Credit Source
Check out all the on-demand sessions from the Intelligent Security Summit here.
For years, encryption has played a core role in securing enterprise data. However, as quantum computers become more advanced, traditional encryption solutions and public-key cryptography (PKC) standards, which enterprise and consumer vendors rely on to secure their products, are at serious risk of decryption.
Today, IBM Institute for Business Value issued a new report titled Security in the Quantum Era, examining the reality of quantum risk and the need for enterprise adoption of quantum-safe capabilities to safeguard the integrity of critical applications and infrastructure as the risk of decryption increases.
The report argues that quantum computing poses an “existential risk” to classical computer encryption protocols, and notes that cybercriminals are potentially already exfiltrating encrypted data with the intention of decrypting it once quantum computers advance as part of “harvest now, decrypt layer attacks.”
The problem with traditional encryption and quantum computing
One of the central limitations of traditional cryptographic protocols like RSA is that they’re reliant on mathematical problems like the factorization of large numbers, which are simple enough for a quantum computer to solve with brute force.
Event
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Watch Here
With a quantum computer, cryptographic protocols “can in theory be solved — and solved within a few hours — with the help of Shor’s algorithm,” the report said. “This makes protocols like RSA an insufficient cryptographic scheme in a future where quantum computers have reached their full potential.”
While this process hasn’t taken place just yet, more and more organizations are taking the risk of this decryption seriously. In December 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act encouraging government agencies to adopt technology that’s resistant to post-quantum decryption.
Likewise, last year NIST concluded its search to identify quantum-resistant algorithms that had been ongoing since 2016, choosing four algorithms as finalists, and selecting CRYSTALS-Kyber, a public-key encryption algorithm and CRYSTALS-Dilithium a digital signature algorithm, as its top two chosen standards.
IBM’s lattice-based approach to quantum encryption
With the global quantum cryptography market expected to grow from $89 million in 2020 to $214 million by 2025, IBM has been active in establishing itself as a leader within the space alongside other providers like Intel, which has helped contribute to NIST’s post-quantum cryptography standards.
Just last year, IBM launched IBM z16, a quantum-safe, AI-driven data inference-optimization solution designed for processing mission-critical data. The company had also contributed to three of the four post-quantum algorithms chosen by NIST.
Part of IBM’s quantum strategy is to use lattice-based cryptography, a method for constructing security primitives that’s based on the geometry of numbers, which can be used to construct encryption protocols that are harder for quantum computers to crack than those that rely on factorization.
IBM notes that this approach first emerged in the 1990s out of two research papers, Brown University’s NTRU: A new high speed public key cryptosystem by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman; and IBM scientist Miklos Ajtai’s Generating Hard Instances of Lattice Problems.