The White House "Report on Post-Quantum Cryptography"
The White House has recently published the "Report on Post-Quantum Cryptography" pursuant to legislative requirements and National Security Memorandum 10 (NSM-10). This document delineates the U.S. national approach to transitioning to Post-Quantum Cryptography (PQC) and plays a pivotal role in setting the strategic groundwork for future cryptographic standards.
Overview and Purpose of the Report
The report outlines several key points:
1. It provides a detailed description of the U.S. strategy for shifting to PQC, highlighting the anticipated challenges and strategies to overcome them.
2. It presents an estimate of the financial resources required for the transition, suggesting a proactive allocation of funding.
3. It summarizes the progress made to date, primarily under the auspices of the National Institute of Standards and Technology (NIST).
Significant Insights and Estimates
- The report estimates the development of a Cryptographically Relevant Quantum Computer (CRQC) as likely to occur in the 2030s. This aligns with the consensus within the scientific community and underscores the urgency of preparing for quantum computational realities.
- It acknowledges the dual nature of quantum computing as both a potent tool and a significant threat. The U.S. Government recognizes the necessity to both foster the development of quantum computing technologies to sustain a competitive edge globally and to fortify defenses against potential quantum threats.
Strategic Migration Plan to PQC
The transition strategy includes several crucial components:
- The establishment of a thorough and continuous cryptographic inventory. Due to the pervasive integration of public-key cryptography, this inventory will need regular updates through both automated and manual methods.
领英推荐
- The potential for "record-now, decrypt-later" attacks makes it essential to commence the transition to PQC well before the actual operational readiness of a CRQC.
- Agencies are directed to prioritize which systems and data sets should transition to PQC first. This includes high-impact information systems, high-value assets, and other systems that house data expected to remain sensitive by 2035, or those using asymmetric encryption methods like Public Key Infrastructure (PKI).
- Early identification of systems that cannot support PQC is critical. These systems must be identified early to plan their replacement or update, thereby avoiding delays in migration. The report notes that replacing these systems will account for a significant portion of the total cost estimated.
Financial Implications and Further Observations
The projected total cost for the government-wide transition between 2025 and 2035 is approximately $7.1 billion (in 2024 dollars). This figure is presented as an initial estimate, subject to adjustments as more precise information becomes available. It's important to note that this budget does not cover National Security Systems. The sheer scale of this budget highlights the importance of strategic investments in technology updates and the need for robust management of technology obsolescence.
Conclusion
This report is not only a significant blueprint for advancing U.S. cryptographic capabilities but also a critical step in safeguarding national security in the quantum age. The insights provided, particularly the substantial budget earmarked for this transition, underscore the magnitude of the task at hand. For companies outside the governmental sphere, this report serves as a reminder of the importance of regular technology updates and renovations. Identifying and planning for the obsolescence of systems that cannot be upgraded to PQC is essential, as is revising procurement policies to ensure future readiness for PQC.
Link to the report:
It is also important to note that NIST made their PQC annoucment today:
?