As long as the U.S. government has conducted business online, it’s relied on hidden “encryption” algorithms to keep private emails, medical records, and other sensitive information safe from hacks. But new threats evolve fast. And the White House is telling all federal agencies to prepare for a future threat that could render today’s encryption protections useless: quantum computing.
“Once operational, a cryptanically relevant quantum computer is expected to be able to compromise certain widely used cryptographic algorithms used to secure Federal data and information systems,” reads a memo the White House Office of Management and Budget (OMB) sent November 18 to the heads of all federal agencies. The memo directs agencies to start work on implementing quantum-proof encryption, or “post-quantum cryptography,” and migrating all their electronic information and assets under these enhanced protections.
Per the memo, OMB asks agencies to start submitting annual inventories of all their information systems and assets, identifying which ones contain critically sensitive data or are highly vulnerable to quantum computer-based cyberattacks (or both). They must also submit annual estimates of how much it would cost to migrate these systems and assets to post-quantum cryptography.
Each agency is to additionally appoint a lead person to head up inventories and migrations. And the OMB and ONCD, with representatives of the agencies, will form a “cryptographic migration working group” that will assist and coordinate migration efforts government-wide.
Encryption is Key
The crux of the matter is encryption. Encryption algorithms shield sensitive emails and other electronic messages from outsiders’ prying eyes by converting the text to seemingly unintelligible coding that humans cannot read. When the communique reaches the right recipient’s inbox, their system “decrypts” it back into understandable text. A variety of encryptions exist, but government agencies–and most banks and private businesses–use a type called Public Key Infrastructure (PKI).
PKI originated back in the 1970s, when conventional computers were just coming into being. Quantum computing is a whole other latitude of operations–one that PKI’s developers could not have possibly foreseen.
Conventional computers’ processors store data in bits, each bit representing the data as either a 1 or a 0. Quantum computing taps into the mysterious phenomena of quantum mechanics, where atomic subparticles can essentially be in two places at once: It operates with quantum bits (qubits) that can each be 0 and 1 at the same time. This gives quantum computers the potential for immensely greater processing power and speed versus today’s conventional computers.
Which makes them potentially dangerous weapons in the hands of hackers, who may use them to calculate how to crack the codes to PKI-shielded emails and data. National secrets, government employees’ personal files, and ultimately the private data of U.S. citizens inside and outside of government alike would all become accessible to bad guys online.
“A potential quantum computer by an adversary country is really a nuclear threat to cybersecurity, because the underpinning cryptography relies on a math principle that potentially a quantum computer could break,” said Anne Neuberger, deputy national security advisor, at an event hosted by the Aspen Institute in July.
Federal agencies and contractors are testing new encryption algorithms. The National Institute of Standards and Technology (NIST) recently approved four, all of which make use of mathematical techniques, such as “structured lattices,” which quantum computers may find harder to crack. NIST will promote these and other promising algorithms as building blocks of the new post-quantum cryptography.
The China Factor
Only a few quantum computer systems exist now, and none are operational yet. Engineers have been able to use each to conduct certain specific tasks in controlled laboratory settings. Experts say it will be at least 10 years before we see quantum computers ready for day-to-day operations that have practical uses–and that includes unauthorized hacking.
Still, White House officials clearly want the U.S. government to start preparing for quantum computing’s rise now, while there is time. All the more so, perhaps, considering where several of today’s most powerful quantum computing prototypes can be found: China.
Last year, Chinese researchers boasted using Zuchongzi, a 57-qubit quantum device, to complete a probability calculation task in 1.2 hours that today’s most powerful supercomputers would have needed 8.2 years to finish. They followed up with Jiuzhang 2.0, a photonic quantum computer–its qubits are light-based, not superconducting–completing in one millisecond a task that would take a conventional computer 30 trillion years.
China has been investing heavily in quantum computing, has listed “quantum informatics” as a key aim in its latest five-year plan, and has already built a quantum science satellite (the Micius) and a quantum network connecting Beijing and Shanghai. And while none of its quantum endeavors have overt military applications, it’s highly feasible that China will find some, given its frequent use of other forms of cyberwarfare against adversaries and the close partnership of all Chinese research-and-development with Chinese government ambitions. When the White House speaks of quantum computing threats, it no doubt anticipates a share of those threats originating in China.
Quantum Uncertainty
Preparing for a future threat is always good. But the lack of a working quantum computer today poses a planning challenge: We don’t really know for sure how a quantum computing attack will unfold, or how our new “post-quantum” algorithms will fare against it. We can create models and calculate probabilities, but in the end, we will only definitively find out how prepared we are for the threat when the threat arrives in real-time. And real life doesn’t always follow computer simulations. Still, we must use what we have in the present to stand our best chance of being ready for the future.