IBM Balances Quantum Safety with Quantum Opportunity

NIST has officially formalized the world’s first post-quantum cryptography standards with the aim of shoring up the security protocols that organizations use to keep transmissions secure, including against future cryptographically relevant quantum computers.

Two of the three post-quantum cryptographic algorithms included in the standards were developed by IBM in collaboration with industry and a third IBM algorithm has been selected for future standardization.  

In this Q&A, Zygmunt Lozinski, the global lead for quantum-safe in IBM's Global Telecom Industry team, explains IBM’s role and what the standards mean for businesses.

Enter Quantum: What was IBM’s role in developing the standards?

Zygmunt Lozinski: Fun fact, IBM has been working on cryptology since before Bletchley Park, the World War codebreakers’ headquarters. I discovered that in the NSA archives. More recently, we recognized the importance of cryptography for banking, securing ATM transactions and web payments.

We have a cryptography research group that started working on new algorithms for better resistance to quantum computers 10-plus years ago. That group, which is in IBM Zurich, was one of the contributors to both CRYSTALS-Kyber and CRYSTALS-Dilithium, the first two of the algorithms standardized.

Related:The Synergy Between Quantum Computing and AI

Because of that, we were able to build early implementations of those algorithms to give, for example, people using IBM mainframes, early experience of how this would impact their workloads. This is what you're going to have to do, start now to learn how that's going to impact you.

The chief cryptographer in Zurich and his cryptographers are all really bouncy at the moment. We finally did it, after all these years!

Releasing the standards is only the beginning. What will happen next?

I think we're going to see a number of things happen. Last week the U.K. National Cyber Security Center published an updated set of guidelines the day after the White House meeting – here is what we now recommend as cryptographic algorithms and here's what we now believe people should be doing. The first step is building inventory. Talk to your ecosystem, talk to your vendors and build up all the good stuff.

On Friday, their Canadian counterpart, the Canadian Communication Security Establishment, published a very similar set of guidelines. You’d almost think people have been talking to each other!

Having published the standards, I'm expecting the U.S. to do something similar in terms of more detailed guidance in the coming days.

The next step is planning, building an inventory and talking to the ecosystem. There are a couple of critical open-source projects that need to be completed around things like transport layer security (TLS) because the entirety of web security is based on TLS. But I think now is the time when people should be building plans and asking about timescales.

Related:Businesses Brace for NIST Post-Quantum Cryptography Algorithms

The NSA timeline is a good starting point. It breaks it down into different categories and gives timelines for each. In certain industries like telecoms, some dates are really important because certain system updates must happen then and you must interlock with those.

The NIST standards are for the U.S. and will shape international standards. But will countries demand sovereign algorithms?

From my telecoms background, that's really important, because the entire world's telecoms infrastructure relies on standards. The good news is everybody seems to have got it right.

There's the NIST standards and certain countries have said they would also like an additional standard. Germany and France had some algorithms that were part of the NIST process but were not selected for standardization.

The interesting question is going to be what happens in the Far East. Both South Korea and China would like to have sovereign algorithms because it's seen as a way to ensure that you have cryptographic capability in-country.

I think we can accommodate that. If we look back at how internet cryptography has worked, everybody's used RSA and built an implementation on that. The critical thing is don’t pick something that nobody knows how to do. That's going to be problematic.

IBM is a key developer of quantum computers. How does the company square that with developing algorithms to counter the risk of quantum computers breaking current encryption?

I'll go back to what senior vice president and director of research at IBM Dario Gil said. Bring useful quantum computing to the world and make the world quantum safe. We see both as part of the missions of research.

We're building new systems and we're hoping they'll do interesting things in pharmaceutical discovery, optimization and other areas where they have applications.

At the same time, because we understand what the potential risk is we created the quantum-safe mission. We’re working on how to ensure that if those systems are available but pose a risk, they’re also doing something useful.

We’ve published research that shows, based on our understanding of the algorithms we're going to have what we call “useful” quantum computers solving problems way before we see ones that are potentially usable for cryptography.

That's good for everybody because you'll get quantum computers designing optimized electric vehicle batteries and understanding corrosion on aircraft first. That'll give us a heads-up that machines are getting mature and may at some point in the future pose a risk.