RSS

White House drastically shortens deadline for dropping quantum-vulnerable crypto

Bender1 pts0 comments

White House drastically shortens deadline for dropping quantum-vulnerable crypto - Ars Technica

Skip to content

AI

Biz & IT

Cars

Culture

Gaming

Health

Policy

Science

Security

Space

Tech

Forum

Subscribe

Story text

Size

Small<br>Standard<br>Large

Width

Standard<br>Wide

Links

Standard<br>Orange

* Subscribers only

Learn more

Pin to story

Theme

Search

Sign In

Sign in dialog...

Text<br>settings

Story text

Size

Small<br>Standard<br>Large

Width

Standard<br>Wide

Links

Standard<br>Orange

* Subscribers only

Learn more

Minimize to nav

The White House is drastically shortening the deadline for government agencies and organizations to adopt new quantum-resistant encryption systems that will withstand attacks that use quantum computers, as the federal government seeks to protect decades’ worth of secrets belonging to militaries, banks, governments, and most individuals on Earth.

The executive order, titled Securing the Nation against Advanced Cryptographic Attacks, requires computing systems for “high-value assets” and “high-impact systems” to transition to post-quantum cryptographic key establishment schemes by December 31, 2030, and to quantum-safe digital signature schemes by December 31, 2031.

Heading off a significant threat

The new deadline, which for many organizations is about five years sooner than the previous one, comes on the heels of recent research showing that the resources and cost for building a cryptographically relevant quantum computer are far less than previous consensus estimates. In response, Google, Cloudflare, and other companies recently tightened their timelines for moving off vulnerable systems to 2029.

“The advent of large-scale quantum computers, particularly in the hands of adversaries, will pose a significant threat to widely used cryptographic security systems,” Monday’s executive order stated. “Ongoing cyber activity against our Nation also presents the risk of adversaries collecting United States information now, and decrypting it later once large-scale quantum computers are operational.”

Under a timeline the National Security Agency published in 2022, “National Security Systems”—a class including only defense and intelligence systems under the authority of the agency—were under orders to be quantum-ready between 2030 and 2033. Most other organizations had until 2035 to complete the transition. Now, many of them will be required to transition much sooner.

“So, for any system that falls into this new bucket of high-value assets and high-impact systems, their transition timelines just got shortened by 4-5 years (from 2035 to 2030/2031),” Brian LaMacchia, a cryptography engineer who oversaw Microsoft’s post-quantum transition from 2015 to 2022 and now works at Farcaster Consulting Group, told Ars. “That is a significant shortening of the transition timeline for these systems, and it follows similar timeline revisions from Google and Cloudflare that we saw announced back in late March/early April.”

The order also:

Establishes a government-wide transition coordination process to be led by the Director of the Office of Management and Budget and the National Cyber Director. Each federal agency will designate a point person responsible for reporting quantum transition progress to them.

Directs the Secretary of State to work with the National Institute of Standards and Technology, the Department of Defense and Homeland Security, the National Cyber Director, and the Director of National Intelligence to “identify and engage foreign governments and industry groups in key countries to encourage their transition to PQC algorithms standardized by NIST.”

Directs NIST and the Cybersecurity and Infrastructure Security Agency to issue guidance on the release of a CBOM (cryptographic bill of materials), which lists all components, libraries, and modules in an encryption system.

Establishes new procurement rules that appear to be aimed at requiring “covered contractors” to meet the same quantum-readiness deadlines and implement vulnerability disclosure policies.

“Critical infrastructure owners and operators can now expect support in developing their PQC migration plans,” Jordan Kenyon, senior quantum scientist at Booz Allen, told Ars. “Covered contractors could face future requirements from proposed rules to incorporate PQC compliant algorithms required by FIPS by the end of 2030 and incorporate reports of cryptographic vulnerabilities in their disclosures.” FIPS is short for Federal Information Processing Standards, a set of standards shepherded by NIST for use in computer systems of non-military US government agencies and contractors.

No one knows when a cryptographically relevant quantum computer will arrive. Experts have made wide-ranging guesses for more than three decades. A key barrier is creating a system with the required number of qubits—the quantum equivalent of a bit in classical computing—that operates correctly even in the presence of errors that occur when they...

quantum systems transition security standard national

Related Articles

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

Is AI ruining our skills? Early results are in – and they're not good

Michelangelo1124 ptstools skills during physicians colonoscopies tool

The Anatomy of an AI-Native Org

kiyanwang22 ptstranslated managers business translation language engineering

Apertus – Open Foundation Model for Sovereign AI

T-A16 ptsopen model apertus foundation sovereign fully

Britain Became as Poor as Mississippi

SanjayMehta15 ptsbritain mississippi next financial crisis self
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.