IBM is gearing up to deliver quantum-safe cryptography services on the IBM public cloud next year and is now making available a prototype of what it claims to be the first quantum computing-safe enterprise-class tape ever developed.
Announced at the Second Post-Quantum Cryptography Standardization Conference organized by the National Institute of Standards and Technology (NIST), an arm of the U.S. Dept. of Commerce, these offerings are part of an effort to replace traditional cryptography with cryptographic algorithms that are quantum-safe.
IBM said it will enhance its TLS/SSL implementations in IBM Cloud services using quantum-secure algorithms based on open standards and open source technology.
Vadim Lyubashevsky, a member of the cryptographer team at IBM Research, said IBM expects organizations to begin shifting to quantum-based cryptography. One such example is a lattice cryptography suite known as Cryptographic Suite for Algebraic Lattices (CRYSTALS), which was developed in collaboration with ENS Lyon, Ruhr-Universität Bochum, Centrum Wiskunde & Informatica and Radboud University. CRYSTALS is based on two quantum-resistant cryptographic primitives: Kyber, a secure key encapsulation mechanism, and Dilithium, a secure digital signature algorithm. It was donated to OpenQuantumSafe.org as part of an effort to develop open cryptography standards.
IBM has tested CRYSTALS on a prototype of an IBM TS1160 tape drive using Kyber and Dilithium in combination with symmetric AES-256 encryption. The algorithms are implemented as part of the tape drive’s firmware, which IBM hopes eventually will mean support for those algorithms will be provided as part of a software upgrade.
At its most fundamental level, rather than working with bits, a quantum computer employs particles in the form of qubits that can be in superposition; in other words, they can take the value of 0, 1 or both simultaneously. The number of qubits that a quantum computer can process is still limited, but from a cybersecurity perspective they already represent a major advance in encryption.
Lyubashevsky said it might be four to five years before formal cryptographic standards based on quantum-safe cryptography are agreed upon, so organizations should not wait for formal ratification before moving away from existing cryptography schemes. Given the complex methods that historically have been relied on to implement cryptography, most organizations should start their transition by first identifying where and how cryptographic algorithms have been implemented within their IT environments, said Lyubashevsky, adding it then should be easier for organizations to replace those algorithms over time by employing best DevSecOps processes.
In the meantime, IBM has implemented a Quantum Risk Assessment service through IBM Security to help customers identify what encrypted data they have that a quantum platform could breach. That day is more than 10 years away, so most of that assessment will focus on identifying data organizations have today that will need to remain secure over a decade in the future.
Outside of potentially a few nation-states, most cybercriminals are not likely to have access to a quantum computing platform anytime soon. But, in terms of the perennial cybersecurity arms race organizations find themselves in, quantum computing represents an advance that at this point can no longer be ignored.