White House shortens deadline for transition to quantum-resistant encryption by 4–5 years

The White House issued an executive order titled *Securing the Nation against Advanced Cryptographic Attacks* that shortens the deadline for transitioning high-value and high-impact systems to post-quantum cryptography (PQC). Under the order, key establishment schemes must be quantum-resistant by December 31, 2030, and digital signature schemes by December 31, 2031. Previously, most non-defense systems had until 2035 to complete the transition.

The accelerated timeline follows recent research indicating that the resources and cost required to build a cryptographically relevant quantum computer are lower than earlier estimates. In March, researchers demonstrated that elliptic curve cryptography used in Bitcoin and Ethereum could be broken with 30,000 physical qubits in 10 days, and a Google team estimated that solving the elliptic-curve discrete logarithm problem could require roughly 500,000 physical qubits—half the number estimated in June 2025 for breaking 2048-bit RSA.

The order establishes a government-wide transition coordination process led by the Director of the Office of Management and Budget and the National Cyber Director. Each federal agency must designate a point person to report progress on quantum transition efforts. The Secretary of State is directed to work with NIST, the Department of Defense, DHS, the National Cyber Director, and the Director of National Intelligence to engage foreign governments and industry groups on adopting NIST-standardized PQC algorithms.

NIST and the Cybersecurity and Infrastructure Security Agency (CISA) are tasked with issuing guidance on cryptographic bill of materials (CBOM), which will list all components, libraries, and modules in an encryption system. The order also introduces new procurement rules aimed at requiring covered contractors to meet the same quantum-readiness deadlines and implement vulnerability disclosure policies by the end of 2030.

The urgency stems from the threat posed by quantum computers running Shor’s algorithm, which can solve mathematical problems underlying RSA and elliptic curve cryptography in polynomial time—far faster than classical computers. Post-quantum algorithms are designed to resist such attacks, but transitioning is not a simple drop-in replacement; for example, public key sizes for ML-KEM, a PQC replacement for RSA, are roughly three times larger.

Separately, the White House published a second executive order directing the federal government, in partnership with private industry, to support the development of a quantum computer powerful enough to initiate the era of quantum-enabled scientific discovery.