A student in one of my summer courses asked the question I get every time encryption comes up in discussion: why does this matter now? RSA (Rivest-Shamir-Adleman) and ECC (elliptic curve cryptography) have protected data for decades. The quantum computer that breaks them does not exist yet.
My usual answer leans on Q-Day estimates: Google's Gidney put the threshold at roughly one million physical qubits to break RSA-2048, and an IonQ fidelity result last October pushed the realistic window to somewhere between 2029 and 2033. Most expert estimates before that sat closer to 2035. On June 22, the federal government answered the student's question for me. President Trump signed
an executive order setting hard deadlines for federal post-quantum cryptography migration (PQC): agencies must move high value assets to post-quantum key establishment by December 31, 2030, and post-quantum digital signatures by December 31, 2031. Federal contractors get the same 2030 deadline for FIPS (Federal Information Processing Standards) compliance.
That replaces the prior government baseline. Under the Biden administration's National Security Memorandum 10, agencies were planning around 2035. The new order compresses that by four to five years and adds teeth: agencies must name a PQC migration lead within 30 days, the Commerce Department must run a migration pilot by the end of 2027, and contractors face FIPS enforcement through procurement rules.
Coverage from Cybersecurity Dive notes the order also pushes CISA (the Cybersecurity and Infrastructure Security Agency) to publish guidance on cryptographic bills of materials, the inventory work agencies need before they can migrate anything.
How the Industry Responded
Two days after the signing, STMicroelectronics introduced the ST54M, the first mobile chip with a dedicated hardware accelerator for post-quantum algorithms. It runs ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism) and ML-DSA (Module-Lattice-Based Digital Signature Algorithm), the NIST (National Institute of Standards and Technology) standards finalized in 2024, on a single die alongside NFC (near-field communication), secure element, and eSIM (embedded SIM) functions. Commercial sampling is available now, with certification targeted for July 2026. That is the hardware path the federal order is pushing the rest of industry toward on the same compressed timeline.
I tell students today: nobody knows the exact day a cryptographically relevant quantum computer arrives, but the government just stopped waiting to find out. And.... I would not be surprised at all to see the deadline moved forward again.... soon.


No comments:
Post a Comment