Microsoft Also Anticipates Transition to Post-Quantum Encryption by 2029
Microsoft has decided to accelerate the timeline for completing its transition to post-quantum encryption: the company announced that it will migrate "critical products and services" to new ciphers by 2029, citing advancements in quantum computing as the primary reason for this acceleration.
Google was the first to set a deadline for when post-quantum ciphers should be operational: in March, it established 2029 as the final deadline for migration. Following suit was Cloudflare, which agreed to the 2029 timeframe. Just a few days ago, the United States government also pushed its transition of critical infrastructure to new ciphers to 2030.
Now, Microsoft has communicated its intention to expedite its plans, which include the transition to TLS 1.3 (which encompasses the new post-quantum cryptographic standards) for data transmitted over the network, the adoption of so-called "crypto-agility" in applications and services (meaning the ability to change ciphers in use without having to rebuild the applications from scratch), and the modernization of software, device, and service trust chains, for example, through code signing and certificate protection.
Microsoft states that "for most organizations, the hardest part isn't choosing post-quantum algorithms, but understanding where encryption is already used in applications, services, networks, identities, certificates, and hardware and updating it."
For this reason, the company asserts that it will continue to provide information to help organizations take inventory of their encryption and migrate to new ciphers where necessary.
Microsoft's announcement, like those of other entities, should not be interpreted as a certainty that a quantum computer capable of breaking current public key ciphers will arrive by 2029, but rather as an indication of a time when data is still expected to be secure. No one knows for sure when a sufficiently powerful device will be available, but in this and other cases, the old English saying prevails: "better safe than sorry."