Jason Van der Schyff
It was encouraging to read Microsoft’s thoughts on the transition to post-quantum cryptography—the new generation of encryption designed to resist future quantum computers. Few companies straddle as much of the quantum landscape, including hardware, error correction, algorithm design and deployment. When Microsoft sets a migration timeline, it matters.
The first striking element is pace. Most governments have set 2035 as the deadline for completing migration to post-quantum cryptography. Microsoft has chosen 2033. The company will make such cryptography available for early adopters by 2029, giving organisations a head start. SymCrypt, Microsoft’s cryptographic library, underpins much of its infrastructure. Microsoft plans to modernise it, integrate new tools, then extend across its estate. The ambition is welcome, but the challenge remains large.
The second element is uncertainty. Microsoft’s resource-planning tool and its research into topological qubits—a form of quantum bit designed for greater stability—suggest that attacks on current cryptography may require fewer qubits than other projections assume. Although other approaches by IonQ, Quantinuum, QuEra and PsiQuantum are also progressing, they each carry different implications. Governments and industry cannot anchor plans to one forecast.
Microsoft has also highlighted its contributions to the National Institute of Standards and Technology process. Its involvement has been constructive, but the experience shows how difficult this journey can be. Several Microsoft-backed algorithms were set aside due to cryptanalysis or performance issues. They remind us that migration needs be treated as a living process.
Setbacks should be expected and actively planned for. Microsoft’s Project Natick—an experimental undersea datacentre—originally deployed an algorithm known as SIKE that was later withdrawn after vulnerabilities were identified. The lesson is that even the largest players can be overtaken by the pace of cryptanalysis. If global leaders can be caught out, governments and smaller firms need to assume the unexpected and prepare accordingly.
No comments:
Post a Comment