IBM report Quantum-resistant cryptography is critical in the digital economy

Quantum computing may create enormous commercial benefits, and the societal impact of quantum technology will be far-reaching.

By the end of the decade, practical quantum computing solutions may influence computing strategies across industries. In the coming investment cycle, quantum computing will profoundly change the way we think about computing; the question now is, how can we secure the digital economy through cryptography?

Developing "quantum-safe" cryptographic capabilities is critical to maintaining the security and integrity of critical data. The quantum era will unfold over time, and the need for quantum security solutions will become urgent at this time.

The report's core message.

The era of quantum computing is coming, and quantum-secure cryptographic solutions are needed.

Anti-quantum algorithms are being measured. In an initial round of evaluation, the U.S. government's National Institute of Standards and Technology (NIST) has initially narrowed down quantum-secure cryptographic algorithms from 82 submissions to four finalists: three of these four finalists were created by IBM in collaboration with industry and academic partners. The four alternate candidates are undergoing further evaluation.

Infusing cryptographic flexibility into the system as it is modernized will be more than a CISO-driven initiative. It is an ambitious but necessary strategy, developed by leaders across the organization and partners outside the organization (including vendors, industry peers), customers and consumers.

7734beb961524e3f2b3c3f6d3fc9afe4

Conquering the Code Breaking Crisis

Quantum computing poses an existential risk to the classical computer cryptographic protocols that enable virtually all digital transactions.

In the next few years, a wide range of data encryption protocols, such as public key cryptography (PKC) standards like RSA, could become vulnerable. In fact, any classical encrypted communication that could be eavesdropped is at risk: once quantum decryption solutions are feasible, hackers will be able to crack this data collected now. These tactics are known as "collect now, decrypt later" attacks.

Even if some data is not relevant to the hacker or loses value quickly, data related to national security, infrastructure, medical records, intellectual capital, etc. is likely to retain or increase in value over time. As one European bank executive put it, "We want to keep our data confidential forever."

3ea4e1b5811207518861de52f29a9522

While the simple exposure of sensitive data is enough of a threat, risky situations can escalate with it. We use cryptography to protect communication networks, authenticate electronic transactions, and protect numbers. Today's smarter cars and airplanes rely on highly connected digital ecosystems with decades of lifespan. Even critical infrastructure systems, traditionally isolated from digital networks, are increasingly dependent on the Internet of Things (IoT) for in-field data collection.

Considering that the digital economy is estimated to be worth nearly $20.8 trillion by 2025, the consequences of this could be staggering if the data is hacked.

46c9fd4651ce719fdf485bb779f2d5ef

The key to the digital field

However, researchers are actively developing remediation techniques and algorithms for quantum security. The ultimate goal? To allow organizations and societies to reap the tremendous benefits of quantum computing power while providing protection against cyber-hackers.

Quantum security algorithms are just around the corner

Concerns related to quantum-resistant cryptography are on the rise. Back in December 2016, the National Institute of Standards and Technology (NIST) issued a request for nominations for public-key quantum-secure cryptographic algorithms, kicking off a years-long development process. Ultimately, NIST received 82 submissions.

In July 2022, after extensive evaluation and testing, NIST narrowed its selection to four algorithms, three of which were created by IBM in collaboration with industrial and academic partners. And, in fact, IBM was involved in developing the two main algorithms that will be implemented in most use cases: CRYSTALS-Kyber (key establishment) and CRYSTALS-Dilithium (digital signature).

8f65964e1ad8c7fc90f7b4376c23843a