Happy Nice Mall

“The threat of an enemy of the nation-state to obtain a large quantum computer and access your information is real,” says Dustin Moody, a mathematician at the National Institute of Standards and Technology (NIST). “The threat is that they copy your encrypted data and hold it until they have a quantum computer.”

Faced with this “harvest now and decrypt later” strategy, authorities are trying to develop and deploy new encryption algorithms to protect secrets against an emerging class of powerful machines. That includes the Department of Homeland Security, which it says is leading a long and difficult transition to what’s known as post-quantum cryptography.

“We don’t want to be in a situation where we wake up one morning and there’s a technological breakthrough and then in a few months we have to do three or four years of work. Tim Maurer, who advises the secretary of homeland security on cybersecurity and emerging technology.

DHS recently had a road map For the transition, starting with a call to catalog the most sensitive data, both within government and in business. Maurer says this is a vital first step “to see which industries are already doing this and which need help or awareness to make sure they are taking action now.”

Preparing in advance

Experts say it may still be a decade or more before quantum computers can achieve anything useful, but with money pouring into the space in both China and the US, the race to make it happen and design better protection against quantum continues. attacks.

USA, via NIST competition According to Moody, who leads NIST’s post-quantum cryptography project, since 2016, which aims to produce the first quantum computer-proof algorithms by 2024.

Migrating to the new cryptography is notoriously hard and long work, and it’s easy to ignore until it’s too late. It can be difficult to get nonprofits to spend money on an intangible future threat years before that threat becomes a reality.

“If organizations aren’t considering the transition now,” Maurer says, “if they’re overwhelmed when the NIST process is complete and a sense of urgency arises, it increases the risk of accidental events… switching is never a good idea.”