Quantum computing requires new levels of cybersecurity

Federal sector expects increase in quantum activity during 2024

By Jimmy Baker and Bruce LaPine, PhD

If you’ve read any federal or state IT publications lately, then you should be familiar with the national cybersecurity concerns surrounding quantum computing. But what is the difference between classical and quantum computing, and what’s in store for federal agencies, both near-term and down the road?

The National Institute of Standards and Technology (NIST) had a deadline of November 22, 2023, for any feedback on proposed standards that could be strong enough to stand up to the threat that quantum computing poses to public sector security.

NIST is defining security standards for the age of quantum computing, along with some definitions of the language associated with the quantum world.

Technology advances create security vulnerabilities

As quantum.gov indicates, quantum-based technologies are already making seismic shifts in the private sector, and government is not far behind. Examples of quantum computing already making a difference in technology, quantum.gov states, include GPS, magnetic resonance imaging, semiconductors and lasers for telecommunications.

Because Quantum Information Science (QIS) and Quantum Information Processing systems (QIPs) are so profoundly revolutionary, their capabilities can be used by adversaries to cause detrimental effects to business, industries and the government sector.

One of the major technology areas that may be affected with the projected power and speed of quantum computing is today’s encryption. Current algorithms take a massive amount of compute power and time to break an encryption code using a conventional computer.  

Quantum computing systems have the ability to perform simultaneous computations at an exponential rate when compared to the linear processes of today’s conventional computers. What would have taken many years with today’s computers can be performed in as little as hours using quantum-based systems.

Because of this extremely short compute time, quantum computing has the unfortunate effect of extinguishing any possible safety factors. Consequently, most currently encrypted transactions involving information exchange are at risk.

NIST algorithms for quantum-resistant encryption

After much research, NIST selected four algorithms that are likely to withstand quantum computer attacks. The agency is working to standardize these algorithms as a last step to enabling organizations around the world to integrate them into their encryption infrastructure.

The proposed standards include:

• CRYSTALS-Kyber, for general encryption purposes such as creating secure websites (covered in FIPS 203).
• CRYSTALS-Dilithium, to protect digital signatures when signing documents remotely (covered FIPS 204).
• SPHINCS+, another proposed algorithm for digital signatures (covered in FIPS 205).

A draft standard for FALCON, the fourth algorithm, which will also address electronic signatures, will be released in about a year, NIST says.

The proposed standards are distinct guidelines that will impact both the commercial and federal sectors. There’s much activity being planned in quantum computing in the federal sector from now through the end of 2024. By familiarizing yourself with quantum topics and the upcoming initiatives being proposed by NIST, you’ll be in better shape to position your offerings properly in the post-quantum information exchange world.

Contact an immixGroup representative about quantum computing and other trends that should be on your radar.

Jimmy Baker is public sector marketing strategist and Bruce LaPine, PhD is security architect for immixGroup, the public sector business of Arrow Electronics. immixGroup delivers mission-driven results through innovative technology solutions for public sector IT.

Visit http://www.immixGroup.com/ for more information.

Want to keep on top of federal procurement regulations? Subscribe to immixGroup’s Government Sales Insider blog now!