Woohoo, the next big thing is here: quantum computing! Much like generative AI and other transformative technologies reshaping our world, it’s quickly becoming one of the hottest buzzwords in tech, and for good reason. If you’re new to encryption on mainframes or just want a quick recap, you’re in the right place. It's important to understand how quantum computing could impact encryption and the security of our systems. As quantum technology advances, there’s an urgent need for greater awareness of its potential effects on our mainframe security.

Entering the Ring: Quantum Computers

Quantum computers have the potential to solve some of the world’s most complex problems in minutes, tasks that would take even the most advanced supercomputers dozens if not thousands of years (we’ll talk about that later). With great power comes great responsibility… and more importantly, great risks, particularly in cybersecurity. With the ability to break traditional encryption, quantum computers could expose sensitive data held by banks, insurance companies, and corporations.

But what makes quantum computers so different? Here's a brief overview: Unlike classical computers like mainframes, which rely on bits and electrical circuits, quantum computers use qubits (quantum bits) that operate based on the laws of physics and light. Basically, this means that while classical computers process either 1s or 0s, one at a time, quantum computers can process 1s, 0s, and any combination of both simultaneously. This lets quantum computers solve problems much faster because they don’t have to tackle them step-by-step like classical computers do. Putting them against each other would be like watching a horse and a McClaren race; both serve their purpose, but they operate on completely different principles. 

With mainframes playing a critical role in managing data and ensuring "zero downtime" (hence the z in z/OS), they’re here to stay for industries worldwide. Yet, their reliance on classical computing principles makes them particularly vulnerable in the era of quantum advancements. So how do mainframes compete with something so fundamentally different? Why should you care?

Standards are Like Lifeguards, They Keep Hackers at Bay!

Because they handle sensitive data, mainframes need strong security measures like access controls, encryption, and regular vulnerability scans. That means they need to follow rules, rules made by experts who study current and future security risks. Organizations like PCI (Payment Card Industry), NIST(National Institute of Standards and Technology), ISO (International Organization for Standardization), and CIS (Center for Internet Security) are well-known for setting these kinds of standards. 

Depending on the type of data, mainframes might use guidelines from multiple sources. Companies that handle card information, like banks and financial institutions, will likely follow standards from PCI or NIST frameworks. On March 31, 2022, the PCI Security Standards Council released PCI DSS version 4.0, the first update since June 2018. They've set a timeline for organizations to switch to the new standards and for the new requirements to become mandatory by 2025. 

Failing to comply could leave systems wide open to hackers. And having vulnerable systems is like leaving a bowl full of candy alone with a bunch of kids. Except for hackers, it’s not just candy; it’s a flashing neon sign that screams, “I have millions of dollars’ worth of data ready to be stolen!”

PCI DSS 4.0 puts a big spotlight on encryption, and as Rob Johns, a mainframe system programmer with 34 years of experience (and a great team mate at Jack Henry), puts it, “The first thing that gets stolen is the cash.” 

If you work with mainframes, you’ve probably been affected by this change in standard, specifically with the implementation of Pervasive Encryption; or practice of encrypting data at rest across all storage locations, applications, and workloads within the mainframe environment. The new standard for encrypting datasets in flight (when data is being sent over networks: internet traffic, e-commerce, financial transactions, etc.) and at rest (when it’s stored: large data repositories, government and health data, etc.) is using AES (Advanced Encryption Standard). AES is a widely used encryption method designed to protect data, and it’s even approved as resistant to future quantum attacks.

How AES Keys Keep Data Locked Tight

AES uses keys, or long strings of numbers that can be 128, 192, or 256 bits long to lock and unlock data (also called Symmetric Keys) . Think of the keys like a secret code needed to scramble and unscramble information. The data is encrypted in 128-bit blocks, which means it processes chunks of information that are 128 bits long at a time.

What makes AES so secure is the sheer size of these keys. Breaking AES would require trying every possible key until you find the right one—a process called brute force. For a 256-bit key, that means trying an average of half of 2²⁵⁶ possibilities. To put it into perspective, that’s more than the number of atoms in the observable universe. Simply put, AES is one of the best tools for keeping data secure and safe from even the most advanced threats; so much so, that AES 256-bit keys are the new standard for systems enforced by the PCI DSS 4.0 update.

D-WAVE making moves

In October of 2024, Chinese researchers from Shanghai University published an article stating that D-Wave’s quantum computer, “The Advantage,” had broken an RSA key. They claimed: “Using the D-Wave Advantage, we successfully factored a 22-bit RSA integer, demonstrating the potential for quantum machines to tackle cryptographic problems” (“Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage” - Chinese Journal of Computer).

In reply to this, Prabhjyot Kaur, senior analyst at Everest Group, stated in a CSO article: “The early and widespread use of quantum computers could wreak havoc, enabling new advanced cyberattacks that are impossible using classical computers.” This claim echoes what many others thought about this breakthrough, with articles even going as far as to say that it has the ability to break “military-grade” AES encryption.

Uh oh! We just switched to AES encryption, and now we’re seeing it at risk of breaking? 

Well, here’s why you shouldn’t panic: Honestly, this is all hoopla. If anything, it is only causing fear mongering, or more importantly, simply providing more clicks for their articles.

To start, breaking an RSA 22-bit is still a great breakthrough for the advancement of quantum computing. However, experts are far from worried. In production, nothing below RSA 2048-bit keys is used. That's a whopping 2¹⁹⁹⁸ times more complex. 

Leap QuantiK’s (a Toronto startup with a mission to promote the responsible and ethical adoption and use of quantum computing) advisor and author, Feite Kraay, explains that the researchers at D-WAVE were “able to factor a 50-bit integer using the annealer, but RSA-2048 is based on the difficulty of factoring a 2048-bit integer which is exponentially harder. Annealing is a simulated approach to quantum computing, mostly suitable for solving specific types of optimization problems, and it’s not clear if the method they used can scale up to 2048-bit integers.”

Kraay spotlighted a key-word, annealing. According to D-WAVE’s video “What is Quantum Annealing?” or ‘QA’, it is a method used by certain quantum computers to solve complex problems by finding the best solution through trial and error. This is the method D-WAVE used to break the 22-bit RSA key. It works by exploring different possible answers and gradually settling on the best one , kind of like finding the lowest point in a landscape of hills and valleys. However, while annealing is great for specific types of problems, like finding the best option among many choices (called optimization problems), it's not as useful for something complex like breaking anything over an RSA 2048 key. Quantum annealing will not work for this.

Basically, 22-bit RSA keys are tiny and not used in real-world encryption. Breaking such a key is trivial for classical computers. Even decades ago, classical algorithms could break RSA keys up to 40 bits in seconds. Today, breaking a 512-bit RSA key (much larger but still obsolete) can be done in weeks using modern classical computers.

AES encryption, particularly with 256-bit keys, relies on a completely different principle: brute-forcing every possible key. Quantum annealing has not demonstrated any ability to brute-force AES.

“Let's go halfsies?” Says Grover’s Algorithm

The ETSI group published  that AES “will withstand quantum computer attacks until way after 2050” (ETSI GR QSC 006 V1.1.1 (2017-02), page 4), and that there is no immediate concern for attacks on symmetric keys like there are in asymmetric keys. However, could AES keys be at risk to Grover’s Algorithm (or “GA”)? Well, yes and no.

To summarize, GA is a quantum search algorithm that helps find a specific item in an unsorted database much faster than a regular computer. It “essentially halves the key size”. (Page 8) So, in cryptography, GA makes it easier to “search” for encryption keys by cutting their strength in half. For example, AES-128 (128-bit security) would have only 64 bits of security against a quantum computer.

While this seems to be a great way to break a key, the current state of quantum computers makes it to where we’re a long way in accomplishing that using GA. A classical computer would take 2^256 tries to break a key, but a quantum computer using GA could do it much “faster” at 2^128 tries. That's still a REALLY long time. 

What about using multiple quantum computers at the same time to break a key (otherwise known as Parallelism)? The ETSI Group states that If someone had billions of quantum computers working together, they could cut the time down even more 2^112 . But here’s the catch: It would be way more expensive, and way more inaccurate. Using more quantum computers means using more qubits. And more qubits means more room for error.

A Qubit’s Biggest Enemy: Decoherence!

Qubits are very nitpicky, they are sensitive to things like temperature, noise, perhaps a gust of wind, and any general interference. Once a qubit interacts too much with its surroundings, it loses quantum mechanical properties, also known as Decoherence. This makes any quantum calculations inaccurate. 

To combat this, Quantum Error Correction (QEC) is used as a method used to fight against decoherence and keep quantum computers stable by using multiple qubits to represent one piece of information, allowing the system to detect and correct errors without losing the data. It's kind of like having backup copies of your work so that if one gets messed up, you can fix it using the others.

QEC is still a long way away in guaranteeing calculation accuracy. Riverlane’s Quantum Error Correction Report estimates that 2028 will be the milestone for reaching million-error-free operations (MegaQuOp) and beyond. In the meantime, “The industry consensus is clear: without QEC, quantum computing will be unable to scale and limited to niche, toy applications. Achieving scalable fault tolerance requires continuous advancements in both hardware and software, with QEC technology at the heart of these efforts.” (Cierra Choucair)

True, but what about the fast-paced advancements being made?

If the details above didn’t completely ease your worries about quantum computers hacking our modern encrypted systems, that’s understandable. In IBM Technology’s YouTube video “Why Your Encryption Isn’t Safe” uploaded last year in 2023, they stated that “experts predicted a 1 in 7 chance of quantum computers breaking an asymmetric key by 2026.” Well, spoiler alert: fast forward to 2024, and we’ve already seen a successful decryption of an asymmetric key. 

At TechXchange, I had a great conversation with an expert at the quantum booth [unfortunately, I forgot to grab his info]. He mentioned that while breaking this particular key isn’t the most groundbreaking feat, he admits that it caught many off guard and came out of left field; which, in its own way, is quite impressive.

Advancements are coming fast, what's to say if symmetric keys are not next? Kraay expanded on this thought, saying “it’s impossible to predict what we’ll be capable of by then. Everything is happening faster than we expect.”

Google’s Willow Quantum Chip: Breaking Records… Not Encryption 

Just this month, Google revealed their new Quantum chip “Willow”, which uses 105 qubits, the most amount of qubits in a quantum chip yet. Their chip “performed a computation in under five minutes that would take one of today’s fastest supercomputers 1025 or 10 septillion years. If you want to write it out, it’s 10,000,000,000,000,000,000,000,000 years.”

Huge milestone! Well, while this sounds groundbreaking, it’s important to put it into context.

Willow’s true achievement lies in its ability to exponentially reduce errors as more qubits are added. This is a huge step forward for quantum error correction, which has been a main obstacle in building scalable quantum systems. 

When I asked Feite Kraay what his thoughts were on Willow, he put it in a nice way: “Think of it kind of like revving the engine of your Porsche with the transmission in neutral. It makes a lot of noise and the engine turns very fast, but you’re not going anywhere.” Essentially, the RCS test isn’t solving real-world problems but rather serves as a benchmark for hardware performance and noise reduction. 

Basically put, AES is safe from Willow. Practical quantum attacks on encryption rely on solving complex algorithms like Shor’s algorithm for factoring, which remains far out of reach. While Willow represents remarkable progress, its abilities are still strictly in the experimental phase and not yet applicable to breaking modern cryptography.

“Harvest Now, Hack Later”

Rob Johns also spotlighted the ‘harvest-now, decrypt-later' strategy, he says: “The thing about the crypto threat is that it isn't time sensitive.  You can copy the encrypted data now and decrypt it later when you have a quantum computer.  This is when hackers steal encrypted data today and save it, planning to crack it later when they have access to quantum computers.”

While AES-256 is strong enough to resist quantum attacks, the way they share that secret key, using older methods like ECDH, could be cracked by a quantum computer in the future. So, if hackers grab that encrypted data now, they might break the key later when more quantum computer advancements are made and available.

Rebook’s “Transitioning to Quantum-Safe Cryptography on IBM Z” demonstrates how the IBM z16s combat this using a “hybrid key exchange”. For example, when you need to share a secret key (like between a store and a bank during a credit card payment), the z16 uses this hybrid key exchange, which means It mixes quantum-safe algorithms, like CRYSTALS-Kyber, with traditional methods like ECDH to make the key-sharing process extra secure. Even if a quantum computer tries to crack it, the key will still be safe.

The z16 also ensures that digital signatures (used to prove who someone is) are quantum-safe. It uses a combination of CRYSTALS-Dilithium and ECDSA to make sure signatures can’t be faked, even by future technology.

On top of that, the z16 has built-in features to protect data no matter where it is:

• Linux on IBM Z protected key encryption: keeps data safe on Linux systems, making sure sensitive information is safe even when it’s being processed in open environments..

• z/OS dataset encryption: protects files stored on the mainframe, ensuring that all data at rest is encrypted. It helps keep your data secure even if someone gains unauthorized access to the storage system..

• Coupling facility encryption: secures data shared between systems, ensuring that even when data is transmitted across systems, it remains secure from potential threats..

• IBM z/VM encryption: ensures virtual machines are locked down, protecting virtualized environments by encrypting the data running within them, so sensitive data stays secure even in multi-tenant environments..

The z16 also offers special tools called APIs (programming shortcuts) to help businesses encrypt their data and manage keys safely. 

Key management tools like ICSF, TKE (Tape Key Encryption), EKMF (Enterprise Key Management Facility), and SKLM (Storage Key Lifecycle Management) help maintain the security of encryption keys, ensuring they are properly activated, deactivated, and destroyed when necessary.

So, whether data is being shared, stored, or signed, the IBM z16 uses the latest protections to stay ahead of quantum threats and keep everything secure. (The key lifecycle, along with the overall encryption process for z/OS will be covered in detail in a future article… If I stop procrastinating on it that is).

NIST New Lattice-Based Algorithms

In August of 2024, NIST finalized new standards to keep encryption strong. They’ve also renamed the algorithms used in these standards to make them more specific. Here’s what each standard does:

1. FIPS 203: This is the main standard for general encryption, which means protecting information sent across public networks. It’s based on the CRYSTALS-Kyber algorithm, now called ML-KEM (Module-Lattice-Based Key-Encapsulation Mechanism). Its small keys make it fast and easy to use for secure communication.

2. FIPS 204: This is the main standard for digital signatures, which are like seals proving someone’s identity. It uses the CRYSTALS-Dilithium algorithm, now called ML-DSA (Module-Lattice-Based Digital Signature Algorithm).

3. FIPS 205: Another standard for digital signatures, but with a different method. It uses the Sphincs+ algorithm, now called SLH-DSA (Stateless Hash-Based Digital Signature Algorithm). This one is a backup in case the main method (ML-DSA) is ever cracked.

4. FIPS 206: This is a draft standard that’s still in the works. It’s built on the FALCON algorithm, which will be called FN-DSA (FFT over NTRU-Lattice-Based Digital Signature Algorithm). It’s also for digital signatures and uses a unique math approach.

With these updates, all it takes is for industries to continue to keep their systems up-to-date with these new encryption standards. 

That’s a Wrap!… For Now

Quantum computing is exciting, but we’re not quite there yet. While it has the potential to change everything, it’s still in its early stages, and the technology is evolving fast. For now, we don’t need to panic about our AES encryption being easily broken, but it’s clear that we need to stay ahead of the game.

Mainframes are still crucial for handling sensitive data, and the standards like PCI DSS 4.0 help make sure we keep things secure, even as quantum technology progresses. As we continue to use encryption methods like AES, we should also be prepared for the future, keeping an eye on developments in quantum-safe cryptography.

The future is fast approaching, but with the right preparation, we can keep our data safe and secure, even in the age of quantum computers. Stay informed, stay secure, and let’s keep moving forward with confidence!

A big "Thank You!" to the following experts who contributed their thoughts:

• Rob Johns (Jack Henry & Associates; Mainframe System Programmer)

• Feite Kraay (Leap Quantik; Strategic Technology Adviser, Speaker, IBM Champion)

Sources:

1. ChatGPT. Used for editing and corrections.

2. D-WAVE. What is Quantum Annealing? [Video]. Available at: https://youtu.be/zvfkXjzzYOo

3. Swain, Gyana. “Chinese Researchers Break RSA Encryption with a Quantum Computer.” CSO Online. Available at: https://www.csoonline.com/article/3562701/chinese-researchers-break-rsa-encryption-with-a-quantum-computer.html

4. “Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage.” Chinese Journal of Computer.

5. Redbooks. Transitioning to Quantum-Safe Cryptography on IBM Z. Available at: https://www.redbooks.ibm.com/redbooks/pdfs/sg248525.pdf

6. Payment Card Industry Data Security Standard Requirements and Testing Procedures Version 4.0.1. PCI Security Standards Council, June 2024. Available at: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf

7. BDO. PCI DSS Version 4.0 Implementation Timeline. Available at: https://www.bdo.com/insights/digital/pci-dss-version-4-0-implementation-timeline

8. Google. Meet Willow, Our State-of-the-Art Quantum Chip. Available at: https://blog.google/technology/research/google-willow-quantum-chip/

9. D-Wave. Your Encryption Isn't Quantum Safe. [Video]. Available at: https://www.youtube.com/watch?v=ecvCfTPRBrI

10. Riverlane’s Quantum Error Correction Report: Defining the Path to Fault-Tolerant Computing and the MegaQuOp Milestone. The Quantum Insider. Available at: https://thequantuminsider.com/2024/10/22/riverlanes-quantum-error-correction-report-defining-the-path-to-fault-tolerant-computing-and-the-megaquop-milestone/

11. NIST. NIST Releases First 3 Finalized Post-Quantum Encryption Standards. Available at: https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards

12. ETSI. Quantum-Safe Cryptography (QSC); Limits to Quantum Computing Applied to Symmetric Key Sizes. Available at: https://www.etsi.org/deliver/etsi_gr/QSC/001_099/006/01.01.01_60/gr_qsc006v010101p.pdf

13. Swain, Gyana. Chinese Researchers Break RSA Encryption with a Quantum Computer. CSO Online. Available at: https://www.csoonline.com/article/3562701/chinese-researchers-break-rsa-encryption-with-a-quantum-computer.html

14. The Brighter Side. For the First Time Ever, Researchers Crack RSA and AES Data Encryption. Available at: https://www.thebrighterside.news/post/for-the-first-time-ever-researchers-crack-rsa-and-aes-data-encryption/