In direct confrontation with hackers now, US government officials are preparing for another longer-term threat: attackers are now collecting sensitive encrypted data and hope they can unlock it sometime in the future. This threat comes from quantum computers, which work in a very different way from the classical computers we use today.
Instead of using traditional bits composed of 1s and 0s, they use qubits that can represent different values at the same time. The complexity of quantum computers allows them to perform certain tasks faster, enabling them to solve problems that are almost impossible to solve by modern machines – including cracking many encryptions currently used to protect sensitive data such as personal, commercial, and state secrets. algorithm.
Although quantum computers are still in their infancy and incredibly expensive and full of problems, officials pointed out that efforts to protect the country from this long-term danger need to start now.
Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST), pointed out: “The threat of a nation-state’s opponents getting a large quantum computer and being able to access your information is real. The threat is that they copy your encryption. Data and keep it until they have a quantum computer.”
Faced with this “harvest now, decrypt later” strategy, officials are trying to develop and deploy new encryption algorithms to protect secrets that can counter a new class of powerful machines. This includes the Department of Homeland Security, which says it is leading a long and difficult transition, known as post-quantum cryptography.
Tim Maurer said: “We don’t want this situation: one morning we wake up and find a technological breakthrough, and then we have to complete three or four years of work within a few months-all the additional risks associated with this .”
The U.S. Department of Land Security recently released a transition road map, which first calls for the classification of the most sensitive data within the government and the business world. Maurer said this is a crucial first step, “see which departments are already doing this and which departments need assistance or awareness to ensure they take action now.”
prepare in advance
Experts say that it may take ten years or more for quantum computers to complete any useful work, but with the influx of funds, the race to achieve this goal is making everything happen.
Moody, who leads the NIST post-quantum cryptography project, said that the United States has been holding a competition through NIST since 2016, the purpose of which is to produce the first anti-quantum computer algorithm by 2024.
The transition to new cryptography is a notoriously tricky and long task, and it is easy to overlook. It is difficult for for-profit organizations to spend money on abstract future threats in the years before they become a reality.
Maurer said: “If organizations don’t think about transformation now, they will become overwhelmed when the NIST process is completed, and a sense of urgency will follow, which increases the risk of unexpected events… Any such transformation is not a good idea.”
As more and more organizations begin to consider imminent threats, a small and dynamic industry has emerged, and there are already companies selling promised quantum encryption products. But officials from the US Department of Homeland Security have clearly warned against buying these products because there is still no consensus on how this system needs to work. The department made it clear in a document released last month: “Organizations should wait until there is a strong, standardized commercial solution to implement the upcoming NIST recommendations to ensure interoperability and undergo rigorous review. And globally accepted solutions.”
Experts are pessimistic about how the transition period will proceed.
If it takes a long time for quantum computers to solve useful problems, “I think the company will forget about hype and implement the weakest thing proposed by NIST, until 30 years later, I suddenly think of this problem,” is studying post-quantum encryption with NIST Said Vadim Lyubashevsky, an IBM cryptographer of the algorithm.
And this is exactly the situation that American national security officials want to avoid.