The world of cryptography moves at a very slow, but steady pace. New cryptography standards must be vetted over an extended period and therefore new threats to existing standards need to be judged by decades-long timelines because updating crypto standards is a multiyear journey. Quantum computing is an important threat looming on the horizon. Quantum computers can solve many equations simultaneously, and based on Shor’s Algorithm, crypto experts estimate that they will be able to crack asymmetric encryption. In addition, Grover’s algorithm provides a quadratic reduction in decryption time of symmetric encryption. And the question these same crypto experts try to answer is not if this will happen, but when.
Today’s crypto algorithms use mathematical problems such as factorization of large numbers to protect data. With fault-tolerant quantum computers, factorization can be solved in theory in just a few hours using Shor’s algorithm. This same capability also compromises cryptographic methods based on the difficulty of solving the discrete logarithm problems.
The term used to describe these new, sturdier crypto standards is “quantum safe.” The challenge is we don’t know exactly when fault-tolerant quantum computers will have the power to consistently break existing encryption standards, which are now in wide use. There’s also a concern that some parties could download and store encrypted data for decryption later, when suitably capable quantum computers are available. Even if the data is over ten years old, there still could be relevant confidential information in the stored data. Think state secrets, financial and securities records and transactions, health records, or even private or classified communications between public and/or government figures.
U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) believes it’s possible that RSA2048 encryption can be cracked by 2035. Other U.S. government agencies and other security-minded entities have similar timelines. Rather than wait for the last minute to upgrade security, NIST started a competition to develop quantum-safe encryption back in 2016. After several rounds of reviews, on July 5th of this year, NIST chose four algorithms for the final stages of review before setting the standard. IBM developed three of them, two of those are supported in IBM’s Z16 mainframe today.
NISTNIST Announces First Four Quantum-Resistant Cryptographic Algorithms
The new IBM crypto algorithms are based on a family of math problems called structured lattices. Lattice problems have a unique characteristic that will make it reasonably difficult to solve with quantum computing. Structured lattice problems require solving for two unknowns – a multiplier array and an offset and is extremely difficult for quantum computing to solve the lattice problems. The shortest vector problem (SVP) and the closest vector problem (CVP) – upon which lattice cryptography is built – is considered extremely difficult to a quantum computer to solve. Each candidate crypto algorithm is evaluated not just for data security, but also for performance – the overhead cannot be too large for wide spread use.
The final selections are expected in 2024, but there’s still a chance there will be changes before the final standards are released.
MORE FROM FORBESIBM Lattice Cryptography Is Needed Now To Defend Against Quantum Computing FutureBy Kevin Krewell
IBM Supports Quantum Safe in New Z-Series Mainframes
IBM made a strategic bet before the final NIST selections. The recently released IBM Z16 Series computers already support two of the final four quantum safe crypto candidates: the CRYSTALS-Kyber public-key encryption and the CRYSTALS-Dilithium digital signature algorithms. IBM is set to work with the industry to substantiate these algorithms in production systems. Initially, IBM is using its tape drive storage systems as a test platform. Because tape is often used for cold storage, it’s an excellent medium for long-term data protection. IBM is working with its client base to find the appropriate way to roll out quantum-safe encryption to the market. This must be approached as a life cycle transformation. And, in fact, IBM is working with its customers to create a crypto-agile solution, which allows the exact crypto algorithm to change at any point in time without disrupting the entire system. It’s not just a rip and replace process. With crypto-agility, the algorithm is abstracted from the system software stack so a new algorithms can be deployed seamlessly. IBM is developing tools making crypto status part of the overall observability with a suitable dashboard to see crypto events, etc.
These new algorithms must be deployable to existing computing platforms, even at the edge. However, it’s not going to feasible to upgrade every system; it’s probably going to be an industry-by-industry effort and industry consortia will be required. For example, IBM, GSMA (Global System for Mobile Communication Association), and Vodafone recently announced they will work via a GSMA Task Force to identify a process to implement quantum-safe technologies across critical telecommunications infrastructure, including the networks underpinning internet access and public utility management. The telecommunication network carries financial data, health information, public-sector infrastructure systems, and sensitive business data which needs to be protected as it traverses global networks.
IBM Research BlogHow IBM is helping make the world’s networks quantum safe | IBM Research Blog
What’s Next for Quantum Safe Algorithms
Fault-tolerant quantum computing is coming. When it will be available is still a guessing game, but the people who most care about data security are targeting 2035 to have quantum-safe cryptographic algorithms in place to meet the threat. But that’s not good enough. We need to start protecting critical data and infrastructure sooner than that, considering the length of time systems are deployed in the field and data is stored. Systems such as satellites and power stations are not easy to update in the field.
And there’s data that must be stored securely for future retrieval, including HIPAA (for medical applications), tax records, toxic substance control act and clinical trial data, and others.
Even after the deployment of these new algorithms, this is not the end – there may still be developments that can break even the next generation quantum-safe algorithms. The struggle between those that want to keep systems and data safe and those that want to crack them continues and why companies should look to building in crypto agility into their security plans.
Tirias Research tracks and consults for companies throughout the electronics ecosystem from semiconductors to systems and sensors to the cloud. Members of the Tirias Research team have consulted for IBM and other companies throughout the Security, AI and Quantum ecosystems.