Lattice-based encryption

GAO Urges Private, Public Entities to Adopt Quantum-Resilient Encryption Methods

The Government Accountability Office has released a new report urging the government, businesses and other organizations to begin implementing advanced encryption methods that can withstand the threats posed by quantum computers. According to the report, such computers are expected to be ready to break traditional encryption methods used for public-key cryptography and digital signatures within 10 to 20 years. GAO recommended using Lattice-based encryption and similar algorithms that are more difficult to decrypt, updating digital infrastructures and enhancing data security, among other post-quantum cryptography measures, Nextgov reported.

In November 2022, the White House’s Office of Management and Budget issued a memorandum requiring all federal entities to migrate to post-quantum cryptography standards by 2035. The memo also directs government agencies to prioritize the transition of sensitive information with long security lifetimes such as personally identifiable information to PQC. The GAO report, however, noted that the 2035 deadline may not be soon enough to protect sensitive data from attacks using quantum computers.

According to GAO, transitioning to PQC should begin now because it is a lengthy, expensive and complex process. The report said workforce gaps are another challenge associated with the PQC migration, citing a study predicting that less than 50 percent of jobs related to data security and quantum computing may be filled by 2025.