IBM Targets Data Security in the Next-Gen World of Quantum Computers

IBM plans to provide "quantum-safe" cryptography services on the IBM public cloud in 2020. Additionally, IBM cryptographers have prototyped what the company calls the "world's first quantum computing safe enterprise class tape."

IBM is also making quantum-safe algorithms available through the open source community by donating algorithms and support to a number of projects.

At the current rate of progress in quantum computing, IBM says, it is expected that data protected by the asymmetric encryption methods used today may become insecure within the next 10-30 years. Acknowledging that this is a significant time away, IBM however cautions that data can be harvested today, stored, and decrypted in the future with a powerful enough quantum computer.

IBM first made quantum computers available through its public cloud in May 2016 with the IBM Q Experience platform. As of today, users have executed more than 28 million experiments and simulations on the quantum cloud platform and published over 180 third-party research papers. 

Quantum computing is an emerging form of technology that takes advantage of quantum mechanical phenomena to solve certain types of problems that are effectively impossible to solve on classical computers. As quantum systems become more powerful, they will also impact information security and will create new opportunities for improving security for data both on-premise and in the cloud.

To help clients achieve quantum-safe protection of their data while it is in-transit within IBM Cloud, IBM will enhance its TLS/SSL implementations in IBM Cloud services using algorithms designed to be quantum-safe leveraging open standards and open source technology. IBM is also evaluating approaches to provide services that render quantum-safe digital signatures.

"In order to prepare for the impact that quantum computers are expected to have on data security, IBM Research has been developing cryptographic algorithms that are designed to be resistant to the potential security concerns posed by quantum computers," said Vadim Lyubashevsky, cryptographer, IBM Research. "Our jointly developed quantum-safe algorithms, part of a lattice cryptography suite called CRYSTALS, are based on the hardness of mathematical problems that have been studied since the 1980's and have not succumbed to any algorithmic attacks, either classical or quantum. This is why we have made our algorithms open source and have submitted them to NIST for standardization."

IBM has actively supported NIST on its journey to standardize quantum safe cryptography with preparatory input, algorithm submissions, analysis of submitted algorithms and feedback to the process. We will continue this commitment by contributing our learning as we migrate IBM's own systems and services to become quantum-safe based on the NIST standards, which are expected to be available between 2022-2024.

CRYSTALS (Cryptographic Suite for Algebraic Lattices) is developed jointly in collaboration with several academic and commercial partners including ENS Lyon, Ruhr-Universität Bochum, Centrum Wiskunde & Informatica and Radboud University. It is based on two quantum resistant cryptographic primitives—Kyber, a secure key encapsulation mechanism, and Dilithium, a secure digital signature algorithm. CRYSTALS has been donated to, to further develop open standards.

IBM has tested CRYSTALS successfully on a prototype IBM TS1160 tape drive using both Kyber and Dilithium in combination with symmetric AES-256 encryption to enable the world's first quantum computing safe tape drive. The new algorithms are implemented as part of the tape drive's firmware and could be provided to customers as a firmware upgrade for existing tape drives and/or included in the firmware of future generations of tape drives.

To help clients assess their potential risks and begin the quantum-safe journey, IBM Security is also offering a quantum data risk assessment service to help clients develop a quantum-safe cryptography implementation strategy.