Home

Security in the quantum computing era

The importance of quantum-safe cryptography in the digital economy

Quantum computing has the potential to create immense business benefits, and the social implications of quantum technologies are likely to be far-reaching. By decade’s end, practical quantum computing solutions could impact computing strategies across industries. Over upcoming investment cycles, quantum computing will profoundly alter how we think of computing and, critically, how we secure our digital economy through cryptography.

Developing “quantum-safe” cryptography capabilities is crucial to maintaining data security and integrity for critical applications. The quantum era will unfold over time, but the need for quantum-safe solutions is immediate. Business, technology, and security leaders face an urgent need to develop a quantum-safe strategy and roadmap now. In fact, both the historic and current complexity of cryptography migrations—even pre-quantum computing—can require several years of strategic planning, remediation, and transformation.

Conquering a cryptography crisis

Quantum computing poses an existential risk to the classical computer encryption protocols that enable virtually all digital transactions. 

Over the next several years, widespread data encryption protocols, such as public key cryptography (PKC) standards like RSA, could become vulnerable. In fact, any classically encrypted communication which could be wiretapped is at risk, potentially already exposed to exfiltration, with the intention of harvesting that data once quantum decryption solutions are viable. These tactics are referred to as “harvest now, decrypt later” attacks.

Even if some data is irrelevant or quickly loses its value to hackers, data related to national security, infrastructure, medical records, intellectual capital, and more could well retain or increase in value over time (see figure). As an executive at one European bank told us, “We want to keep our data forever confidential.”
 

Retention requirements for various data types

Retention requirements for various data types

And while the simple exposure of sensitive data is threat enough, risk scenarios escalate from there. We use cryptography to protect communications networks, verify electronic transactions, and secure digital evidence. And today’s smarter automobiles and airplanes rely upon highly connected digital ecosystems, with decades of service life ahead of them. Even critical infrastructure systems, which traditionally have been segregated from digital networks, are increasingly reliant on over-the-air updates and Internet of Things (IoT) field data capture capabilities.

Considering that the digital economy is estimated to be worth $20.8 trillion by 2025, the repercussions could be staggering.

Make no mistake. The impact is coming—and it’s not a question of if, but how soon and how disruptive.

But there’s hopeful news, too. As we’ll explore, researchers are actively developing quantum-safe remediation techniques and algorithms. The ultimate goal? For organizations—and society—to reap the substantial benefits of quantum computing’s power, while simultaneously shielding against the same technologies when used by cyber adversaries.

Quantum-safe algorithms within reach: The NIST competition

Concerns related to quantum-resistant cryptography are mounting—but they’re not new. Back in December 2016, the US National Institute of Standards and Technology (NIST) issued a request for nominations for public-key quantum-safe cryptographic algorithms, kicking off a years-long process of competitive development. Ultimately, 82 submissions were received by NIST.

 In July 2022, after extensive evaluation and testing, NIST narrowed its selections down to four algorithms, three of which were created by IBM in collaboration with industry and academic partners. And, in fact, IBM was involved in developing the two primary algorithms to be implemented for most use cases: CRYSTALS-Kyber (key establishment) and CRYSTALS-Dilithium (digital signatures).

It’s time to get quantum literate and enhance the security of your data and critical infrastructure

Download this paper to educate yourself on the quantum computing ramifications for data security. Learn more about the encryption algorithms and encryption systems that comprise post-quantum cryptography. And read our detailed action guide that can help you build your roadmap to a quantum-safe future.


Bookmark this report  


Meet the authors

Ray Harishankar

Connect with author:


, IBM Fellow, IBM Quantum Safe


Dr. Joachim Schaefer

Connect with author:


, Technical Delivery Lead, IBM Quantum Safe


Michael Osborne

Connect with author:


, CTO, IBM Quantum Safe


Dr. Sridhar Muppidi

Connect with author:


, IBM Fellow, VP, and CTO, IBM Security


Dr. Walid Rjaibi

Connect with author:


, Distinguished Engineer, CTO, Data Security at IBM

Originally published 02 December 2022