NIST official says post-quantum environment still years away

encryption concept (BeeBright/ 

Despite recent industry claims of quantum supremacy, an official from the National Institute of Standards and Technology said there's no near-term danger that modern tools will be able break current encryption methods.

NIST is currently working on a number of initiatives to develop more modern cryptographic algorithms to help federal agencies resist codebreaking efforts from quantum computers as well as new standards for smaller "lightweight" and internet-of-things devices that have become more prevalent over the past decade.

Those initiatives are still under development, and researchers have always envisioned a slow transition from current encryption standards over the next two to five years. However, in October, Google released a research paper claiming that it had developed a 54-qubit processor capable of performing in 200 seconds calculations that would require 10,000 years for the world's most powerful supercomputer to process.

Other researchers, such as IBM's quantum team, have disputed those claims and argued that classical systems would be able to perform the task described by Google in about two and a half days. Now, Matthew Scholl, chief of the Computer Science Division at NIST, told members at a recent Information Security Privacy Advisory Board meeting that the agency still believes "relevant" quantum codebreaking is still years away.

"I want to assure people that the step from Google's announcement of quantum supremacy to having a quantum machine that is cryptographically relevant -- meaning something that will actually be able to break our current public-key infrastructure -- is really a significantly wide gap," Scholl said.

Despite Google's claims, which Scholl noted were "under some debate," the agency is still holding firm on its belief that agencies can slowly switch out their older encryption protocols over the coming years without leaving themselves exposed.

"We still feel quite confidently -- not just NIST but the global community that we're working with -- that the timeline that we're on for developing and deploying quantum-resistant encryption standards is still relevant," he said. "So we're still looking at 2022 to 2024 for having those standards complete."

The agency has already gone through two rounds of evaluating submissions for replacement post-quantum algorithms and met in August to examine not just the cryptographic strength of those proposals but also their performance and how disruptive they might be if they were used as replacements for certain systems and devices.

Scholl said NIST is working with the National Cybersecurity Center of Excellence and industry partners to develop a guidance document to assist organizations as they work through the cost and technical difficulties associated with transitioning from older forms of encryption to the newer post-quantum algorithms. However, he reiterated that those standards are still being evaluated and developed, and agencies shouldn't move too quickly to replace their encryption before the new standards are fully vetted.

"Folks are asking us, 'I need to buy something quantum safe now, what should I buy now?' and what we're telling them is 'Nothing," Scholl said. "Buy nothing now but know where the items are that you need to have in place, know what those items are protecting and then start to prioritize when buying is appropriate."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at [email protected], or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.