The government unveils its quantum counter-weapons

Aug 13, 2024

With help from John Hendel

the Gaithersburg Campus of National Institute of Standards and Technology

The Gaithersburg Campus of the National Institute of Standards and Technology, which is coordinating research on post-quantum cryptography. | Shutterstock

The federal government laid out its first line of defense against quantum cyberattacks on Tuesday — a major bulwark against one of the cybersecurity community’s biggest fears.

The National Institute of Standards and Technology published the world’s first three official post-quantum cryptographic algorithms, tools designed to protect key systems against future quantum computers powerful enough to crack any code generated by a modern computer.

Tuesday’s announcement, delivered with great fanfare at the White House, caps off a lengthy process that dates back to the last days of former President Barack Obama’s administration, when NIST called out to the scientific community asking experts to submit algorithms strong enough to resist quantum-powered hacking.

The goal was to build something that could defend against a code-breaking algorithm developed in the 1990s by mathematician Peter Shor, which demonstrated the awesome power of a functional quantum computer to defeat even the U.S. government’s ultra-complex encryption techniques.

“Code-making and code-breaking is the underpinning of all of our security,” deputy national security adviser Anne Neuberger said at the White House on Tuesday. Neuberger, who previously led the National Security Agency’s cybersecurity efforts, said Washington is already learning “how hard it is” to migrate to a new form of quantum-resistant cryptography.

“What’s the data that you’d care if an adversary could use a quantum computer in nine or 10 years to decrypt it? We have lots of that in the intelligence community. We have lots of that in our Department of Defense,” Neuberger said.

A powerful quantum computer in the hands of an adversary would threaten not only Americans’ “personal and financial information,” but also the nation’s “critical infrastructure” — energy systems, water supplies, telecommunications and intellectual property — said Stephen Welby, deputy director for national security at the White House Office of Science and Technology Policy.

Tuesday’s announcement caps off a process that took nearly eight years, stretching across four rounds of submissions and 69 possible encryption standards. But the competition to shore up Washington’s defenses against quantum code-breaking was ultimately dominated by IBM — a company not always seen as a key player in the development of cutting-edge tech.

Two of the cryptographic algorithms chosen by NIST were developed by IBM researchers in partnership with other companies and academics. The third algorithm was co-developed by a researcher who later joined IBM (along with a global group of developers that included Google and Amazon). NIST plans to standardize a fourth algorithm developed by IBM before the end of this year.

By officially publishing the standards, NIST is giving a green light to companies that they can use these tools to start quantum-proofing now. It applies to the government as well, after a 2022 executive order that agencies be quantum-proofed by 2035.

“It removes a level of uncertainty, where you cannot sort of shy away and say you don’t know what the algorithms are,” Dario Gil, senior vice president and director of IBM Research, told DFD. “If you have something you want to protect, and the horizon for which you want to protect is longer than 5-10 years, what a bad actor could do if you don't start acting now is you basically harvest it now and decrypt later.”

Protecting encrypted data against future quantum attacks isn’t just a wonky computer problem to solve — it’s a major geopolitical consideration, as China presses its own advantage in the quantum realm.

Ciel Qi, an analyst at the China-focused Rhodium Group think tank, told IEEE Spectrum last week that “While China likely holds an advantage in [quantum]-based cryptography due to its early investment and development, others are catching up.”

Gil, who also chairs the U.S. government’s National Science Board, said that the global threat to cryptographic safety has shifted even in the few years since the original call went out. As developments in artificial intelligence feed into quantum and code-breaking advances, he said standards like those published by NIST on Tuesday become even more crucial.

“With AI itself, and its ability to write code, and to be able to use AI to create new attacks and then defend against those attacks… between 2016 [when the NIST program began] and now, that story is dramatically different from what we were encountering then,” Gil said.

The other side of that coin, as Gil sees it, is how advances in AI and quantum build on each other not just to create more powerful cyberweapons, but to unlock a more fundamental understanding of the mathematics and computer science that underpin them.

“If you start peeling the onion, there is actually a small set of algorithms that are the basis of everything,” Gil said. “Quantum is forcing us to revisit those fundamental algorithms… by forcing the dialogue on these questions, we get to update and rethink how we should implement classical algorithms in classical computers.”

DON’T MISS OUR AI & TECH SUMMIT: Join POLITICO’s AI & Tech Summit for exclusive interviews and conversations with senior tech leaders, lawmakers, officials and stakeholders about where the rising energy around global competition — and the sense of potential around AI and restoring American tech knowhow — is driving tech policy and investment. REGISTER HERE.

Hack the future (of politics)

Anxiety around a recent alleged hack of Donald Trump’s presidential campaign remained high late Tuesday following reports that the Federal Bureau of Investigation is now investigating. As POLITICO’s Josh Gerstein and John Sakellariadis reported, the probe is also looking at attempts to break into the digital files of top Democrats, and it has swept in longtime political figures like Trump adviser Roger Stone.

“We were contacted by Microsoft and we were contacted by the FBI,” Stone lawyer Grant Smith told POLITICO. “Roger Stone is cooperating.”

It’s not clear who is behind the attacks, although the Trump campaign has suggested possible Iranian involvement. The breach, which POLITICO first reported over the weekend, is also raising questions for how news outlets handle these sensitive documents, with journalists generally holding back from writing on the hacked materials themselves. Rep. Eric Swalwell (D-Calif.), ranking member of the House Homeland Security Committee’s cyber subcommittee, said Saturday night he was “hoping to be briefed in the next few days” by federal agencies on the issue, and that he would return to Washington, D.C. from summer recess for it.

The incident is one part of a larger story about the nation’s campaign infrastructure, which is still a work in progress, falling short of what many experts hope to see. Writing from the “Voting Village” at the DEF CON hacking conference, POLITICO’s Maggie Miller wrote that attendees found vulnerabilities in voting machines — but fixes aren’t likely before Election Day. — John Hendel

SUBSCRIBE TO GLOBAL PLAYBOOK: Don’t miss out on POLITICO’s Global Playbook, our newsletter taking you inside pivotal discussions at the most influential gatherings in the world. Suzanne Lynch delivers the world's elite and influential moments directly to you. Stay in the global loop. SUBSCRIBE NOW.

Tweet of the Day

Tweet of the day from Chrissy Farr

The Future in 5 links

The DNC livestream will go vertical to make it easier for the influencers.
Insiders at X question whether a DDOS attack delayed the Musk-Trump interview.
The European Union’s top digital enforcer faces backlash at home for his letter to Musk.
Workers at an agri-tech startup that JD Vance funded say they faced grim job conditions.
A new Google device has its finger on the pulse (literally).