What Is Quantum-Safe Cryptography, and Why Do We Need It?

6 min read

How to prepare for the next era of computing with quantum-safe cryptography.

Cryptography helps to provide security for many everyday tasks. When you send an email, make an online purchase or make a withdrawal from an ATM, cryptography helps keep your data private and authenticate your identity.

Today’s modern cryptographic algorithms derive their strength from the difficulty of solving certain math problems using classical computers or the difficulty of searching for the right secret key or message. Quantum computers, however, work in a fundamentally different way. Solving a problem that might take millions of years on a classical computer could take hours or minutes on a sufficiently large quantum computer, which will have a significant impact on the encryption, hashing and public key algorithms we use today. This is where quantum-safe cryptography comes in.

According to ETSI, “Quantum-safe cryptography refers to efforts to identify algorithms that are resistant to attacks by both classical and quantum computers, to keep information assets secure even after a large-scale quantum computer has been built.”

What is quantum computing?

Quantum computers are not just more powerful supercomputers. Instead of computing with the traditional bit of a 1 or 0, quantum computers use quantum bits, or qubits (CUE-bits). A classical processor uses bits to perform its operations. A quantum computer uses qubits to run multidimensional quantum algorithms. Groups of qubits in superposition can create complex, multidimensional computational spaces. Complex problems can be represented in new ways in these spaces. This increases the number of computations performed and opens up new possibilities to solve challenging problems that classical computers can’t tackle.

There are many exciting applications in the fields of health and science, like molecular simulation that has the potential to speed up the discovery of new life-saving drugs. The problem is, however, quantum computers will also be able to solve the math problems that give many cryptographic algorithms their strength.

How will quantum computing impact cryptography?

Two of the main types of cryptographic algorithms in use today for the protection of data work in different ways:

  • Symmetric algorithms use the same secret key to encrypt and decrypt data.
  • Asymmetric algorithms, also known as public key algorithms, use two keys that are mathematically related: a public key and a private key.

The development of public key cryptography in the 1970s was revolutionary, enabling new ways of communicating securely. However, public key algorithms are vulnerable to quantum attacks because they derive their strength from the difficulty of solving the discrete log problem or factoring large integers. As discovered by mathematician Peter Shor, these types of problems can be solved very quickly using a sufficiently strong quantum computer, so in the case of asymmetric or public key cryptography, we need new math that will stand up to quantum attacks because today’s public key algorithms will be completely broken.

Grover’s Algorithm, devised by computer scientist Lov Grover, is a quantum search algorithm. Using Grover’s algorithm, some symmetric algorithms are impacted and some are broken. Key size and message digest size are important considerations that will factor into whether an algorithm is quantum-safe or not. For example, use of Advanced Encryption Standard (AES) with 256-bit keys is considered quantum-safe but Triple DES (TDES) can be broken no matter the key size.

What is being done to address future quantum threats?

The good news is that researchers and standards bodies are moving to address the threat. The National Institute of Standards and Technology (NIST) initiated a Post-Quantum Cryptography Standardization Program to identify new algorithms that can resist threats posed by quantum computers.

After three rounds of evaluation, NIST has identified seven finalists. They plan to select a small number of new quantum-safe algorithms early this year and have new quantum-safe standards in place by 2024. As part of this program, IBM researchers have been involved in the development of three quantum-safe cryptographic algorithms based on lattice cryptography that are in the final round of consideration: CRYSTALS-Kyber, CRYSTALS-Dilithium and Falcon.

How should enterprises be preparing to adopt quantum-safe cryptography?

Fortunately, we have time to implement quantum-safe solutions before the advent of large-scale quantum computers — but not much time. Moving to new cryptography is complex and will require significant time and investment. We don’t know when a large-scale quantum computer capable of breaking public key cryptographic algorithms will be available, but experts predict that this could be possible by the end of the decade.

Also, hackers can harvest encrypted data today and hold it for later when they can decrypt it using a quantum computer, so sensitive data with a long lifespan is already vulnerable. Organizations in the United States and Germany have already issued requirements for government agencies to follow regarding quantum-safe cryptography. BSI, a German federal agency, requires the use of hybrid schemes — where both classical and quantum-safe algorithms are used — for protection in high-security applications. The White House issued a memo requiring federal agencies to begin quantum-safe modernization planning.

How can IBM help?

As we prepare for a quantum world, IBM is committed to developing and deploying new quantum-safe cryptographic technology. Trusted hardware platforms will play a critical role in the adoption of quantum-safe cryptography. And IBM Z has already begun the modernization process. IBM z15 introduced lattice-based digital signatures within the system for digital signing of audit records within z/OS. IBM z15 also provided the ability for application developers to begin experimenting with quantum-safe lattice-based digital signatures. Because we’ve already begun the process, this helps us understand the implications of moving to new algorithms so we can pass on insights about the topic to our clients.


Preparing to adopt quantum-safe standards

When meeting with clients getting started on their journey to quantum safety, we share a few of the key milestones to help them get ready to adopt new quantum-safe standards:

  • Discover and classify data: The first step involves classifying the value of your data and understanding compliance requirements. This helps you create a data inventory.
  • Create a crypto inventory: Once you have classified your data, you will need to identify how your data is encrypted, as well as other uses of cryptography to create a crypto inventory that will help you during your migration planning. Your crypto inventory will include information like encryption protocols, symmetric and asymmetric algorithms, key lengths, crypto providers, etc. 
  • Embrace crypto agility: The transition to quantum-safe standards will be a multi-year journey as standards evolve and vendors move to adopt quantum-safe technology. Use a flexible approach and be prepared to make replacements. Implement a hybrid approach as recommended by industry experts by using both classical and quantum-safe cryptographic algorithms. This maintains compliance with current standards while adding quantum-safe protection.
Preparing to adopt quantum-safe standards

Many clients across industries have already started experimenting with new quantum-safe algorithms in order to assess the impact of new quantum-safe standards on their businesses:  

  • Automotive: Clients in the automotive industry use public key technology in connected cars for vehicle-to-everything (V2X) communications and to verify the integrity of the firmware loaded into vehicles. The cars they are designing today will be on the road well into the future, so they are on a tight timeline to adopt quantum-safe technology. Because vehicles have hardware resource constraints, it is critical that automotive clients model and test new quantum-safe algorithms now to make sure they can accommodate the larger key sizes in their use cases.   
  • Banking: Clients in the banking industry rely heavily on symmetric cryptography to ensure the confidentiality of data in core banking applications. There are many data retention and data confidentiality regulations and agreements that these clients must adhere to, such as retaining tax records for 7–10 years and keeping trade secrets confidential for up to 50 years. Adversaries are starting their attacks today with the intent of disclosing this type of confidential data in the future, so many banking clients have started creating data and crypto inventories to adopt quantum-safe protection for highly sensitive data. Banks also rely on public key cryptography, for example, in digital signatures used for authentication and software verification. It’s important for banking clients to begin modeling new quantum-safe algorithms to understand performance implications and prepare to adopt new standards as they evolve.

Learn more

If you’d like to dive deeper, visit the IBM Research site and the NIST Cyber Security Center of Excellence (NCCoE) site to learn how to prepare for the next era of com­put­ing with quantum-safe cryptography.

Be the first to hear about news, product updates, and innovation from IBM Cloud