Quantum computing represents a looming—and inevitable—threat to almost every aspect of our digital world that is protected by current forms of encryption. Either within this decade or the next, quantum computers will become powerful enough to easily overwhelm today’s state-of-the-art cryptography. Our most popular encryption algorithms are based on mathematics impossible for supercomputers to solve but pose no meaningful challenge for the advanced technology of future quantum computers.
Even though we don’t know exactly when it will be possible for quantum computing to crack classical encryption, the fact that it will happen is beyond doubt. Quantum machines of the future will have the potential to break encryption algorithms that protect online transactions, financial data, and even national security and government communications.
There is only one way to avoid these potential financial disruptions – every existing security algorithm must be remediated with quantum-resistant encryption.
IBM has been working on Quantum Safe technology to solve this problem for several years. Before we examine IBM’s solution, we need to understand how we got here.
The current states of quantum computing and traditional cryptography
From a development standpoint, today’s quantum computers are late-stage prototypes equipped with 30 to 1,000 qubits that use various hardware technologies for qubits such as supercomputing, trapped ions, neutral atoms and even particles of light.
Fault-tolerant quantum computers of the future equipped with millions of qubits are expected to improve our lives by solving problems such as assist with climate change, simulation of large molecules and the creation of new materials and drugs. However, that class of quantum computers also represents a significant threat to cryptography and the financial underpinnings of companies, society and government.
In 1994, Bell Labs mathematician Peter Shor ignited a storm of interest in quantum computing when he developed an algorithm that could theoretically factor large prime numbers. When he published his paper on what’s now called Shor’s algorithm, there were no quantum computers to run it. Fast forward to today, there are quantum computers, but none yet powerful enough to run Peter Shor’s algorithm —at least, not yet.
RSA encryption is one of the most common forms of asymmetric cryptography. It is susceptible to being hacked using the Shor algorithm because it uses two large prime numbers that are multiplied together to create a public key and a private key. The public key is used to encrypt data, while the private key is used to decrypt it. The public key can be shared with everyone, while the private key is kept secret.
How much quantum computing power is needed to break encryption?
It is generally accepted by scientists that a classical supercomputer would require millions of years to crack a 2,048-bit RSA key. A long time, yes, but the number of possible combinations of prime numbers that could be used to create such a key is so vast that it would be impossible to test them in less than a few million years.
However, the same feat will be possible with an advanced quantum computer within a few hours to a few days —and therein lies the problem. While classical supercomputers pose no risk to current cryptography and encryption, quantum computers will have no problem penetrating existing cryptography schemes.
One study theorized that someone would need a 20-million-qubit fault-tolerant quantum computer to break RSA-2,048 encryption in 8 hours.
RSA could also be broken with fewer qubits, but it would take longer. Fujitsu researchers estimated that a fault-tolerant quantum computer equipped with 10,000 logical qubits (a logical qubit contains multiple physical qubits) and 2.23 trillion quantum gates could also crack RSA. It wouldn’t be a fast process—it would take 104 days—but it would be feasible.
Let’s put those millions of qubits in perspective.
This year, IBM’s quantum roadmap calls for the release of its largest gate-based quantum computer processors to date, one that uses 1,100 qubits.
Despite the limited size of our present-day quantum computers, most experts have little doubt that the technology will eventually develop the power needed to break RSA encryption within an actionable amount of time.
When will it be possible to break encryption?
But how long is “eventually”? There is no way to say precisely when quantum computers will be able to break current cryptographic algorithms. That said, whenever it does happen, it won’t be a surprise. The capability will evolve along a sequential timeline of well-defined improvements in quantum computing power.
Besides the scale and fault-tolerance mentioned above, the cryptography-defeating quantum machine of the future will also likely employ a quantum-centric supercomputer architecture.
There have been predictions about when encryption-hacking might occur by a few expert sources:
- The National Institute of Standards and Technology (NIST) issued a report several years ago, the Report on Post-Quantum Cryptography, that estimates the first cryptographic breaches could come as soon as 2030.
- Another expert, Dr. Michele Mosca from the University of Waterloo, estimates that there is a 1-in-7 chance that some of the fundamental public-key cryptography tools will be broken by 2026, and a 50% chance by 2031.
These estimates were made several years ago. Even though a great deal of progress in quantum computing has been made since then, fault tolerance remains a significant technical challenge that may require another five or more years before it is achieved. Error mitigation will provide a partial solution, but not enough to scale quantum machines to the level needed to run a robust version of Shor’s algorithm that can break RSA encryption and reveal its public and private keys.
Which types of systems are at risk?
We live in a world where almost every digital asset is protected by some type of encryption, ranging from private email accounts to subscription services to online bank and stock trading accounts to critical infrastructure systems such as the national electrical grid and municipal water systems.
It is a simple equivalence. Today’s traditional encryption cannot coexist within an environment of advanced quantum computing because none of the protected systems will be secure.
Here are a few ways in which bad actors that could ranging from large state-sponsored groups to rogue criminal organizations, could damage or even cause a complete collapse of our entire financial system:
- Manipulation of document updates or creation of forgeries using fraudulent authentication
- Decryption of harvested confidential historical data
- Alteration of legal histories by forging digital signatures
- Creation of fake website identities and fake software downloads
- Launch of extortion attacks threatening potential disclosure of sensitive private data
- Creation of fraudulent land and lease documents
These are only a few examples of how quantum computing could be used to cause financial havoc within individual lives, companies, society, the government, or the world as a whole. The actual impact of quantum computing on economic systems is hard to predict, but such actions would clearly have a significant effect.
Many disruptions, such as those involving systems like power grids or airline traffic routing, would not remain isolated; these events would likely have significant ripple effects throughout the world economy and for an extended period. It has been estimated that losses caused by encryption intrusions could reach as much as several trillion dollars each.
The World Economic Forum recently estimated that more than 20 billion digital devices will need to be either upgraded or replaced in the next 10–20 years to include new forms of quantum-safe encrypted communication.
IBM Quantum Safe Technology work has already begun
In November 2022, the U.S. Office of Management and Budget issued a memorandum ordering all federal agencies to start preparing to implement post-quantum cryptography to secure Federal data and information systems. This memo is a follow-up to a White House National Security Memorandum issued in May 2022 that made federal resources available to assist in migrating all U.S. digital systems to quantum-resilient cybersecurity standards by 2035.
Previously, NIST initiated a Post-Quantum Cryptography Standardization Process in 2016 to identify new algorithms that can resist threats posed by quantum computers. After three rounds of evaluation, NIST has identified new quantum-safe algorithms; it plans to have new quantum-safe standards in place by 2024.
In NIST’s final round of consideration, IBM researchers were involved in developing three quantum-safe cryptographic algorithms based on lattice cryptography: CRYSTALS-Kyber, CRYSTALS-Dilithium and Falcon.
Industries have already begun to prepare for the quantum future as well. Last year the telecommunications industry organization GSMA formed a Post-Quantum Telco Network Taskforce. IBM and Vodafone were among the founding members of the taskforce to help define policy, regulation and operator business processes to protect telcos from the quantum threat.
What must be done to protect cryptography from quantum threats
As mentioned at the beginning of this article, there is only one way to protect the billions of encrypted products and services from damage that future quantum computers could cause. According to the best estimates, quantum computer threats to existing encrypted services and products will begin to happen around 2030. That means we only have six to seven years for every organization and every government agency to replace its existing public-key cryptography applications with new NIST quantum-safe algorithms.
As announced at IBM’s Think 2023 conference, IBM researchers and the company’s partners have been actively developing quantum-safe remediation techniques and algorithms for that exact purpose. The objective is to allow an unhampered flow-through of future quantum computing power and benefits while simultaneously providing a shield again quantum’s disruptive encryption-breaking power.
IBM Quantum Safe
IBM’s Quantum Safe is an end-to-end solution that will assist enterprises and government agencies in identifying and replacing existing cryptography algorithms with new algorithms. Quantum Safe includes a comprehensive set of tools and capabilities to assist in transforming to an environment that can resist quantum threats.
Quantum Safe technology brings three critical capabilities: IBM Quantum Safe Explorer, IBM Quantum Safe Advisor and IBM Quantum Safe Remediator. Each of these technology capabilities perform transformational step in the transition process, to discover, observe and transform cryptography. .
Explorer can scan source and object codes, while Advisor provides a dynamic or operational view of system-wide cryptography usage. The combined views of Explorer and Advisor offer a comprehensive view of enterprise-wide cryptography usage, both from a dynamic and static standpoint. Combined information from Explorer and Advisor can also be used to monitor and manage cryptography and any associated vulnerabilities that may arise. It can also be an input to create a transformation roadmap detailing the issues to be addressed first or determine which actions will provide the most significant benefits.
The roadmap can then be used in the transformation process, where Remediator captures best practices and automates actions when possible.
Quantum Safe architecture
Even though Explorer, Advisor and Remediator are discrete capabilities within the Quantum Safe architecture, they are integrated by sharing the same common informational model.
The Quantum Safe system creates information as a Cryptography Bill of Materials (CBOM) fashioned after the Software Bill of Materials (SBOM). The CBOM is an essential tool for migrating to quantum-safe cryptography. It identifies and inventories cryptographic assets and the dependencies, helps plan for the migration to quantum-safe algorithms with single source of truth.
It is important to highlight crucial design consideration in the Quantum Safe system. IBM made a point not to require the installation of any additional agents within the enterprise framework. The objective was to integrate with what people already had. That’s why there is integration with external systems and systems of record that already exist, particularly in the continuous integration and continuous deployment (CICD) pipeline, the network monitoring systems and the configuration management database. The CICD pipeline is the set of tools and processes that automate the development, testing and deployment of software.
The example above shows one of the many possible views of data that can be captured and viewed by having Explorer scan source and object code. This view of a portfolio of applications shows where cryptography exists, along with the remediation status of each instance. This example illustrates results obtained by selecting a specific endpoint in the repository containing Java code for an application. In this instance, Explorer has scanned all of the Java files and identified particular cryptography usage within the scanned files.
The labels are self-explanatory except for the far-left purple ring. In this case, it shows that 14 algorithms are not quantum safe. If any of the algorithms were quantum safe, a portion of the purple ring would be shown as green. Explorer calls out the specific algorithms being used, such as RSA, Diffie-Hellman, AES etc.
This dynamic view of Advisor shows network data and its corresponding usage of cryptography. Also displayed are the number of TLS services in use and quantum ciphers. Double-clicking on an item will show where it is being used, along with other contextual information. Combining this view with the previous screens can provide even more information about cryptography usage.
It will be vital to use Quantum Safe TLS because a future quantum computer capable of running the Shor algorithm could easily break current TLS communications algorithms. In addition, TLS data-in-transit that has been snooped and stored could be breached at a later time when large fault-tolerant quantum computers become available.
IBM currently provides API for integrating with network security scanning tools that clients already use and ingest that network scan logs to analyze.
Quantum Safe Remediator can do automated remediation; A this stage of development, there will likely be significant amounts of code that can’t be automatically remediated. In those cases, architects and developers should adopt best practices for fixing the code.
Suppose it is necessary to implement a QSE-enabled VPN, or a quantum safe proxy implementation. To address that case, IBM has codified patterns that clients can instantiate in their environment so they can understand how it works and immediately begin using it.
Note that there are only a handful of remediation patterns available. IBM has explained that it will not be creating hundreds of patterns. Instead, the company believes that right now best practice dictates the creation of engagement-driven, high-value codified patterns to provide maximum benefit for clients. It should also be noted that IBM has a library of known patterns. Based on ongoing discovery with Explorer and Advisor, IBM will be able to codify new patterns and make them available to clients.
The Quantum Safe roadmap tracks milestones and timelines
IBM’s Quantum Safe roadmap is designed to identify and reinforce digital transformation initiatives based on emerging technologies. The roadmap will also support remediation efforts to make existing data assets and services quantum-safe. The roadmap also lists dates for significant industry milestones that are driven by standardization, federal government requirements or CNSA guidelines.
Roadmap data should be helpful for federal or civilian agencies or healthcare companies that must follow strict regulations about tracking requirements and dates. Suppliers can also use this information to stay abreast of quantum certification requirements.
The bottom channel on the roadmap consists of IBM infrastructure hardware and software products that on the journey to quantum-safe.
We cannot predict when the first encryption-protected service or product might be breached by a quantum machine. It could be within this decade or even the next decade. Yet the crucial point remains the same: today’s cryptography cannot stop future quantum computers from hacking it.
All data is at risk. Even before quantum computers can crack encryption on the fly, data that uses current encryption methods can be captured and stored by a hacker until quantum computers become powerful enough to defeat the stored data’s encryption. And again, any computer system that needs to operate securely for long periods without major modification must be remediated with quantum-safe encryption. Given that almost every digital service and product in use today relies on some form of encryption for protection, it is important for every organization to begin a program to identify and swap out the old encryption for new quantum-safe algorithms as soon as possible. Remediating the old encryption won’t be simple and it won’t be fast. But it will be worth all the effort.
IBM Quantum Safe greatly simplifies the process of remediating old algorithms, but similar to IBM’s existing quantum roadmap, Quantum Safe is an agile product that follows and improves upon the roadmap along the way. IBM will continue to add features to Quantum Safe while experimenting and working with clients to validate and improve its capabilities.
Paul Smith-Goodson is the Vice President and Principal Analyst for Quantum Computing and Artificial Intelligence at Moor Insights & Strategy. You can follow him on Twitter for current information and insights about Quantum, AI, Electromagnetics, and Space.