Keeping data safe in a post quantum world

Understanding the quantum computing landscape becomes a whole lot easier when you’ve got experts on hand. Hosted by market analyst firm IDC, representatives from IBM, NIST, and NXP gathered around a virtual roundtable this month to update on the topic of quantum resistant cryptography. Top of the agenda was a discussion on the leading algorithms for keeping today’s data and systems quantum safe. But before we jump ahead too far, it’s worth looking at why quantum computers have become such a big talking point.

Classical computers such as desktop PCs, laptops, phones, and other smart devices, blew the humble calculator out of the water decades ago, as users became empowered to do much more with digital data. And quantum computing could push the envelope even further by helping to solve deeply entangled problems that fox today’s classical machines. Quantum bits, or qubits, pack much more information than classical bits and bring a range of counterintuitive properties to the table. Qubits could be ideal for quickly searching unstructured data, as well as tackling other complex computing tasks.

Combinatorial edge

Rather than crunch through potential solutions in series, quantum-based systems – which leverage interactions that have no classical counterpart – can quickly identify optimal arrangements from large numbers of combinations. Qubits could accelerate the simulation of molecular interactions – for example, to identify new pharmaceutical candidates for drug discovery pipelines, or gather more insight on chemical reactions.

However, the ability of quantum computers to solve hard problems comes with some strings attached. And one of those is quantum computing’s potential to unravel the cryptographic algorithms that are currently keeping our data safe as it passes over the internet. Today, large prime numbers provide the backbone to public key infrastructure. Trying to crack this security using classical computers is reassuringly inefficient. But, as mentioned, quantum processing brings some different properties into play.

Without getting too deep in the weeds, quantum systems – thanks to their ability to carry out phase estimation – can measure tell-tale periodic features that quickly reveal whether a number is prime or non-prime. And once you’ve built such as quantum-based period finding machine, the computing effort required to factor a number stays relatively flat regardless of length. In 2021, researchers from Google and KTH Royal Institute of Technology estimated that the digital security provided by 2048 bit RSA integers could be unpicked in just 8 hours – assuming a quantum computer powered by 20,000 noisy qubits.

To be clear, today’s quantum-based machines are far from hitting such a high specification. But given everything that has been demonstrated on paper (together with early-stage results gathered in the lab), national standards bodies such as NIST in the US have decided, sensibly, to get a head start on finding replacement security candidates. The competition to identify so-called quantum-resistant encryption algorithms was launched in 2016 and, as of the latest announcement in July 2022, has been whittled down to a handful of leading prospects.

Universal defense

In the future, classical computers will operate alongside quantum computers. And to keep data safe, encryption schemes will need to be built around problems that are universally hard to solve, whether using qubits or classical bits. These requirements have directed stakeholders towards an alternative family of cryptography schemes based on mathematical lattices, which have been crafted so that they can be run on any machine. This feature is important because quantum-resistant cryptographic algorithms will need to suit all devices, including embedded solutions that may be more resource-constrained, such as chips found in vehicles or industrial IoT equipment. But these aren’t the only considerations.

Mainframe applications can have a lifetime of 30-40 years, so providers need to have a very long time horizon when it comes to considering security risks. In the roundtable discussion, Michael Osborne – who leads IBM Research’s quantum safe cryptography efforts – commented that lattice based cryptography has been on the radar for a while. Back in 2019, the firm reported that it had built a prototype quantum computing safe tape drive. And the announcement highlights that the first products on the scene will likely feature both conventional and post-quantum encryption schemes, to guard against any unforeseen weaknesses in the deployment of newer security methods. Also of note, is the news that IBM has been investigating lattice methods as a way of engineering so-called fully homomorphic encryption – an appealing technique that allows users to process data without having to first decrypt it.

Next steps

In terms of what happens next, NIST – having announced the algorithms that it plans to standardize – is now busy preparing the documents for public comment. Allowing time for any feedback received to be addressed, the organization expects to publish the finalized quantum resistant standards in 2024. “It’s at that point, people can begin adopting and using those algorithms,” said Dustin Moody, who first became involved in post-quantum cryptography at NIST in 2012. “We want to incentivize people to do it as quickly as they can. But to wait until the standards are published.”

For consumers, there shouldn’t be too much to do beyond keeping their software up to date, as new the algorithms – once agreed and finalized – will be implemented behind the scenes.