← Back to Daily Briefing

The US government is mandating a transition to Post-Quantum Cryptography (PQC) to mitigate "Harvest Now, Decrypt Later" (HNDL) threats from future large-scale quantum computers capable of breaking RSA and ECC. Driven by recent Executive Orders, the migration requires implementing NIST-standardized algorithms, specifically FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA). This shift is not a drop-in replacement; it introduces significant data overhead in key and signature sizes. Implementation is surfacing in critical low-level libraries like pyca/cryptography (v48), which utilizes Rust bindings and AWS-LC to support these new primitives, impacting over 1.2 billion monthly downloads across critical infrastructure tools like Ansible and Certbot.

  • Strategic Context: The Quantum Threat

    • Identification of critical vulnerabilities in classical algorithms including RSA, ECDSA, and Ed25519.
    • Urgent response to HNDL (Harvest Now, Decrypt Later) where adversaries collect encrypted data for future quantum decryption.
    • Top-down driver via White House Executive Orders targeting national cryptographic resilience.
  • Key Policy Pillars: Implementation Mandates

    • Dec 31, 2030: Hard deadline for high-value/high-impact federal systems to implement post-quantum key establishment.
    • Dec 31, 2031: Hard deadline for high-value/high-impact federal systems to implement post-quantum digital signatures.
    • Coordination between NIST (standards), White House (policy), and Sovereign Tech Agency (infrastructure/funding).
  • Industry Impact: Technical and Operational Overhead

    • Massive signature expansion: Transitioning from Ed25519 (64B) to ML-DSA-65 (3,309B) increases payload requirements significantly.
    • Key exchange expansion: Moving from X25519 (32B) to ML-KEM-768 (1,184B public key) increases handshake data overhead.
    • Protocol shifts: Required migration from traditional Diffie-Hellman to Key Encapsulation Mechanisms (KEM) and updated wire formats.
  • Defense Response: Ecosystem Integration

    • pyca/cryptography v48 provides critical PQC primitives using Rust bindings and AWS-LC backends.
    • Critical dependency for 1.2 billion monthly downloads, including Ansible, Certbot, and Paramiko.
    • Emphasis on low-level library implementation as the primary vehicle for broad industry adoption.
  • Future Outlook: The Long-Term Migration

    • Transition from classical primitives to lattice-based (ML-KEM/ML-DSA) and hash-based (SLH-DSA) cryptography.
    • Ongoing standardization efforts led by NIST to refine parameter sets like ML-KEM-768 and ML-DSA-65.
    • Long-term requirement for cryptographic agility to adapt to evolving quantum computing capabilities.

Related posts

  1. SC Media — Trump signs executive order to accelerate US quantum computing strategy
  2. Trail of Bits Blog — Shipping post-quantum cryptography to Python
  3. Blog
  4. Hklaw
  5. Industrialcyber
  6. Globalpolicywatch
  7. Crowell
  8. Networkworld
  9. Whitehouse
  10. Youtube
  11. Pillsburylaw

LINK COPIED TO CLIPBOARD