Microsoft announces plan to transition to quantum resilience by 2033

Microsoft announces plan to transition to quantum resilience by 2033

Briefly

Microsoft is looking to finalize the transition of its products to a post-quantum cryptographic standard by 2033, two years before the 2035 deadline the Biden administration previously recommended to mitigate "as much of the quantum risk as is feasible," per a 2022 OMB memo. Microsoft outlined its approach in a new transition plan released on Wednesday and said it aims to follow three phases in its conversion to a cryptography standard that is resilient to a fault-tolerant quantum computer, with early adoption of quantum-safe systems beginning in 2029.

The three phases are each focused on certain assets to transition individually, and start with foundational security components, move to core infrastructure services, and then end at all of Microsoft's services and endpoints. This approach aims to tackle the gargantuan task of completely overhauling Microsoft's suite of digital products and services in an organized and timely manner, "While scalable quantum computing is not available today, the time to prepare is now," the plan said.

Updating the foundational security components hinges on incorporating quantum-safe key exchange mechanisms into Microsoft's architecture so as to incorporate the available PQC algorithms across the company's software platforms. Following this update, core infrastructure services will take security a step further by introducing new authentication and key management into application logins. All of these updates to security measures will then be available in Microsoft's endpoint devices that can transmit data between networks. The scope of this project encompasses popular services like Microsoft 365, Azure and other data platforms.