IBM: Quantum computing poses an ‘existential threat’ to data encryption 

For years, encryption has played a core role in securing enterprise data. However, as quantum computers become more advanced, traditional encryption solutions and public-key cryptography (PKC) standards, which enterprise and consumer vendors rely on to secure their products, are at serious risk of decryption. 

Today, IBM Institute for Business Value issued a new report titled Security in the Quantum Era, examining the reality of quantum risk and the need for enterprise adoption of quantum-safe capabilities to safeguard the integrity of critical applications and infrastructure as the risk of decryption increases. 

The report argues that quantum computing poses an “existential risk” to classical computer encryption protocols, and notes that cybercriminals are potentially already exfiltrating encrypted data with the intention of decrypting it once quantum computers advance as part of “harvest now, decrypt layer attacks.”

The problem with traditional encryption and quantum computing

One of the central limitations of traditional cryptographic protocols like RSA is that they’re reliant on mathematical problems like the factorization of large numbers, which are simple enough for a quantum computer to solve with brute force. 

With a quantum computer, cryptographic protocols “can in theory be solved — and solved within a few hours — with the help of Shor’s algorithm,” the report said. “This makes protocols like RSA an insufficient cryptographic scheme in a future where quantum computers have reached their full potential.”

While this process hasn’t taken place just yet, more and more organizations are taking the risk of this decryption seriously. In December 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act encouraging government agencies to adopt technology that’s resistant to post-quantum decryption. 

Likewise, last year NIST concluded its search to identify quantum-resistant algorithms that had been ongoing since 2016, choosing four algorithms as finalists, and selecting CRYSTALS-Kyber, a public-key encryption algorithm and CRYSTALS-Dilithium a digital signature algorithm, as its top two chosen standards. 

Investing in quantum security is now becoming a necessity for enterprises. From our point of view at IBM, it’s important for CISOs and security leaders to understand quantum-safe cryptography,” said Dr Vadim Lyubashevsky, cryptography research at IBM Research. 

“They need to understand their risk and be able to answer the question: what should they prioritize for migration to quantum-safe cryptography? The answer is often critical systems and data that need to be kept for the long term; for example, healthcare, telco, and government-required records,” Lyubashevsky said. 

IBM’s lattice-based approach to quantum-safe encryption 

With the global quantum cryptography market expected to grow from $89 million in 2020 to $214 million by 2025, IBM has been active in establishing itself as a leader within the space alongside other providers like Intel, which has helped contribute to NIST’s post-quantum cryptography standards. 

Just last year, IBM launched IBM z16, a quantum-safe, AI-driven data inference-optimization solution designed for processing mission-critical data. The company had also contributed to three of the four post-quantum algorithms chosen by NIST. 

Part of IBM’s quantum-safe strategy is to use lattice-based cryptography, a method for constructing security primitives that’s based on the geometry of numbers, which can be used to construct encryption protocols that are harder for quantum computers to crack than those that rely on factorization. 

IBM notes that this approach first emerged in the 1990s out of two research papers, Brown University’s NTRU: A new high speed public key cryptosystem by Jeffrey Hoffstein, Jill Pipher and Joseph Silverman; and IBM scientist Miklos Ajtai’s Generating Hard Instances of Lattice Problems.