Quantum Information Science (QIS) offers a new world of computational capabilities beyond the reach of today’s classical computing. At the same time, QIS threatens the cryptographic algorithms upon which modern digital security and privacy is built.

The White House recently released the “National Security Memorandum on Promoting United States Leadership in Quantum Computing While Mitigating Risks to Vulnerable Cryptographic Systems”, or NSM-10.  The memorandum represents the Biden Administration’s plan to maintain the Nation’s competitive advantage in QIS without jeopardizing national security. The memorandum is split into four sections, each outlining specific steps towards achieving this balance.

Sec 1. Policy

Section 1 outlines the overarching policies of the administration: “(1) to maintain United States leadership in QIS, through continued investment, partnerships, and a balanced approach to technology promotion and protection; and (2) to mitigate the threat of CRQCs through a timely and equitable transition of the Nation’s cryptographic systems to interoperable quantum‑resistant cryptography.”

CRQCs, which you may not have heard of before, are “crypt-analytically relevant quantum computers”, or quantum computers that have become computationally powerful enough to break today’s public key cryptography.  Quantum-resistant cryptography, also known as “post-quantum cryptography” or PQC, are new cryptography algorithms that are believed to be resistant to attack by both classical computing as well as CRQCs.  The National Institute of Standards and Technology (NIST) is currently in the process of selecting a set of PQC algorithms for standardization.

Sec 2. Promoting United States Leadership 

Section 2 calls for a proactive approach to QIS research and development (R&D). This is to be accomplished through investments in core QIS research programs, the expansion of education and workforce programs, and a focus on developing and strengthening partnerships between industry, academic institutions, allies, and like-minded nations.

In addition, within 90 days of this memorandum, agencies that fund research in, develop, or acquire quantum computers are required to identify a liaison to the National Quantum Coordination Office. They are to share information and best practices to ensure a coherent national strategy for QIS promotion and technology protection.

Sec 3. Mitigating Risks to Encryption

Section 3 prioritizes the transition to quantum-resistant cryptography by 2035 and the use of cryptographic agility frameworks to aid that transition. A large number of agency directives are given for implementing this goal, and central to the discussion are NIST and the National Security Agency (NSA) who are both actively developing technical standards for implementation and deployment in their respective jurisdictions. The first wave of these standards are expected to be ratified by 2024. The section provides a lengthy timeline of agency actions over the next year with continuing reporting obligations into the future.

Note that the CCC held a workshop (more information below) on post quantum migration and cryptographic agility which Section 3 highlights.

Sec 4. Protecting United States Technology

Section four acknowledges the need for the U.S. government to protect relevant quantum R&D and intellectual property (IP) from cybercrime and theft. This requires educational campaigns for industry, academia, and State, local, Tribal, and territorial (SLTT) partners on the threat of IP theft and on the importance of strong compliance, insider threat detection, and federal law enforcement.

By December 31, 2022, the heads of agencies related to QIS technologies are to develop comprehensive technology protection plans to safeguard QIS R&D, technology acquisition, and user access.  These plans will be updated annually and provided to the Assistant to the President for National Security Affairs (APNSA), the Director of the Office of Management and Budget (OMB), and the Co-Chairs of the National Science and Technology Council Subcommittee on Economic and Security Implications of Quantum Science.

The Computing Community Consortium has a history of activities identifying and discussing the potential capabilities and threats of QIS. In particular:

• In 2020, the CCC released a series of white papers called “Quadrennial Papers”, meant to identify areas and issues of national priorities in the computing research field. Among them is the white paper “Post Quantum Cryptography: Readiness Challenges and the Approaching Storm”, which identifies a number of issues addressed by the recent presidential memorandum.
• In 2019, the CCC held a workshop “Identifying Research Challenges in Post Quantum Cryptography Migration and Cryptographic Agility”. The overall objective of the workshop was to identify academic research challenges in Post Quantum Computing migration and cryptographic agility. The widely cited workshop report outlining key findings can be found here.

You can read the entirety of the NSM-10 memorandum released on May 4, 2022 here.