With help from Derek Robertson
The ability to pay for something with a credit card online is something we now take for granted, but in the not too distant future, quantum computers may be able to crack the encryption that protects these payments from spies and cybercriminals.
The encryption-breaking power of these quantum computers, although probably still decades away, has already the National Security Agency worried that enemies of the United States are accessing classified secrets.
as we have reported in this newsletterseveral branches of the federal government are trying to find solutions.
The House of Representatives today passed a bill aimed at accelerating the government’s use of encryption algorithms that quantum computers would find difficult to break with currently known methods, in part for fear that an adversary could “steal sensitive encrypted data today help of classical computers, and wait until sufficiently powerful quantum systems are available to decipher it.
In May, President Joe Biden issued a national security note stating that a powerful quantum computer “would jeopardize civilian and military communications, undermine critical infrastructure supervision and control systems, and violate security protocols for most internet financial transactions.”
Nobody knows for sure whether such a quantum computer is five years away, 20 years away, or a dream that will never come true. But the National Institute of Standards and Technology is coordinating efforts to develop new encryption algorithms so the government is ready. On July 5, NIST announced the selection of the first four of these algorithms.
“We’re not waiting for anything to be broken,” Matthew Scholl, the chief of NIST’s computer security division, told me in an interview a few days before the announcement.
Quantum computers are not superior to classical computers in any general sense, but they can (in theory) solve particular kinds of problems quickly, including breaking down large numbers into their prime factors. (It is much easier to figure out that 101 * 167 = 16,867 than to reverse this calculation, and factoring quickly becomes more difficult as the numbers increase.) Much of the so-called “public-key” cryptography used today, what makes it easy for anyone to send a message that only the intended recipient can read, relies on the fact that large numbers are difficult to factorize.
NIST Post-Quantum Cryptography Project is an attempt to fix this vulnerability. The agency has sifted through 69 algorithm submissions over the past six years, all in hopes of finding an encryption standard that can withstand quantum computers and work with a wide variety of equipment.
Of the four algorithms approved by NIST this month, one, CRYSTALS-KYBER (named after the minerals that power lightsabers in star wars), is used to securely create and share encryption keys. The other three – CRYSTALS-Dilithium (named after the spacecraft’s power source in star trek), FALCON and SPHINCS — are digital signature schemes, used to verify that the sender and receiver of a message are who they claim to be.
The idea is to create a basket of algorithms, both to offer alternatives if a vulnerability is discovered in one of them and to adapt to systems with limited computing capacity.
Other algorithms are still under consideration, and NIST plans to release its post-quantum cryptographic standard, including the full basket of algorithms, in 2024.
NIST is working with international partners to build global support for the eventual standard, which would increase the number of tech companies using it — or perhaps slight variations — instead of waiting for other countries develop competing standards.
This global upgrade is a daunting task.
The good news is that software updates from a handful of big tech companies, including Google, Microsoft, and Apple, will ripple through a colossal number of computers, web browsers, and gadgets. The bad news is that many smaller providers may not know or care about the transition. Also problematic: many companies are still using aging, specialized equipment beyond the reach of remote vendor patches.
NIST is developing guidance to help these companies understand their risks and prepare for the transition, and the DHS Cybersecurity and Infrastructure Security Agency uses its relationships with key industries to help hospitals, power plant operators and other organizations whose specialized functions require custom hardware.
Biden’s memorandum set a goal “to mitigate quantum risk as much as possible by 2035.” NIST thinks it’s on the right track to do so.
“We’re certainly preparing for this more than any other crypto transition we’ve done before,” Scholl said.
As Silicon Valley institutional money flows into Web3 companies, more legislators are paying attention to the workings of crypto politics – and sketching out partisan positions accordingly.
representing Jake Auchinclos (D-Mass.) joined a Twitter chat with Andreessen Horowitz partner Chris Dixon and General Counsel Miles Jennings to discuss the regulatory landscape around stablecoins, the Gillibrand-Lummis crypto bill, and the partisan valence of crypto policy ahead of a likely policy change House control.
“The GOP is pretty sympathetic to crypto,” Auchincloss said. “The centre-left understands that…unfortunately, and I think without much justification, the progressive left has become quite hostile.”
As for the legislation itself, Auchincloss was open-minded about whether the broad approach of the Gillibrand-Lummis bill or more targeted legislation for issues such as stablecoins (as in a bill introduced earlier this year by Sen. Bill Hagerty (R-Tenn.) would be more appropriate, saying he would support both approaches as one of the small but growing lawmakers focusing on crypto policy.
He also expressed skepticism that stablecoins could somehow supplant or weaken the dollar – arguing that “the myth of the dollar’s decline has been pierced” by the recent market downturn. — Derek Robertson
The European Union is taking a close look at the metaverseand realizing that the dawn of a new technology might necessitate revisiting some old policy solutions.
A recent report by the EU’s parliamentary research body warns of the “opportunities, risks and policy implications” of developing the metaverse. The main concerns include:
- Competition: Powerful incumbents could use the metaverse’s “interoperability” — the ability for virtual goods and identities to be transported durably across different platforms — to entrench themselves, and the report recommends merger regulation or antitrust legislation like potential tools to combat the manipulation of interoperability as a means of consolidating corporate power.
- Data protection: As we have seen here at DFD, virtual reality devices create a vast new frontier of potential data collection. The report points out that the EU’s General Data Protection Regulation may eventually need to be revised to take virtual reality into account.
- Health“Addictions to social media and online games as a form of escapism already exist, but the metaverse can reinforce them,” write members of the European Parliament’s internal think tank, recommending careful attention to content moderation.
The report also outlines policy implications for accountability, financial transactions and cybersecurity – all as the EU braces for another showdown with Facebook, the metaverse’s most public and wealthy supporter. — Derek Robertson
Keep in touch with the whole team: Ben Schreckinger ([email protected]); Derek Robertson ([email protected]); Constantin Kakaes ([email protected]); and Heidi Vogt ([email protected]). Follow us on twitter @DigitalFuture.
If you have received this newsletter, you can register here. And read our mission statement here.