“The threat of a nation-state averse to getting a large quantum computer and being able to access your information is real,” says Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST). “The threat is that they copy your encrypted data and keep it until they have a quantum computer.”
Faced with this “collect now and decrypt later” strategy, officials are looking to develop and implement new cryptographic algorithms to protect secrets against an emerging class of powerful machines. This includes the Department of Homeland Security, which says it is conducting a long and difficult transition to what is known as post-quantum cryptography.
“We don’t want to find ourselves in a situation where we wake up one morning and there has been a technological breakthrough, and then we have to do the work of three or four years in a few months, with all the additional risks associated with that,” says Tim Maurer. , who advises the Secretary of Homeland Security on Cyber Security and Emerging Technology.
DHS recently released a road map for the transition, starting with a call to catalog the most sensitive data, both within the government and in the business world. Maurer says this is a vital first step “to see which sectors are already doing this and which ones need assistance or awareness to make sure they act now.”
Prepare in advance
Experts say it may still take a decade or more before quantum computers are able to make anything useful, but with the money pouring into the field in both China and the United States, the race is to make it and to design. better protections against quanta. attacks.
The United States, through NIST, has held a competition since 2016 which aims to produce the first quantum computer-proof algorithms by 2024, according to Moody, who leads NIST’s post-quantum cryptography project.
The transition to the new cryptography is a notoriously complicated and time-consuming task, and it’s easy to ignore until it’s too late. It can be difficult to get for-profit organizations to spend years on an abstract future threat before that threat becomes a reality.
“If organizations aren’t thinking about the transition now,” says Maurer, “and then become overwhelmed by the time the NIST process is completed and the sense of urgency is there, the risk of accidental accidents increases … the transition won’t it’s never a good idea. “