How IBM z16 positions you to begin using quantum-safe cryptography.
With IBM z16, application developers can preserve the future integrity of critical documents by implementing dual-signing schemes using the lattice-based cryptographic algorithm CRYSTALS-Dilithium, selected by NIST for standardization.
On July 5, 2022, after six years of development and evaluation, the U.S. National Institute of Standards and Technology (NIST) selected the first group of cryptographic tools that are designed to withstand attacks posed by future quantum computers. The four selected cryptographic algorithms will become part of NIST’s post-quantum cryptographic standard, expected to be finalized in about two years. IBM Research has a long and illustrious history in creating and implementing cryptography, and we are very proud that three of the four chosen standards were developed by IBM along with partners from industry and academia.
The algorithms are designed for two of the main tasks for which public-key cryptography is typically used — public key encapsulation (which is used for public-key encryption and key establishment) and digital signatures (which are used for identity authentication and non-repudiation):
- For public-key encryption and key-establishment, the key encapsulation mechanism (KEM) NIST selected is the CRYSTALS-Kyber algorithm. CRYSTALS-Kyber is the primary algorithm in the KEM category.
- For digital signatures, NIST selected three algorithms: CRYSTALS-Dilithium, FALCON and SPHINCS+ (read as “Sphincs plus”). CRYSTALS-Dilithium is the primary algorithm in the signature category. Three of these selected algorithms are based on a family of math problems called structured lattices, while SPHINCS+ is based on hash functions.
This announcement marks an important milestone in data security. In an earlier blog post, we examined the impact quantum computers are expected to have on today’s modern cryptographic algorithms and the steps enterprises should be taking today as they prepare to adopt new quantum-safe standards. IBM z16 is designed to help you stay ahead of quantum threats, leveraging CRYSTALS-Kyber and CRYSTALS-Dilithium as the underpinnings of its key encapsulation and digital signature capabilities. Let’s examine digital signatures in greater detail and how quantum-safe cryptographic algorithms on IBM z16 can help you prepare for a quantum-safe future.
For more information about the NIST post-quantum cryptography standardization project, check out: "IBM scientists help develop NIST’s quantum-safe standards."
What are digital signatures?
Signatures can take many forms, from wax seals on envelopes to autographs on memorabilia. Electronic signatures use computers to authenticate the signatory and certify the integrity of the document, and in most countries, they are as legally binding as their ink-based counterparts. Laws such as the E-Sign Act and Uniform Electronic Transactions Act (UETA) in the U.S. and the Electronic Identification and Trust Services Regulation (eIDAS) in Europe have designated electronic signatures as legal, trusted and enforceable, though a few types of documents — such as wills — cannot be signed electronically.
There is more to digital signatures than meets the eye. Digital signatures are a kind of electronic signature with advanced features that keep them compliant and secure using cryptography. At a high-level, when creating a digital signature, the sender first generates a public-private key pair and shares the public key with others. The public and private key are different but mathematically related. The sender then generates the digital signature for the message using the private key. When the recipient receives the message and the digital signature, the recipient verifies the sender’s signature using the sender’s public key — verifying the integrity of the message. Because the signature relies on the sender’s private key, only the sender can create this digital signature. Verification of the digital signature can be done by anyone because the sender’s public key is used for verification, and it is not a secret.
During the COVID-19 pandemic, as countries around the world entered lockdown, the possibility for “wet” signatures using pen and paper became nearly impossible. The pandemic has driven up the use of digital technologies like e-signatures, enhanced authentication and smart digital forms to facilitate digital government and business. Digital signatures have emerged as the new normal and the pace of adoption is unlikely to slow down. According to a recent report from Markets and Markets, the global digital signature market size is projected to grow at a compound annual growth rate (CAGR) of over 33% — from USD 4.0 billion in 2021 to USD 16.8 billion by 2026.
When it comes to efficient workflows, digital signatures offer many advantages over handwritten signatures due to their use of complex algorithms, Certificate Authorities (CAs) and Trust Service Providers (TSPs). However, a consideration with digital signatures is that they rely on a public-key cryptographic infrastructure (PKI), and if any weaknesses in this infrastructure are uncovered, digital signatures will become ineffective.
One such PKI weakness in the future could come from quantum computers, which have the potential to solve many challenging problems that today’s classical computers can’t tackle. But fault-tolerant quantum computers, while still estimated to be decades away, could be used to harvest and hack today’s data or to manipulate legal history by forging digital signatures. This means that legal documents like mortgages and loans that will need protection for 20 years or more, for example, need new quantum-safe algorithms, today.
Generate CRYSTALS-Dilithium digital signatures with IBM z16
Financial institutions responsible for underwriting home loans must ensure that 30-year mortgage documents digitally signed today will retain their integrity in the post-quantum world. To remain in compliance with today’s regulations and help preserve the integrity of our digital documents into the future, organizations like NIST recommend the use of dual-signing schemes made up of two or more signatures of a single message. These schemes make use of today’s conventional classical digital signature algorithms and a quantum-resistant algorithm. To be compliant with today’s standards and regulations, one of the signatures should be generated using a standards-compliant algorithm, and the second signature can be generated using a quantum-safe algorithm like CRYSTALS-Dilithium. For the verification step, both signatures must successfully verify.
Although adopting quantum-safe cryptography at scale will be a decades-long process, the new lattice-based schemes are entering the market in different products and services offered by IBM and others. Organizations can engage with IBM Quantum Safe Services now to begin an assessment of their quantum-safe readiness and strategy.
Trusted hardware platforms will play a critical role in the adoption of quantum-safe cryptography and the IBM zSystems development team has already begun the modernization process. As the industry's first quantum-safe system , IBM z16 is underpinned by lattice-based cryptography across multiple layers of firmware to help protect your business-critical infrastructure and data from quantum attacks.
The Crypto Express 8S hardware security module (HSM) — available as a feature of the z16 platform — allows application developers to use the new quantum-safe algorithms in addition to many other cryptographic services via two available application programming interfaces: Common Cryptographic Architecture (CCA) or Enterprise PKCS #11 (EP11). The Crypto Express 8S for IBM z16 provides three main functions that are needed for the digital signature process:
- A function that generates the public and private key.
- A function that generates the digital signature for the message/digital document to be signed using the private key.
- A function to verify the digital signature using the public key.
IBM z16 positions you to begin using quantum-safe cryptography along with classical cryptography as you start modernizing existing applications and building new applications. Read more about CRYSTALS-Dilithium digital signature generation and verification in the Redbook Transitioning to Quantum-Safe Cryptography on IBM Z.
Check out the IBM Research blog post: "Why it’s time to take quantum-safe cryptography seriously"
 IBM z16 with Crypto Express 8S card provides quantum-safe APIs providing access to quantum-safe algorithms that have been selected as finalists during the PQC standardization process conducted by NIST. Quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built. These algorithms are used to help ensure the integrity of a number of the firmware and boot processes.