standards are finalised. Many PQC vendors claim to support all the NIST finalists with an approach of removing ciphers as they are dropped as contenders. For example, deleting SIKE after its side-channel attack vulnerability. But the government is being extra cautious here.
So far, we’ve been talking about government systems that are not National Security Systems or NSS. The memorandum goes on to highlight separate timelines for NSS. The only thing worth noting on this particular timeline is that on December 31, 2023, agencies will have to add symmetric-key protections to add an additional layer of armor to quantum-vulnerable key exchanges. Examples include High Assurance Internet Protocol Encryptor (HAIPE) exclusion keys or VPN symmetric key solutions. After NIST publishes its standards, ironically, the agencies will have many more options for buying because of the ban I just mentioned. However, adding symmetric-key protections is still a helpful, robust approach.
One final observation is that on the same date of December 23, 2023, the Secretary of Defense will deliver an assessment of the risks of quantum computing to defense and will also include a plan to work with what the department calls “key commercial entities” to upgrade their systems for PQC. We don’t know what companies these commercial entities may be (maybe yours?) but their involvement greatly increases the potential for trickle-down requirements appearing in the private sector.
This all points to what I said earlier. By 2024, crypto agility and post-quantum cryptography will become everyone’s problem. Let the apocalypse era begin! In all seriousness, when going to PQC becomes everyone’s problem, it becomes a path to everyone’s salvation.
That does it for this episode. Thanks to the White House for taking concrete steps toward our PQC future.
And thank you for listening. If you enjoyed the show, please subscribe to Protiviti’s The Post-Quantum World and maybe leave a review to help others find us.
Be sure to follow me on Twitter and Instagram at Konstant Hacker—that’s Konstant with a K … Hacker. You’ll find links there to what we’re doing in Quantum Computing Services at Protiviti. You can also DM me questions or suggestions for what you’d like to hear on the show.
For more information on our Quantum services, check out Protiviti.com or follow ProtivitiTech on Twitter and LinkedIn.
Until next time, be kind, and stay quantum curious.